diff --git a/barretenberg/cpp/src/barretenberg/dsl/CMakeLists.txt b/barretenberg/cpp/src/barretenberg/dsl/CMakeLists.txt index 1f44c3c2746..b0b43a74775 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/CMakeLists.txt +++ b/barretenberg/cpp/src/barretenberg/dsl/CMakeLists.txt @@ -20,4 +20,4 @@ endif() barretenberg_module( dsl ${DSL_DEPENDENCIES} -) \ No newline at end of file +) diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp index 1cb9bb642bd..dd48e644a22 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp @@ -109,14 +109,6 @@ void build_constraints(Builder& builder, constraint_system.original_opcode_indices.sha256_compression[i]); } - // Add schnorr constraints - for (size_t i = 0; i < constraint_system.schnorr_constraints.size(); ++i) { - const auto& constraint = constraint_system.schnorr_constraints.at(i); - create_schnorr_verify_constraints(builder, constraint); - gate_counter.track_diff(constraint_system.gates_per_opcode, - constraint_system.original_opcode_indices.schnorr_constraints.at(i)); - } - // Add ECDSA k1 constraints for (size_t i = 0; i < constraint_system.ecdsa_k1_constraints.size(); ++i) { const auto& constraint = constraint_system.ecdsa_k1_constraints.at(i); diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp index dba936225f6..8ee23937d8c 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp @@ -22,7 +22,6 @@ #include "poseidon2_constraint.hpp" #include "range_constraint.hpp" #include "recursion_constraint.hpp" -#include "schnorr_verify.hpp" #include "sha256_constraint.hpp" #include #include @@ -41,7 +40,6 @@ struct AcirFormatOriginalOpcodeIndices { std::vector range_constraints; std::vector aes128_constraints; std::vector sha256_compression; - std::vector schnorr_constraints; std::vector ecdsa_k1_constraints; std::vector ecdsa_r1_constraints; std::vector blake2s_constraints; @@ -85,7 +83,6 @@ struct AcirFormat { std::vector range_constraints; std::vector aes128_constraints; std::vector sha256_compression; - std::vector schnorr_constraints; std::vector ecdsa_k1_constraints; std::vector ecdsa_r1_constraints; std::vector blake2s_constraints; @@ -134,7 +131,6 @@ struct AcirFormat { range_constraints, aes128_constraints, sha256_compression, - schnorr_constraints, ecdsa_k1_constraints, ecdsa_r1_constraints, blake2s_constraints, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp index d3fb922732e..87e95cbcd8a 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp @@ -5,7 +5,6 @@ #include "acir_format.hpp" #include "acir_format_mocks.hpp" #include "barretenberg/common/streams.hpp" -#include "barretenberg/crypto/schnorr/schnorr.hpp" #include "barretenberg/plonk/composer/standard_composer.hpp" #include "barretenberg/plonk/composer/ultra_composer.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" @@ -45,7 +44,6 @@ TEST_F(AcirFormatTests, TestASingleConstraintNoPubInputs) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -165,7 +163,6 @@ TEST_F(AcirFormatTests, TestLogicGateFromNoirCircuit) .range_constraints = { range_a, range_b }, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -205,215 +202,6 @@ TEST_F(AcirFormatTests, TestLogicGateFromNoirCircuit) EXPECT_EQ(verifier.verify_proof(proof), true); } -TEST_F(AcirFormatTests, TestSchnorrVerifyPass) -{ - std::vector range_constraints; - std::vector range_opcode_indices; - size_t current_opcode = 0; - for (uint32_t i = 0; i < 10; i++) { - range_constraints.push_back(RangeConstraint{ - .witness = i, - .num_bits = 15, - }); - range_opcode_indices.push_back(current_opcode++); - } - - std::array signature; - for (uint32_t i = 0, value = 12; i < 64; i++, value++) { - signature[i] = value; - range_constraints.push_back(RangeConstraint{ - .witness = value, - .num_bits = 15, - }); - range_opcode_indices.push_back(current_opcode++); - } - - SchnorrConstraint schnorr_constraint{ - .message = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }, - .public_key_x = 10, - .public_key_y = 11, - .result = 76, - .signature = signature, - }; - - AcirFormat constraint_system{ - .varnum = 81, - .num_acir_opcodes = 76, - .public_inputs = {}, - .logic_constraints = {}, - .range_constraints = range_constraints, - .aes128_constraints = {}, - .sha256_compression = {}, - .schnorr_constraints = { schnorr_constraint }, - .ecdsa_k1_constraints = {}, - .ecdsa_r1_constraints = {}, - .blake2s_constraints = {}, - .blake3_constraints = {}, - .keccak_permutations = {}, - .poseidon2_constraints = {}, - .multi_scalar_mul_constraints = {}, - .ec_add_constraints = {}, - .recursion_constraints = {}, - .honk_recursion_constraints = {}, - .avm_recursion_constraints = {}, - .ivc_recursion_constraints = {}, - .bigint_from_le_bytes_constraints = {}, - .bigint_to_le_bytes_constraints = {}, - .bigint_operations = {}, - .assert_equalities = {}, - .poly_triple_constraints = { poly_triple{ - .a = schnorr_constraint.result, - .b = schnorr_constraint.result, - .c = schnorr_constraint.result, - .q_m = 0, - .q_l = 0, - .q_r = 0, - .q_o = 1, - .q_c = fr::neg_one(), - } }, - .quad_constraints = {}, - .big_quad_constraints = {}, - .block_constraints = {}, - .original_opcode_indices = create_empty_original_opcode_indices(), - }; - mock_opcode_indices(constraint_system); - - std::string message_string = "tenletters"; - schnorr_key_pair account; - account.private_key = grumpkin::fr::random_element(); - account.public_key = grumpkin::g1::one * account.private_key; - schnorr_signature signature_raw = - schnorr_construct_signature(message_string, account); - uint256_t pub_x = account.public_key.x; - uint256_t pub_y = account.public_key.y; - WitnessVector witness{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, pub_x, pub_y, 5, 202, 31, 146, - 81, 242, 246, 69, 43, 107, 249, 153, 198, 44, 14, 111, 191, 121, 137, 166, - 160, 103, 18, 181, 243, 233, 226, 95, 67, 16, 37, 128, 85, 76, 19, 253, - 30, 77, 192, 53, 138, 205, 69, 33, 236, 163, 83, 194, 84, 137, 184, 221, - 176, 121, 179, 27, 63, 70, 54, 16, 176, 250, 39, 239, 1, 0, 0, 0 }; - for (size_t i = 0; i < 32; ++i) { - witness[13 + i - 1] = signature_raw.s[i]; - witness[13 + 32 + i - 1] = signature_raw.e[i]; - } - for (size_t i = 0; i < 10; ++i) { - witness[i] = message_string[i]; - } - - auto builder = create_circuit(constraint_system, /*recursive*/ false, /*size_hint*/ 0, witness); - - auto composer = Composer(); - auto prover = composer.create_ultra_with_keccak_prover(builder); - auto proof = prover.construct_proof(); - - auto verifier = composer.create_ultra_with_keccak_verifier(builder); - - EXPECT_EQ(verifier.verify_proof(proof), true); -} - -TEST_F(AcirFormatTests, TestSchnorrVerifySmallRange) -{ - std::vector range_constraints; - std::vector range_opcode_indices; - size_t current_opcode = 0; - - for (uint32_t i = 0; i < 10; i++) { - range_constraints.push_back(RangeConstraint{ - .witness = i, - .num_bits = 8, - }); - range_opcode_indices.push_back(current_opcode++); - } - - std::array signature; - for (uint32_t i = 0, value = 12; i < 64; i++, value++) { - signature[i] = value; - range_constraints.push_back(RangeConstraint{ - .witness = value, - .num_bits = 8, - }); - range_opcode_indices.push_back(current_opcode++); - } - - SchnorrConstraint schnorr_constraint{ - .message = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }, - .public_key_x = 10, - .public_key_y = 11, - .result = 76, - .signature = signature, - }; - AcirFormat constraint_system{ - .varnum = 81, - .num_acir_opcodes = 76, - .public_inputs = {}, - .logic_constraints = {}, - .range_constraints = range_constraints, - .aes128_constraints = {}, - .sha256_compression = {}, - .schnorr_constraints = { schnorr_constraint }, - .ecdsa_k1_constraints = {}, - .ecdsa_r1_constraints = {}, - .blake2s_constraints = {}, - .blake3_constraints = {}, - .keccak_permutations = {}, - .poseidon2_constraints = {}, - .multi_scalar_mul_constraints = {}, - .ec_add_constraints = {}, - .recursion_constraints = {}, - .honk_recursion_constraints = {}, - .avm_recursion_constraints = {}, - .ivc_recursion_constraints = {}, - .bigint_from_le_bytes_constraints = {}, - .bigint_to_le_bytes_constraints = {}, - .bigint_operations = {}, - .assert_equalities = {}, - .poly_triple_constraints = { poly_triple{ - .a = schnorr_constraint.result, - .b = schnorr_constraint.result, - .c = schnorr_constraint.result, - .q_m = 0, - .q_l = 0, - .q_r = 0, - .q_o = 1, - .q_c = fr::neg_one(), - } }, - .quad_constraints = {}, - .big_quad_constraints = {}, - .block_constraints = {}, - .original_opcode_indices = create_empty_original_opcode_indices(), - }; - mock_opcode_indices(constraint_system); - - std::string message_string = "tenletters"; - schnorr_key_pair account; - account.private_key = grumpkin::fr::random_element(); - account.public_key = grumpkin::g1::one * account.private_key; - schnorr_signature signature_raw = - schnorr_construct_signature(message_string, account); - uint256_t pub_x = account.public_key.x; - uint256_t pub_y = account.public_key.y; - WitnessVector witness{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, pub_x, pub_y, 5, 202, 31, 146, - 81, 242, 246, 69, 43, 107, 249, 153, 198, 44, 14, 111, 191, 121, 137, 166, - 160, 103, 18, 181, 243, 233, 226, 95, 67, 16, 37, 128, 85, 76, 19, 253, - 30, 77, 192, 53, 138, 205, 69, 33, 236, 163, 83, 194, 84, 137, 184, 221, - 176, 121, 179, 27, 63, 70, 54, 16, 176, 250, 39, 239, 1, 0, 0, 0 }; - for (size_t i = 0; i < 32; ++i) { - witness[13 + i - 1] = signature_raw.s[i]; - witness[13 + 32 + i - 1] = signature_raw.e[i]; - } - for (size_t i = 0; i < 10; ++i) { - witness[i] = message_string[i]; - } - - // TODO: actually sign a schnorr signature! - auto builder = create_circuit(constraint_system, /*recursive*/ false, /*size_hint*/ 0, witness); - - auto composer = Composer(); - auto prover = composer.create_ultra_with_keccak_prover(builder); - auto proof = prover.construct_proof(); - auto verifier = composer.create_ultra_with_keccak_verifier(builder); - EXPECT_EQ(verifier.verify_proof(proof), true); -} - TEST_F(AcirFormatTests, TestKeccakPermutation) { Keccakf1600 @@ -457,7 +245,6 @@ TEST_F(AcirFormatTests, TestKeccakPermutation) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -530,7 +317,6 @@ TEST_F(AcirFormatTests, TestCollectsGateCounts) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -660,7 +446,6 @@ TEST_F(AcirFormatTests, TestBigAdd) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -695,4 +480,4 @@ TEST_F(AcirFormatTests, TestBigAdd) EXPECT_TRUE(CircuitChecker::check(builder)); auto verifier = composer.create_verifier(builder); EXPECT_EQ(verifier.verify_proof(proof), true); -} \ No newline at end of file +} diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format_mocks.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format_mocks.cpp index fdf5a363532..5799df0835e 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format_mocks.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format_mocks.cpp @@ -7,7 +7,6 @@ acir_format::AcirFormatOriginalOpcodeIndices create_empty_original_opcode_indice .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -45,9 +44,6 @@ void mock_opcode_indices(acir_format::AcirFormat& constraint_system) for (size_t i = 0; i < constraint_system.sha256_compression.size(); i++) { constraint_system.original_opcode_indices.sha256_compression.push_back(current_opcode++); } - for (size_t i = 0; i < constraint_system.schnorr_constraints.size(); i++) { - constraint_system.original_opcode_indices.schnorr_constraints.push_back(current_opcode++); - } for (size_t i = 0; i < constraint_system.ecdsa_k1_constraints.size(); i++) { constraint_system.original_opcode_indices.ecdsa_k1_constraints.push_back(current_opcode++); } diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.cpp index 0a4c292db20..a0d24e70e0b 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.cpp @@ -560,18 +560,6 @@ void handle_blackbox_func_call(Program::Opcode::BlackBoxFuncCall const& arg, af.constrained_witness.insert(output); } af.original_opcode_indices.blake3_constraints.push_back(opcode_index); - } else if constexpr (std::is_same_v) { - auto input_pkey_x = get_witness_from_function_input(arg.public_key_x); - auto input_pkey_y = get_witness_from_function_input(arg.public_key_y); - af.schnorr_constraints.push_back(SchnorrConstraint{ - .message = map(arg.message, [](auto& e) { return get_witness_from_function_input(e); }), - .public_key_x = input_pkey_x, - .public_key_y = input_pkey_y, - .result = arg.output.value, - .signature = map(arg.signature, [](auto& e) { return get_witness_from_function_input(e); }), - }); - af.original_opcode_indices.schnorr_constraints.push_back(opcode_index); - af.constrained_witness.insert(af.schnorr_constraints.back().result); } else if constexpr (std::is_same_v) { af.ecdsa_k1_constraints.push_back(EcdsaSecp256k1Constraint{ .hashed_message = diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/bigint_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/bigint_constraint.test.cpp index fbb07a8bdc1..00021bcbbba 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/bigint_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/bigint_constraint.test.cpp @@ -178,7 +178,6 @@ TEST_F(BigIntTests, TestBigIntConstraintMultiple) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -250,7 +249,6 @@ TEST_F(BigIntTests, TestBigIntConstraintSimple) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -306,7 +304,6 @@ TEST_F(BigIntTests, TestBigIntConstraintReuse) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -367,7 +364,6 @@ TEST_F(BigIntTests, TestBigIntConstraintReuse2) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -449,7 +445,6 @@ TEST_F(BigIntTests, TestBigIntDIV) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp index 571172e6876..6eed50bf027 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp @@ -146,7 +146,7 @@ TEST_F(UltraPlonkRAM, TestBlockConstraint) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -196,7 +196,7 @@ TEST_F(MegaHonk, Databus) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -301,7 +301,7 @@ TEST_F(MegaHonk, DatabusReturn) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp index 8f254c77c0d..a9e08c2eadf 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp @@ -68,7 +68,7 @@ TEST_F(EcOperations, TestECOperations) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -203,7 +203,7 @@ TEST_F(EcOperations, TestECMultiScalarMul) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp index e6a9245a640..9c088a9a9cd 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp @@ -100,7 +100,7 @@ TEST_F(ECDSASecp256k1, TestECDSAConstraintSucceed) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = { ecdsa_k1_constraint }, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -153,7 +153,7 @@ TEST_F(ECDSASecp256k1, TestECDSACompilesForVerifier) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = { ecdsa_k1_constraint }, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -201,7 +201,7 @@ TEST_F(ECDSASecp256k1, TestECDSAConstraintFail) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = { ecdsa_k1_constraint }, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp index 077f51b1bc2..5d46d49e701 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp @@ -134,7 +134,7 @@ TEST(ECDSASecp256r1, test_hardcoded) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = { ecdsa_r1_constraint }, .blake2s_constraints = {}, @@ -189,7 +189,7 @@ TEST(ECDSASecp256r1, TestECDSAConstraintSucceed) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = { ecdsa_r1_constraint }, .blake2s_constraints = {}, @@ -242,7 +242,7 @@ TEST(ECDSASecp256r1, TestECDSACompilesForVerifier) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = { ecdsa_r1_constraint }, .blake2s_constraints = {}, @@ -291,7 +291,7 @@ TEST(ECDSASecp256r1, TestECDSAConstraintFail) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = { ecdsa_r1_constraint }, .blake2s_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.test.cpp index de6005c1942..ced6e1b3877 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.test.cpp @@ -96,7 +96,7 @@ class AcirHonkRecursionConstraint : public ::testing::Test { .range_constraints = { range_a, range_b }, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/multi_scalar_mul.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/multi_scalar_mul.test.cpp index fa8e711d0af..a30a79985b1 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/multi_scalar_mul.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/multi_scalar_mul.test.cpp @@ -68,7 +68,7 @@ TEST_F(MSMTests, TestMSM) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/poseidon2_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/poseidon2_constraint.test.cpp index 6cb0592d9aa..269898e1225 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/poseidon2_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/poseidon2_constraint.test.cpp @@ -48,7 +48,7 @@ TEST_F(Poseidon2Tests, TestPoseidon2Permutation) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp index 0ab9970c65c..e9e8c8ace77 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp @@ -93,7 +93,7 @@ Builder create_inner_circuit() .range_constraints = { range_a, range_b }, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, @@ -255,7 +255,7 @@ Builder create_outer_circuit(std::vector& inner_circuits) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = {}, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.cpp deleted file mode 100644 index e65224b429c..00000000000 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.cpp +++ /dev/null @@ -1,111 +0,0 @@ -#include "schnorr_verify.hpp" -#include "barretenberg/crypto/schnorr/schnorr.hpp" -#include "barretenberg/stdlib/encryption/schnorr/schnorr.hpp" - -namespace acir_format { - -using namespace bb; -using namespace bb::stdlib; - -template -crypto::schnorr_signature convert_signature(Builder& builder, std::array signature) -{ - - crypto::schnorr_signature signature_cr; - - // Get the witness assignment for each witness index - // Write the witness assignment to the byte_array - - for (unsigned int i = 0; i < 32; i++) { - auto witness_index = signature[i]; - - std::vector fr_bytes(sizeof(fr)); - - fr value = builder.get_variable(witness_index); - - fr::serialize_to_buffer(value, &fr_bytes[0]); - - signature_cr.s[i] = fr_bytes.back(); - } - - for (unsigned int i = 32; i < 64; i++) { - auto witness_index = signature[i]; - - std::vector fr_bytes(sizeof(fr)); - - fr value = builder.get_variable(witness_index); - - fr::serialize_to_buffer(value, &fr_bytes[0]); - - signature_cr.e[i - 32] = fr_bytes.back(); - } - - return signature_cr; -} -// vector of bytes here, assumes that the witness indices point to a field element which can be represented -// with just a byte. -// notice that this function truncates each field_element to a byte -template -stdlib::byte_array vector_of_bytes_to_byte_array(Builder& builder, std::vector vector_of_bytes) -{ - using byte_array_ct = stdlib::byte_array; - using field_ct = stdlib::field_t; - - byte_array_ct arr(&builder); - - // Get the witness assignment for each witness index - // Write the witness assignment to the byte_array - for (const auto& witness_index : vector_of_bytes) { - - field_ct element = field_ct::from_witness_index(&builder, witness_index); - size_t num_bytes = 1; - - byte_array_ct element_bytes(element, num_bytes); - arr.write(element_bytes); - } - return arr; -} - -template stdlib::witness_t index_to_witness(Builder& builder, uint32_t index) -{ - fr value = builder.get_variable(index); - return { &builder, value }; -} - -template void create_schnorr_verify_constraints(Builder& builder, const SchnorrConstraint& input) -{ - using witness_ct = stdlib::witness_t; - using cycle_group_ct = stdlib::cycle_group; - using schnorr_signature_bits_ct = stdlib::schnorr_signature_bits; - using bool_ct = stdlib::bool_t; - - auto new_sig = convert_signature(builder, input.signature); - // From ignorance, you will see me convert a bunch of witnesses from ByteArray -> BitArray - // This may not be the most efficient way to do it. It is being used as it is known to work, - // optimizations are welcome! - - // First convert the message of u8 witnesses into a byte_array - // Do this by taking each element as a u8 and writing it to the byte array - - auto message = vector_of_bytes_to_byte_array(builder, input.message); - - fr pubkey_value_x = builder.get_variable(input.public_key_x); - fr pubkey_value_y = builder.get_variable(input.public_key_y); - - cycle_group_ct pub_key{ witness_ct(&builder, pubkey_value_x), witness_ct(&builder, pubkey_value_y), false }; - - schnorr_signature_bits_ct sig = schnorr_convert_signature(&builder, new_sig); - - bool_ct signature_result = schnorr_signature_verification_result(message, pub_key, sig); - - bool_ct signature_result_normalized = signature_result.normalize(); - - builder.assert_equal(signature_result_normalized.witness_index, input.result); -} - -template void create_schnorr_verify_constraints(UltraCircuitBuilder& builder, - const SchnorrConstraint& input); -template void create_schnorr_verify_constraints(MegaCircuitBuilder& builder, - const SchnorrConstraint& input); - -} // namespace acir_format diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.hpp deleted file mode 100644 index b125b3375ab..00000000000 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.hpp +++ /dev/null @@ -1,52 +0,0 @@ -#pragma once -#include "barretenberg/common/serialize.hpp" -#include -#include -#include - -namespace acir_format { - -struct SchnorrConstraint { - // This is just a bunch of bytes - // which need to be interpreted as a string - // Note this must be a bunch of bytes - std::vector message; - - // This is the supposed public key which signed the - // message, giving rise to the signature - uint32_t public_key_x; - uint32_t public_key_y; - - // This is the result of verifying the signature - uint32_t result; - - // This is the computed signature - // - std::array signature; - - friend bool operator==(SchnorrConstraint const& lhs, SchnorrConstraint const& rhs) = default; -}; - -template void create_schnorr_verify_constraints(Builder& builder, const SchnorrConstraint& input); - -template inline void read(B& buf, SchnorrConstraint& constraint) -{ - using serialize::read; - read(buf, constraint.message); - read(buf, constraint.signature); - read(buf, constraint.public_key_x); - read(buf, constraint.public_key_y); - read(buf, constraint.result); -} - -template inline void write(B& buf, SchnorrConstraint const& constraint) -{ - using serialize::write; - write(buf, constraint.message); - write(buf, constraint.signature); - write(buf, constraint.public_key_x); - write(buf, constraint.public_key_y); - write(buf, constraint.result); -} - -} // namespace acir_format diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/serde/acir.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/serde/acir.hpp index e65e5f00f1e..fda8739c9fb 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/serde/acir.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/serde/acir.hpp @@ -318,18 +318,6 @@ struct BlackBoxOp { static EcdsaSecp256r1 bincodeDeserialize(std::vector); }; - struct SchnorrVerify { - Program::MemoryAddress public_key_x; - Program::MemoryAddress public_key_y; - Program::HeapVector message; - Program::HeapVector signature; - Program::MemoryAddress result; - - friend bool operator==(const SchnorrVerify&, const SchnorrVerify&); - std::vector bincodeSerialize() const; - static SchnorrVerify bincodeDeserialize(std::vector); - }; - struct MultiScalarMul { Program::HeapVector points; Program::HeapVector scalars; @@ -450,7 +438,6 @@ struct BlackBoxOp { Keccakf1600, EcdsaSecp256k1, EcdsaSecp256r1, - SchnorrVerify, MultiScalarMul, EmbeddedCurveAdd, BigIntAdd, @@ -855,18 +842,6 @@ struct BlackBoxFuncCall { static Blake3 bincodeDeserialize(std::vector); }; - struct SchnorrVerify { - Program::FunctionInput public_key_x; - Program::FunctionInput public_key_y; - std::array signature; - std::vector message; - Program::Witness output; - - friend bool operator==(const SchnorrVerify&, const SchnorrVerify&); - std::vector bincodeSerialize() const; - static SchnorrVerify bincodeDeserialize(std::vector); - }; - struct EcdsaSecp256k1 { std::array public_key_x; std::array public_key_y; @@ -1017,7 +992,6 @@ struct BlackBoxFuncCall { RANGE, Blake2s, Blake3, - SchnorrVerify, EcdsaSecp256k1, EcdsaSecp256r1, MultiScalarMul, @@ -2818,73 +2792,6 @@ Program::BlackBoxFuncCall::Blake3 serde::Deserializable BlackBoxFuncCall::SchnorrVerify::bincodeSerialize() const -{ - auto serializer = serde::BincodeSerializer(); - serde::Serializable::serialize(*this, serializer); - return std::move(serializer).bytes(); -} - -inline BlackBoxFuncCall::SchnorrVerify BlackBoxFuncCall::SchnorrVerify::bincodeDeserialize(std::vector input) -{ - auto deserializer = serde::BincodeDeserializer(input); - auto value = serde::Deserializable::deserialize(deserializer); - if (deserializer.get_buffer_offset() < input.size()) { - throw_or_abort("Some input bytes were not read"); - } - return value; -} - -} // end of namespace Program - -template <> -template -void serde::Serializable::serialize( - const Program::BlackBoxFuncCall::SchnorrVerify& obj, Serializer& serializer) -{ - serde::Serializable::serialize(obj.public_key_x, serializer); - serde::Serializable::serialize(obj.public_key_y, serializer); - serde::Serializable::serialize(obj.signature, serializer); - serde::Serializable::serialize(obj.message, serializer); - serde::Serializable::serialize(obj.output, serializer); -} - -template <> -template -Program::BlackBoxFuncCall::SchnorrVerify serde::Deserializable::deserialize( - Deserializer& deserializer) -{ - Program::BlackBoxFuncCall::SchnorrVerify obj; - obj.public_key_x = serde::Deserializable::deserialize(deserializer); - obj.public_key_y = serde::Deserializable::deserialize(deserializer); - obj.signature = serde::Deserializable::deserialize(deserializer); - obj.message = serde::Deserializable::deserialize(deserializer); - obj.output = serde::Deserializable::deserialize(deserializer); - return obj; -} - -namespace Program { - inline bool operator==(const BlackBoxFuncCall::EcdsaSecp256k1& lhs, const BlackBoxFuncCall::EcdsaSecp256k1& rhs) { if (!(lhs.public_key_x == rhs.public_key_x)) { @@ -4111,73 +4018,6 @@ Program::BlackBoxOp::EcdsaSecp256r1 serde::Deserializable BlackBoxOp::SchnorrVerify::bincodeSerialize() const -{ - auto serializer = serde::BincodeSerializer(); - serde::Serializable::serialize(*this, serializer); - return std::move(serializer).bytes(); -} - -inline BlackBoxOp::SchnorrVerify BlackBoxOp::SchnorrVerify::bincodeDeserialize(std::vector input) -{ - auto deserializer = serde::BincodeDeserializer(input); - auto value = serde::Deserializable::deserialize(deserializer); - if (deserializer.get_buffer_offset() < input.size()) { - throw_or_abort("Some input bytes were not read"); - } - return value; -} - -} // end of namespace Program - -template <> -template -void serde::Serializable::serialize(const Program::BlackBoxOp::SchnorrVerify& obj, - Serializer& serializer) -{ - serde::Serializable::serialize(obj.public_key_x, serializer); - serde::Serializable::serialize(obj.public_key_y, serializer); - serde::Serializable::serialize(obj.message, serializer); - serde::Serializable::serialize(obj.signature, serializer); - serde::Serializable::serialize(obj.result, serializer); -} - -template <> -template -Program::BlackBoxOp::SchnorrVerify serde::Deserializable::deserialize( - Deserializer& deserializer) -{ - Program::BlackBoxOp::SchnorrVerify obj; - obj.public_key_x = serde::Deserializable::deserialize(deserializer); - obj.public_key_y = serde::Deserializable::deserialize(deserializer); - obj.message = serde::Deserializable::deserialize(deserializer); - obj.signature = serde::Deserializable::deserialize(deserializer); - obj.result = serde::Deserializable::deserialize(deserializer); - return obj; -} - -namespace Program { - inline bool operator==(const BlackBoxOp::MultiScalarMul& lhs, const BlackBoxOp::MultiScalarMul& rhs) { if (!(lhs.points == rhs.points)) { diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.test.cpp index f59dfb8b9b8..6a256234353 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.test.cpp @@ -43,7 +43,7 @@ TEST_F(Sha256Tests, TestSha256Compression) .range_constraints = {}, .aes128_constraints = {}, .sha256_compression = { sha256_compression }, - .schnorr_constraints = {}, + .ecdsa_k1_constraints = {}, .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, diff --git a/noir-projects/noir-contracts/contracts/schnorr_account_contract/src/main.nr b/noir-projects/noir-contracts/contracts/schnorr_account_contract/src/main.nr index 84379b702a1..fdd886d232e 100644 --- a/noir-projects/noir-contracts/contracts/schnorr_account_contract/src/main.nr +++ b/noir-projects/noir-contracts/contracts/schnorr_account_contract/src/main.nr @@ -77,13 +77,13 @@ contract SchnorrAccount { signature[i] = witness[i] as u8; } + let pub_key = std::embedded_curve_ops::EmbeddedCurvePoint { + x: public_key.x, + y: public_key.y, + is_infinite: false, + }; // Verify signature of the payload bytes - std::schnorr::verify_signature( - public_key.x, - public_key.y, - signature, - outer_hash.to_be_bytes::<32>(), - ) + std::schnorr::verify_signature(pub_key, signature, outer_hash.to_be_bytes::<32>()) // docs:end:is_valid_impl } @@ -108,12 +108,13 @@ contract SchnorrAccount { for i in 0..64 { signature[i] = witness[i] as u8; } - let valid_in_private = std::schnorr::verify_signature( - public_key.x, - public_key.y, - signature, - message_hash.to_be_bytes::<32>(), - ); + let pub_key = std::embedded_curve_ops::EmbeddedCurvePoint { + x: public_key.x, + y: public_key.y, + is_infinite: false, + }; + let valid_in_private = + std::schnorr::verify_signature(pub_key, signature, message_hash.to_be_bytes::<32>()); // Compute the nullifier and check if it is spent // This will BLINDLY TRUST the oracle, but the oracle is us, and diff --git a/noir-projects/noir-contracts/contracts/schnorr_hardcoded_account_contract/src/main.nr b/noir-projects/noir-contracts/contracts/schnorr_hardcoded_account_contract/src/main.nr index 1eea24b7356..1bed3b932e7 100644 --- a/noir-projects/noir-contracts/contracts/schnorr_hardcoded_account_contract/src/main.nr +++ b/noir-projects/noir-contracts/contracts/schnorr_hardcoded_account_contract/src/main.nr @@ -12,9 +12,13 @@ contract SchnorrHardcodedAccount { use dep::aztec::prelude::PrivateContext; use dep::aztec::macros::functions::{private, view}; + use std::embedded_curve_ops::EmbeddedCurvePoint; - global public_key_x: Field = 0x16b93f4afae55cab8507baeb8e7ab4de80f5ab1e9e1f5149bf8cd0d375451d90; - global public_key_y: Field = 0x208d44b36eb6e73b254921134d002da1a90b41131024e3b1d721259182106205; + global public_key: EmbeddedCurvePoint = EmbeddedCurvePoint { + x: 0x16b93f4afae55cab8507baeb8e7ab4de80f5ab1e9e1f5149bf8cd0d375451d90, + y: 0x208d44b36eb6e73b254921134d002da1a90b41131024e3b1d721259182106205, + is_infinite: false, + }; // Note: If you globally change the entrypoint signature don't forget to update account_entrypoint.ts #[private] @@ -41,12 +45,7 @@ contract SchnorrHardcodedAccount { } // Verify signature using hardcoded public key - std::schnorr::verify_signature( - public_key_x, - public_key_y, - signature, - outer_hash.to_be_bytes::<32>(), - ) + std::schnorr::verify_signature(public_key, signature, outer_hash.to_be_bytes::<32>()) } // docs:end:is-valid } diff --git a/noir-projects/noir-contracts/contracts/schnorr_single_key_account_contract/src/util.nr b/noir-projects/noir-contracts/contracts/schnorr_single_key_account_contract/src/util.nr index b4abeeff735..a3610085cea 100644 --- a/noir-projects/noir-contracts/contracts/schnorr_single_key_account_contract/src/util.nr +++ b/noir-projects/noir-contracts/contracts/schnorr_single_key_account_contract/src/util.nr @@ -1,16 +1,17 @@ use crate::auth_oracle::AuthWitness; use dep::aztec::prelude::AztecAddress; -use std::schnorr::verify_signature; +use std::{embedded_curve_ops::EmbeddedCurvePoint, schnorr::verify_signature}; pub fn recover_address(message_hash: Field, witness: AuthWitness) -> AztecAddress { let message_bytes: [u8; 32] = message_hash.to_be_bytes(); + let public_key = EmbeddedCurvePoint { + x: witness.keys.ivpk_m.inner.x, + y: witness.keys.ivpk_m.inner.y, + is_infinite: false, + }; + // In a single key account contract we re-used ivpk_m as signing key - let verification = verify_signature( - witness.keys.ivpk_m.inner.x, - witness.keys.ivpk_m.inner.y, - witness.signature, - message_bytes, - ); + let verification = verify_signature(public_key, witness.signature, message_bytes); assert(verification == true); AztecAddress::compute(witness.keys, witness.partial_address) diff --git a/noir/noir-repo/acvm-repo/acir/codegen/acir.cpp b/noir/noir-repo/acvm-repo/acir/codegen/acir.cpp index 2ae9a31d6ca..e94f36535d2 100644 --- a/noir/noir-repo/acvm-repo/acir/codegen/acir.cpp +++ b/noir/noir-repo/acvm-repo/acir/codegen/acir.cpp @@ -318,18 +318,6 @@ namespace Program { static EcdsaSecp256r1 bincodeDeserialize(std::vector); }; - struct SchnorrVerify { - Program::MemoryAddress public_key_x; - Program::MemoryAddress public_key_y; - Program::HeapVector message; - Program::HeapVector signature; - Program::MemoryAddress result; - - friend bool operator==(const SchnorrVerify&, const SchnorrVerify&); - std::vector bincodeSerialize() const; - static SchnorrVerify bincodeDeserialize(std::vector); - }; - struct MultiScalarMul { Program::HeapVector points; Program::HeapVector scalars; @@ -444,7 +432,7 @@ namespace Program { static ToRadix bincodeDeserialize(std::vector); }; - std::variant value; + std::variant value; friend bool operator==(const BlackBoxOp&, const BlackBoxOp&); std::vector bincodeSerialize() const; @@ -817,18 +805,6 @@ namespace Program { static Blake3 bincodeDeserialize(std::vector); }; - struct SchnorrVerify { - Program::FunctionInput public_key_x; - Program::FunctionInput public_key_y; - std::array signature; - std::vector message; - Program::Witness output; - - friend bool operator==(const SchnorrVerify&, const SchnorrVerify&); - std::vector bincodeSerialize() const; - static SchnorrVerify bincodeDeserialize(std::vector); - }; - struct EcdsaSecp256k1 { std::array public_key_x; std::array public_key_y; @@ -973,7 +949,7 @@ namespace Program { static Sha256Compression bincodeDeserialize(std::vector); }; - std::variant value; + std::variant value; friend bool operator==(const BlackBoxFuncCall&, const BlackBoxFuncCall&); std::vector bincodeSerialize() const; @@ -2528,56 +2504,6 @@ Program::BlackBoxFuncCall::Blake3 serde::Deserializable BlackBoxFuncCall::SchnorrVerify::bincodeSerialize() const { - auto serializer = serde::BincodeSerializer(); - serde::Serializable::serialize(*this, serializer); - return std::move(serializer).bytes(); - } - - inline BlackBoxFuncCall::SchnorrVerify BlackBoxFuncCall::SchnorrVerify::bincodeDeserialize(std::vector input) { - auto deserializer = serde::BincodeDeserializer(input); - auto value = serde::Deserializable::deserialize(deserializer); - if (deserializer.get_buffer_offset() < input.size()) { - throw serde::deserialization_error("Some input bytes were not read"); - } - return value; - } - -} // end of namespace Program - -template <> -template -void serde::Serializable::serialize(const Program::BlackBoxFuncCall::SchnorrVerify &obj, Serializer &serializer) { - serde::Serializable::serialize(obj.public_key_x, serializer); - serde::Serializable::serialize(obj.public_key_y, serializer); - serde::Serializable::serialize(obj.signature, serializer); - serde::Serializable::serialize(obj.message, serializer); - serde::Serializable::serialize(obj.output, serializer); -} - -template <> -template -Program::BlackBoxFuncCall::SchnorrVerify serde::Deserializable::deserialize(Deserializer &deserializer) { - Program::BlackBoxFuncCall::SchnorrVerify obj; - obj.public_key_x = serde::Deserializable::deserialize(deserializer); - obj.public_key_y = serde::Deserializable::deserialize(deserializer); - obj.signature = serde::Deserializable::deserialize(deserializer); - obj.message = serde::Deserializable::deserialize(deserializer); - obj.output = serde::Deserializable::deserialize(deserializer); - return obj; -} - namespace Program { inline bool operator==(const BlackBoxFuncCall::EcdsaSecp256k1 &lhs, const BlackBoxFuncCall::EcdsaSecp256k1 &rhs) { @@ -3518,56 +3444,6 @@ Program::BlackBoxOp::EcdsaSecp256r1 serde::Deserializable BlackBoxOp::SchnorrVerify::bincodeSerialize() const { - auto serializer = serde::BincodeSerializer(); - serde::Serializable::serialize(*this, serializer); - return std::move(serializer).bytes(); - } - - inline BlackBoxOp::SchnorrVerify BlackBoxOp::SchnorrVerify::bincodeDeserialize(std::vector input) { - auto deserializer = serde::BincodeDeserializer(input); - auto value = serde::Deserializable::deserialize(deserializer); - if (deserializer.get_buffer_offset() < input.size()) { - throw serde::deserialization_error("Some input bytes were not read"); - } - return value; - } - -} // end of namespace Program - -template <> -template -void serde::Serializable::serialize(const Program::BlackBoxOp::SchnorrVerify &obj, Serializer &serializer) { - serde::Serializable::serialize(obj.public_key_x, serializer); - serde::Serializable::serialize(obj.public_key_y, serializer); - serde::Serializable::serialize(obj.message, serializer); - serde::Serializable::serialize(obj.signature, serializer); - serde::Serializable::serialize(obj.result, serializer); -} - -template <> -template -Program::BlackBoxOp::SchnorrVerify serde::Deserializable::deserialize(Deserializer &deserializer) { - Program::BlackBoxOp::SchnorrVerify obj; - obj.public_key_x = serde::Deserializable::deserialize(deserializer); - obj.public_key_y = serde::Deserializable::deserialize(deserializer); - obj.message = serde::Deserializable::deserialize(deserializer); - obj.signature = serde::Deserializable::deserialize(deserializer); - obj.result = serde::Deserializable::deserialize(deserializer); - return obj; -} - namespace Program { inline bool operator==(const BlackBoxOp::MultiScalarMul &lhs, const BlackBoxOp::MultiScalarMul &rhs) { diff --git a/noir/noir-repo/acvm-repo/acir/src/circuit/black_box_functions.rs b/noir/noir-repo/acvm-repo/acir/src/circuit/black_box_functions.rs index 25842c14dbc..700589d2040 100644 --- a/noir/noir-repo/acvm-repo/acir/src/circuit/black_box_functions.rs +++ b/noir/noir-repo/acvm-repo/acir/src/circuit/black_box_functions.rs @@ -51,29 +51,6 @@ pub enum BlackBoxFunc { /// (witness, 8), constrained to be the blake3 of the inputs. Blake3, - /// Verify a Schnorr signature over the embedded curve - /// - inputs are: - /// - Public key as 2 (witness, 254) - /// - signature as a vector of 64 bytes (witness, 8) - /// - message as a vector of (witness, 8) - /// - output: A witness representing the result of the signature - /// verification; 0 for failure and 1 for success. - /// - /// Since the scalar field of the embedded curve is NOT the ACIR field, the - /// `(r,s)` signature is represented as a 64 bytes array for the two field - /// elements. On the other hand, the public key coordinates are ACIR fields. - /// The proving system decides how the message is to be hashed. Barretenberg - /// uses Blake2s. - /// - /// Verifies a Schnorr signature over a curve which is "pairing friendly" - /// with the curve on which the ACIR circuit is defined. - /// - /// The exact curve which this signature uses will vary based on the curve - /// being used by ACIR. For example, the BN254 curve supports Schnorr - /// signatures over the [Grumpkin][grumpkin] curve. - /// - /// [grumpkin]: https://hackmd.io/@aztec-network/ByzgNxBfd#2-Grumpkin---A-curve-on-top-of-BN-254-for-SNARK-efficient-group-operations - SchnorrVerify, /// Verifies a ECDSA signature over the secp256k1 curve. /// - inputs: /// - x coordinate of public key as 32 bytes @@ -81,11 +58,6 @@ pub enum BlackBoxFunc { /// - the signature, as a 64 bytes array /// - the hash of the message, as a vector of bytes /// - output: 0 for failure and 1 for success - /// - /// Inputs and outputs are similar to SchnorrVerify, except that because we - /// use a different curve (secp256k1), the field elements involved in the - /// signature and the public key are defined as an array of 32 bytes. - /// Another difference is that we assume the message is already hashed. EcdsaSecp256k1, /// Verifies a ECDSA signature over the secp256r1 curve. @@ -196,7 +168,6 @@ impl BlackBoxFunc { pub fn name(&self) -> &'static str { match self { BlackBoxFunc::AES128Encrypt => "aes128_encrypt", - BlackBoxFunc::SchnorrVerify => "schnorr_verify", BlackBoxFunc::Blake2s => "blake2s", BlackBoxFunc::Blake3 => "blake3", BlackBoxFunc::EcdsaSecp256k1 => "ecdsa_secp256k1", @@ -222,7 +193,6 @@ impl BlackBoxFunc { pub fn lookup(op_name: &str) -> Option { match op_name { "aes128_encrypt" => Some(BlackBoxFunc::AES128Encrypt), - "schnorr_verify" => Some(BlackBoxFunc::SchnorrVerify), "blake2s" => Some(BlackBoxFunc::Blake2s), "blake3" => Some(BlackBoxFunc::Blake3), "ecdsa_secp256k1" => Some(BlackBoxFunc::EcdsaSecp256k1), diff --git a/noir/noir-repo/acvm-repo/acir/src/circuit/mod.rs b/noir/noir-repo/acvm-repo/acir/src/circuit/mod.rs index 33982065c2a..6282a33af6b 100644 --- a/noir/noir-repo/acvm-repo/acir/src/circuit/mod.rs +++ b/noir/noir-repo/acvm-repo/acir/src/circuit/mod.rs @@ -406,29 +406,12 @@ mod tests { Opcode::BlackBoxFuncCall(BlackBoxFuncCall::Keccakf1600 { inputs, outputs }) } - fn schnorr_verify_opcode() -> Opcode { - let public_key_x = FunctionInput::witness(Witness(1), FieldElement::max_num_bits()); - let public_key_y = FunctionInput::witness(Witness(2), FieldElement::max_num_bits()); - let signature: Box<[FunctionInput; 64]> = - Box::new(std::array::from_fn(|i| FunctionInput::witness(Witness(i as u32 + 3), 8))); - let message: Vec> = vec![FunctionInput::witness(Witness(67), 8)]; - let output = Witness(68); - - Opcode::BlackBoxFuncCall(BlackBoxFuncCall::SchnorrVerify { - public_key_x, - public_key_y, - signature, - message, - output, - }) - } - #[test] fn serialization_roundtrip() { let circuit = Circuit { current_witness_index: 5, expression_width: ExpressionWidth::Unbounded, - opcodes: vec![and_opcode::(), range_opcode(), schnorr_verify_opcode()], + opcodes: vec![and_opcode::(), range_opcode()], private_parameters: BTreeSet::new(), public_parameters: PublicInputs(BTreeSet::from_iter(vec![Witness(2), Witness(12)])), return_values: PublicInputs(BTreeSet::from_iter(vec![Witness(4), Witness(12)])), @@ -462,7 +445,6 @@ mod tests { range_opcode(), and_opcode(), keccakf1600_opcode(), - schnorr_verify_opcode(), ], private_parameters: BTreeSet::new(), public_parameters: PublicInputs(BTreeSet::from_iter(vec![Witness(2)])), diff --git a/noir/noir-repo/acvm-repo/acir/src/circuit/opcodes/black_box_function_call.rs b/noir/noir-repo/acvm-repo/acir/src/circuit/opcodes/black_box_function_call.rs index fa51caf5155..dfdf9616306 100644 --- a/noir/noir-repo/acvm-repo/acir/src/circuit/opcodes/black_box_function_call.rs +++ b/noir/noir-repo/acvm-repo/acir/src/circuit/opcodes/black_box_function_call.rs @@ -108,17 +108,6 @@ pub enum BlackBoxFuncCall { inputs: Vec>, outputs: Box<[Witness; 32]>, }, - SchnorrVerify { - public_key_x: FunctionInput, - public_key_y: FunctionInput, - #[serde( - serialize_with = "serialize_big_array", - deserialize_with = "deserialize_big_array_into_box" - )] - signature: Box<[FunctionInput; 64]>, - message: Vec>, - output: Witness, - }, EcdsaSecp256k1 { public_key_x: Box<[FunctionInput; 32]>, public_key_y: Box<[FunctionInput; 32]>, @@ -234,7 +223,6 @@ impl BlackBoxFuncCall { BlackBoxFuncCall::RANGE { .. } => BlackBoxFunc::RANGE, BlackBoxFuncCall::Blake2s { .. } => BlackBoxFunc::Blake2s, BlackBoxFuncCall::Blake3 { .. } => BlackBoxFunc::Blake3, - BlackBoxFuncCall::SchnorrVerify { .. } => BlackBoxFunc::SchnorrVerify, BlackBoxFuncCall::EcdsaSecp256k1 { .. } => BlackBoxFunc::EcdsaSecp256k1, BlackBoxFuncCall::EcdsaSecp256r1 { .. } => BlackBoxFunc::EcdsaSecp256r1, BlackBoxFuncCall::MultiScalarMul { .. } => BlackBoxFunc::MultiScalarMul, @@ -288,21 +276,6 @@ impl BlackBoxFuncCall { vec![input1[0], input1[1], input2[0], input2[1]] } BlackBoxFuncCall::RANGE { input } => vec![*input], - BlackBoxFuncCall::SchnorrVerify { - public_key_x, - public_key_y, - signature, - message, - .. - } => { - let mut inputs: Vec> = - Vec::with_capacity(2 + signature.len() + message.len()); - inputs.push(*public_key_x); - inputs.push(*public_key_y); - inputs.extend(signature.iter().copied()); - inputs.extend(message.iter().copied()); - inputs - } BlackBoxFuncCall::EcdsaSecp256k1 { public_key_x, public_key_y, @@ -372,7 +345,6 @@ impl BlackBoxFuncCall { BlackBoxFuncCall::AND { output, .. } | BlackBoxFuncCall::XOR { output, .. } - | BlackBoxFuncCall::SchnorrVerify { output, .. } | BlackBoxFuncCall::EcdsaSecp256k1 { output, .. } | BlackBoxFuncCall::EcdsaSecp256r1 { output, .. } => vec![*output], BlackBoxFuncCall::MultiScalarMul { outputs, .. } @@ -525,22 +497,6 @@ mod tests { Opcode::BlackBoxFuncCall(BlackBoxFuncCall::Keccakf1600 { inputs, outputs }) } - fn schnorr_verify_opcode() -> Opcode { - let public_key_x = FunctionInput::witness(Witness(1), FieldElement::max_num_bits()); - let public_key_y = FunctionInput::witness(Witness(2), FieldElement::max_num_bits()); - let signature: Box<[FunctionInput; 64]> = - Box::new(std::array::from_fn(|i| FunctionInput::witness(Witness(i as u32 + 3), 8))); - let message: Vec> = vec![FunctionInput::witness(Witness(67), 8)]; - let output = Witness(68); - - Opcode::BlackBoxFuncCall(BlackBoxFuncCall::SchnorrVerify { - public_key_x, - public_key_y, - signature, - message, - output, - }) - } #[test] fn keccakf1600_serialization_roundtrip() { @@ -549,12 +505,4 @@ mod tests { let recovered_opcode = bincode::deserialize(&buf).unwrap(); assert_eq!(opcode, recovered_opcode); } - - #[test] - fn schnorr_serialization_roundtrip() { - let opcode = schnorr_verify_opcode::(); - let buf = bincode::serialize(&opcode).unwrap(); - let recovered_opcode = bincode::deserialize(&buf).unwrap(); - assert_eq!(opcode, recovered_opcode); - } } diff --git a/noir/noir-repo/acvm-repo/acir/tests/test_program_serialization.rs b/noir/noir-repo/acvm-repo/acir/tests/test_program_serialization.rs index 002bad0e7f3..305d94abcee 100644 --- a/noir/noir-repo/acvm-repo/acir/tests/test_program_serialization.rs +++ b/noir/noir-repo/acvm-repo/acir/tests/test_program_serialization.rs @@ -93,67 +93,10 @@ fn multi_scalar_mul_circuit() { let bytes = Program::serialize_program(&program); let expected_serialization: Vec = vec![ - 31, 139, 8, 0, 0, 0, 0, 0, 0, 255, 93, 77, 9, 10, 0, 32, 8, 243, 236, 248, 255, 127, 35, - 163, 5, 35, 97, 184, 205, 169, 42, 183, 102, 65, 193, 21, 218, 73, 31, 44, 116, 35, 238, - 228, 189, 108, 208, 60, 193, 91, 161, 23, 6, 114, 73, 121, 195, 157, 32, 95, 232, 255, 191, - 203, 181, 1, 243, 231, 24, 106, 192, 0, 0, 0, - ]; - - assert_eq!(bytes, expected_serialization) -} - -#[test] -fn schnorr_verify_circuit() { - let public_key_x = FunctionInput::witness(Witness(1), FieldElement::max_num_bits()); - let public_key_y = FunctionInput::witness(Witness(2), FieldElement::max_num_bits()); - let signature: [FunctionInput; 64] = (3..(3 + 64)) - .map(|i| FunctionInput::witness(Witness(i), 8)) - .collect::>() - .try_into() - .unwrap(); - let message = - ((3 + 64)..(3 + 64 + 10)).map(|i| FunctionInput::witness(Witness(i), 8)).collect(); - let output = Witness(3 + 64 + 10); - let last_input = output.witness_index() - 1; - - let schnorr = Opcode::BlackBoxFuncCall(BlackBoxFuncCall::SchnorrVerify { - public_key_x, - public_key_y, - signature: Box::new(signature), - message, - output, - }); - - let circuit: Circuit = Circuit { - current_witness_index: 100, - opcodes: vec![schnorr], - private_parameters: BTreeSet::from_iter((1..=last_input).map(Witness)), - return_values: PublicInputs(BTreeSet::from([output])), - ..Circuit::default() - }; - let program = Program { functions: vec![circuit], unconstrained_functions: vec![] }; - - let bytes = Program::serialize_program(&program); - - let expected_serialization: Vec = vec![ - 31, 139, 8, 0, 0, 0, 0, 0, 0, 255, 77, 211, 103, 78, 2, 81, 24, 70, 225, 193, 130, 96, 239, - 189, 96, 239, 189, 35, 34, 34, 34, 82, 118, 193, 254, 151, 64, 224, 132, 111, 146, 67, 50, - 153, 39, 250, 3, 114, 239, 121, 51, 201, 240, 211, 29, 60, 153, 48, 239, 108, 188, 121, - 122, 241, 30, 145, 71, 7, 79, 46, 60, 38, 143, 203, 89, 121, 66, 206, 201, 121, 121, 82, - 158, 146, 167, 229, 25, 121, 86, 158, 147, 231, 229, 5, 121, 81, 94, 146, 151, 229, 21, - 121, 85, 94, 147, 215, 229, 13, 121, 83, 222, 146, 183, 229, 29, 121, 87, 222, 147, 11, - 242, 190, 124, 32, 31, 202, 71, 242, 177, 124, 34, 159, 202, 103, 242, 185, 124, 33, 95, - 202, 87, 242, 181, 124, 35, 223, 202, 119, 242, 189, 252, 32, 63, 202, 79, 242, 179, 252, - 34, 191, 202, 111, 242, 187, 92, 148, 63, 228, 146, 252, 41, 151, 229, 47, 185, 34, 127, - 203, 213, 48, 157, 38, 241, 183, 31, 253, 191, 38, 255, 202, 117, 249, 79, 110, 200, 255, - 114, 83, 110, 201, 237, 112, 39, 190, 191, 173, 223, 193, 54, 217, 36, 91, 100, 131, 108, - 47, 221, 92, 62, 126, 51, 155, 98, 75, 108, 136, 237, 176, 25, 182, 194, 70, 216, 6, 155, - 96, 11, 108, 128, 246, 105, 158, 214, 105, 156, 182, 105, 154, 150, 105, 152, 118, 105, - 182, 144, 12, 27, 165, 77, 154, 164, 69, 26, 164, 61, 154, 163, 53, 26, 163, 45, 154, 162, - 37, 26, 162, 29, 154, 161, 21, 26, 161, 13, 154, 160, 5, 26, 224, 238, 185, 115, 238, 154, - 59, 46, 198, 157, 150, 226, 14, 203, 113, 103, 149, 184, 163, 106, 220, 69, 45, 206, 190, - 30, 103, 221, 136, 179, 109, 198, 89, 166, 103, 150, 158, 91, 162, 243, 244, 167, 15, 14, - 161, 226, 6, 24, 5, 0, 0, + 31, 139, 8, 0, 0, 0, 0, 0, 0, 255, 93, 77, 9, 10, 0, 48, 8, 114, 107, 231, 255, 255, 59, + 86, 204, 64, 22, 136, 102, 89, 5, 175, 182, 163, 80, 7, 47, 135, 73, 31, 56, 228, 42, 218, + 196, 203, 221, 38, 243, 78, 61, 28, 147, 119, 65, 31, 146, 53, 230, 210, 135, 252, 255, + 179, 90, 23, 212, 196, 199, 187, 192, 0, 0, 0, ]; assert_eq!(bytes, expected_serialization) diff --git a/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/mod.rs b/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/mod.rs index c3b1627ba65..5137b18179b 100644 --- a/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/mod.rs +++ b/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/mod.rs @@ -27,10 +27,7 @@ use embedded_curve_ops::{embedded_curve_add, multi_scalar_mul}; use hash::{solve_generic_256_hash_opcode, solve_sha_256_permutation_opcode}; use logic::{and, xor}; pub(crate) use range::solve_range_opcode; -use signature::{ - ecdsa::{secp256k1_prehashed, secp256r1_prehashed}, - schnorr::schnorr_verify, -}; +use signature::ecdsa::{secp256k1_prehashed, secp256r1_prehashed}; /// Check if all of the inputs to the function have assignments /// @@ -103,21 +100,6 @@ pub(crate) fn solve( } Ok(()) } - BlackBoxFuncCall::SchnorrVerify { - public_key_x, - public_key_y, - signature, - message, - output, - } => schnorr_verify( - backend, - initial_witness, - *public_key_x, - *public_key_y, - signature.as_ref(), - message, - *output, - ), BlackBoxFuncCall::EcdsaSecp256k1 { public_key_x, public_key_y, diff --git a/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/signature/mod.rs b/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/signature/mod.rs index 0cfb96740b8..b36ff499c6a 100644 --- a/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/signature/mod.rs +++ b/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/signature/mod.rs @@ -1,2 +1 @@ pub(super) mod ecdsa; -pub(super) mod schnorr; diff --git a/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/signature/schnorr.rs b/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/signature/schnorr.rs deleted file mode 100644 index a856303d065..00000000000 --- a/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/signature/schnorr.rs +++ /dev/null @@ -1,36 +0,0 @@ -use crate::{ - pwg::{ - blackbox::utils::{to_u8_array, to_u8_vec}, - input_to_value, insert_value, OpcodeResolutionError, - }, - BlackBoxFunctionSolver, -}; -use acir::{ - circuit::opcodes::FunctionInput, - native_types::{Witness, WitnessMap}, - AcirField, -}; - -#[allow(clippy::too_many_arguments)] -pub(crate) fn schnorr_verify( - backend: &impl BlackBoxFunctionSolver, - initial_witness: &mut WitnessMap, - public_key_x: FunctionInput, - public_key_y: FunctionInput, - signature: &[FunctionInput; 64], - message: &[FunctionInput], - output: Witness, -) -> Result<(), OpcodeResolutionError> { - let public_key_x: &F = &input_to_value(initial_witness, public_key_x, false)?; - let public_key_y: &F = &input_to_value(initial_witness, public_key_y, false)?; - - let signature = to_u8_array(initial_witness, signature)?; - let message = to_u8_vec(initial_witness, message)?; - - let valid_signature = - backend.schnorr_verify(public_key_x, public_key_y, &signature, &message)?; - - insert_value(&output, F::from(valid_signature), initial_witness)?; - - Ok(()) -} diff --git a/noir/noir-repo/acvm-repo/acvm_js/test/browser/execute_circuit.test.ts b/noir/noir-repo/acvm-repo/acvm_js/test/browser/execute_circuit.test.ts index aaa82f8f1e5..4d8f0acbd38 100644 --- a/noir/noir-repo/acvm-repo/acvm_js/test/browser/execute_circuit.test.ts +++ b/noir/noir-repo/acvm-repo/acvm_js/test/browser/execute_circuit.test.ts @@ -85,16 +85,6 @@ it('successfully executes a MultiScalarMul opcode', async () => { expect(solvedWitness).to.be.deep.eq(expectedWitnessMap); }); -it('successfully executes a SchnorrVerify opcode', async () => { - const { bytecode, initialWitnessMap, expectedWitnessMap } = await import('../shared/schnorr_verify'); - - const solvedWitness: WitnessMap = await executeCircuit(bytecode, initialWitnessMap, () => { - throw Error('unexpected oracle'); - }); - - expect(solvedWitness).to.be.deep.eq(expectedWitnessMap); -}); - it('successfully executes a MemoryOp opcode', async () => { const { bytecode, initialWitnessMap, expectedWitnessMap } = await import('../shared/memory_op'); diff --git a/noir/noir-repo/acvm-repo/acvm_js/test/node/execute_circuit.test.ts b/noir/noir-repo/acvm-repo/acvm_js/test/node/execute_circuit.test.ts index 120ad0fa738..67f7de2129c 100644 --- a/noir/noir-repo/acvm-repo/acvm_js/test/node/execute_circuit.test.ts +++ b/noir/noir-repo/acvm-repo/acvm_js/test/node/execute_circuit.test.ts @@ -86,16 +86,6 @@ it('successfully executes a MultiScalarMul opcode', async () => { expect(solvedWitness).to.be.deep.eq(expectedWitnessMap); }); -it('successfully executes a SchnorrVerify opcode', async () => { - const { bytecode, initialWitnessMap, expectedWitnessMap } = await import('../shared/schnorr_verify'); - - const solvedWitness: WitnessMap = await executeCircuit(bytecode, initialWitnessMap, () => { - throw Error('unexpected oracle'); - }); - - expect(solvedWitness).to.be.deep.eq(expectedWitnessMap); -}); - it('successfully executes a MemoryOp opcode', async () => { const { bytecode, initialWitnessMap, expectedWitnessMap } = await import('../shared/memory_op'); diff --git a/noir/noir-repo/acvm-repo/acvm_js/test/shared/multi_scalar_mul.ts b/noir/noir-repo/acvm-repo/acvm_js/test/shared/multi_scalar_mul.ts index 3ec589dd0c8..fac77e4ee27 100644 --- a/noir/noir-repo/acvm-repo/acvm_js/test/shared/multi_scalar_mul.ts +++ b/noir/noir-repo/acvm-repo/acvm_js/test/shared/multi_scalar_mul.ts @@ -1,8 +1,8 @@ // See `multi_scalar_mul_circuit` integration test in `acir/tests/test_program_serialization.rs`. export const bytecode = Uint8Array.from([ - 31, 139, 8, 0, 0, 0, 0, 0, 0, 255, 93, 77, 9, 10, 0, 32, 8, 243, 236, 248, 255, 127, 35, 163, 5, 35, 97, 184, 205, - 169, 42, 183, 102, 65, 193, 21, 218, 73, 31, 44, 116, 35, 238, 228, 189, 108, 208, 60, 193, 91, 161, 23, 6, 114, 73, - 121, 195, 157, 32, 95, 232, 255, 191, 203, 181, 1, 243, 231, 24, 106, 192, 0, 0, 0, + 31, 139, 8, 0, 0, 0, 0, 0, 0, 255, 93, 77, 9, 10, 0, 48, 8, 114, 107, 231, 255, 255, 59, 86, 204, 64, 22, 136, 102, + 89, 5, 175, 182, 163, 80, 7, 47, 135, 73, 31, 56, 228, 42, 218, 196, 203, 221, 38, 243, 78, 61, 28, 147, 119, 65, 31, + 146, 53, 230, 210, 135, 252, 255, 179, 90, 23, 212, 196, 199, 187, 192, 0, 0, 0, ]); export const initialWitnessMap = new Map([ [1, '0x0000000000000000000000000000000000000000000000000000000000000001'], diff --git a/noir/noir-repo/acvm-repo/acvm_js/test/shared/schnorr_verify.ts b/noir/noir-repo/acvm-repo/acvm_js/test/shared/schnorr_verify.ts deleted file mode 100644 index d2df63a8ddb..00000000000 --- a/noir/noir-repo/acvm-repo/acvm_js/test/shared/schnorr_verify.ts +++ /dev/null @@ -1,101 +0,0 @@ -// See `schnorr_verify_circuit` integration test in `acir/tests/test_program_serialization.rs`. -export const bytecode = Uint8Array.from([ - 31, 139, 8, 0, 0, 0, 0, 0, 0, 255, 77, 211, 103, 78, 2, 81, 24, 70, 225, 193, 130, 96, 239, 189, 96, 239, 189, 35, 34, - 34, 34, 82, 118, 193, 254, 151, 64, 224, 132, 111, 146, 67, 50, 153, 39, 250, 3, 114, 239, 121, 51, 201, 240, 211, 29, - 60, 153, 48, 239, 108, 188, 121, 122, 241, 30, 145, 71, 7, 79, 46, 60, 38, 143, 203, 89, 121, 66, 206, 201, 121, 121, - 82, 158, 146, 167, 229, 25, 121, 86, 158, 147, 231, 229, 5, 121, 81, 94, 146, 151, 229, 21, 121, 85, 94, 147, 215, - 229, 13, 121, 83, 222, 146, 183, 229, 29, 121, 87, 222, 147, 11, 242, 190, 124, 32, 31, 202, 71, 242, 177, 124, 34, - 159, 202, 103, 242, 185, 124, 33, 95, 202, 87, 242, 181, 124, 35, 223, 202, 119, 242, 189, 252, 32, 63, 202, 79, 242, - 179, 252, 34, 191, 202, 111, 242, 187, 92, 148, 63, 228, 146, 252, 41, 151, 229, 47, 185, 34, 127, 203, 213, 48, 157, - 38, 241, 183, 31, 253, 191, 38, 255, 202, 117, 249, 79, 110, 200, 255, 114, 83, 110, 201, 237, 112, 39, 190, 191, 173, - 223, 193, 54, 217, 36, 91, 100, 131, 108, 47, 221, 92, 62, 126, 51, 155, 98, 75, 108, 136, 237, 176, 25, 182, 194, 70, - 216, 6, 155, 96, 11, 108, 128, 246, 105, 158, 214, 105, 156, 182, 105, 154, 150, 105, 152, 118, 105, 182, 144, 12, 27, - 165, 77, 154, 164, 69, 26, 164, 61, 154, 163, 53, 26, 163, 45, 154, 162, 37, 26, 162, 29, 154, 161, 21, 26, 161, 13, - 154, 160, 5, 26, 224, 238, 185, 115, 238, 154, 59, 46, 198, 157, 150, 226, 14, 203, 113, 103, 149, 184, 163, 106, 220, - 69, 45, 206, 190, 30, 103, 221, 136, 179, 109, 198, 89, 166, 103, 150, 158, 91, 162, 243, 244, 167, 15, 14, 161, 226, - 6, 24, 5, 0, 0, -]); - -export const initialWitnessMap = new Map([ - [1, '0x04b260954662e97f00cab9adb773a259097f7a274b83b113532bce27fa3fb96a'], - [2, '0x2fd51571db6c08666b0edfbfbc57d432068bccd0110a39b166ab243da0037197'], - [3, '0x000000000000000000000000000000000000000000000000000000000000002e'], - [4, '0x00000000000000000000000000000000000000000000000000000000000000ce'], - [5, '0x0000000000000000000000000000000000000000000000000000000000000052'], - [6, '0x00000000000000000000000000000000000000000000000000000000000000aa'], - [7, '0x0000000000000000000000000000000000000000000000000000000000000087'], - [8, '0x000000000000000000000000000000000000000000000000000000000000002a'], - [9, '0x0000000000000000000000000000000000000000000000000000000000000049'], - [10, '0x000000000000000000000000000000000000000000000000000000000000009d'], - [11, '0x0000000000000000000000000000000000000000000000000000000000000050'], - [12, '0x000000000000000000000000000000000000000000000000000000000000007c'], - [13, '0x000000000000000000000000000000000000000000000000000000000000009a'], - [14, '0x00000000000000000000000000000000000000000000000000000000000000aa'], - [15, '0x00000000000000000000000000000000000000000000000000000000000000df'], - [16, '0x0000000000000000000000000000000000000000000000000000000000000023'], - [17, '0x0000000000000000000000000000000000000000000000000000000000000034'], - [18, '0x0000000000000000000000000000000000000000000000000000000000000010'], - [19, '0x000000000000000000000000000000000000000000000000000000000000008a'], - [20, '0x0000000000000000000000000000000000000000000000000000000000000047'], - [21, '0x0000000000000000000000000000000000000000000000000000000000000063'], - [22, '0x00000000000000000000000000000000000000000000000000000000000000e8'], - [23, '0x0000000000000000000000000000000000000000000000000000000000000037'], - [24, '0x0000000000000000000000000000000000000000000000000000000000000054'], - [25, '0x0000000000000000000000000000000000000000000000000000000000000096'], - [26, '0x000000000000000000000000000000000000000000000000000000000000003e'], - [27, '0x00000000000000000000000000000000000000000000000000000000000000d5'], - [28, '0x00000000000000000000000000000000000000000000000000000000000000ae'], - [29, '0x0000000000000000000000000000000000000000000000000000000000000024'], - [30, '0x000000000000000000000000000000000000000000000000000000000000002d'], - [31, '0x0000000000000000000000000000000000000000000000000000000000000020'], - [32, '0x0000000000000000000000000000000000000000000000000000000000000080'], - [33, '0x000000000000000000000000000000000000000000000000000000000000004d'], - [34, '0x0000000000000000000000000000000000000000000000000000000000000047'], - [35, '0x00000000000000000000000000000000000000000000000000000000000000a5'], - [36, '0x00000000000000000000000000000000000000000000000000000000000000bb'], - [37, '0x00000000000000000000000000000000000000000000000000000000000000f6'], - [38, '0x00000000000000000000000000000000000000000000000000000000000000c3'], - [39, '0x000000000000000000000000000000000000000000000000000000000000000b'], - [40, '0x000000000000000000000000000000000000000000000000000000000000003b'], - [41, '0x0000000000000000000000000000000000000000000000000000000000000065'], - [42, '0x00000000000000000000000000000000000000000000000000000000000000c9'], - [43, '0x0000000000000000000000000000000000000000000000000000000000000001'], - [44, '0x0000000000000000000000000000000000000000000000000000000000000085'], - [45, '0x0000000000000000000000000000000000000000000000000000000000000006'], - [46, '0x000000000000000000000000000000000000000000000000000000000000009e'], - [47, '0x000000000000000000000000000000000000000000000000000000000000002f'], - [48, '0x0000000000000000000000000000000000000000000000000000000000000010'], - [49, '0x00000000000000000000000000000000000000000000000000000000000000e6'], - [50, '0x0000000000000000000000000000000000000000000000000000000000000030'], - [51, '0x000000000000000000000000000000000000000000000000000000000000004a'], - [52, '0x0000000000000000000000000000000000000000000000000000000000000018'], - [53, '0x000000000000000000000000000000000000000000000000000000000000007c'], - [54, '0x00000000000000000000000000000000000000000000000000000000000000d0'], - [55, '0x00000000000000000000000000000000000000000000000000000000000000ab'], - [56, '0x0000000000000000000000000000000000000000000000000000000000000031'], - [57, '0x00000000000000000000000000000000000000000000000000000000000000d5'], - [58, '0x0000000000000000000000000000000000000000000000000000000000000063'], - [59, '0x0000000000000000000000000000000000000000000000000000000000000084'], - [60, '0x00000000000000000000000000000000000000000000000000000000000000a3'], - [61, '0x00000000000000000000000000000000000000000000000000000000000000a6'], - [62, '0x00000000000000000000000000000000000000000000000000000000000000d5'], - [63, '0x0000000000000000000000000000000000000000000000000000000000000091'], - [64, '0x000000000000000000000000000000000000000000000000000000000000000d'], - [65, '0x000000000000000000000000000000000000000000000000000000000000009c'], - [66, '0x00000000000000000000000000000000000000000000000000000000000000f9'], - [67, '0x0000000000000000000000000000000000000000000000000000000000000000'], - [68, '0x0000000000000000000000000000000000000000000000000000000000000001'], - [69, '0x0000000000000000000000000000000000000000000000000000000000000002'], - [70, '0x0000000000000000000000000000000000000000000000000000000000000003'], - [71, '0x0000000000000000000000000000000000000000000000000000000000000004'], - [72, '0x0000000000000000000000000000000000000000000000000000000000000005'], - [73, '0x0000000000000000000000000000000000000000000000000000000000000006'], - [74, '0x0000000000000000000000000000000000000000000000000000000000000007'], - [75, '0x0000000000000000000000000000000000000000000000000000000000000008'], - [76, '0x0000000000000000000000000000000000000000000000000000000000000009'], -]); - -export const expectedWitnessMap = new Map(initialWitnessMap).set( - 77, - '0x0000000000000000000000000000000000000000000000000000000000000001', -); diff --git a/noir/noir-repo/acvm-repo/blackbox_solver/src/curve_specific_solver.rs b/noir/noir-repo/acvm-repo/blackbox_solver/src/curve_specific_solver.rs index 869017f52ee..b8fc3f47033 100644 --- a/noir/noir-repo/acvm-repo/blackbox_solver/src/curve_specific_solver.rs +++ b/noir/noir-repo/acvm-repo/blackbox_solver/src/curve_specific_solver.rs @@ -7,13 +7,6 @@ use crate::BlackBoxResolutionError; /// /// Returns an [`BlackBoxResolutionError`] if the backend does not support the given [`acir::BlackBoxFunc`]. pub trait BlackBoxFunctionSolver { - fn schnorr_verify( - &self, - public_key_x: &F, - public_key_y: &F, - signature: &[u8; 64], - message: &[u8], - ) -> Result; fn multi_scalar_mul( &self, points: &[F], @@ -48,15 +41,6 @@ impl StubbedBlackBoxSolver { } impl BlackBoxFunctionSolver for StubbedBlackBoxSolver { - fn schnorr_verify( - &self, - _public_key_x: &F, - _public_key_y: &F, - _signature: &[u8; 64], - _message: &[u8], - ) -> Result { - Err(Self::fail(BlackBoxFunc::SchnorrVerify)) - } fn multi_scalar_mul( &self, _points: &[F], diff --git a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/benches/criterion.rs b/noir/noir-repo/acvm-repo/bn254_blackbox_solver/benches/criterion.rs index e7917fa1adc..8bf239eec8a 100644 --- a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/benches/criterion.rs +++ b/noir/noir-repo/acvm-repo/bn254_blackbox_solver/benches/criterion.rs @@ -13,40 +13,10 @@ fn bench_poseidon2(c: &mut Criterion) { c.bench_function("poseidon2", |b| b.iter(|| poseidon2_permutation(black_box(&inputs), 4))); } -fn bench_schnorr_verify(c: &mut Criterion) { - let pub_key_x = FieldElement::from_hex( - "0x04b260954662e97f00cab9adb773a259097f7a274b83b113532bce27fa3fb96a", - ) - .unwrap(); - let pub_key_y = FieldElement::from_hex( - "0x2fd51571db6c08666b0edfbfbc57d432068bccd0110a39b166ab243da0037197", - ) - .unwrap(); - let sig_bytes: [u8; 64] = [ - 1, 13, 119, 112, 212, 39, 233, 41, 84, 235, 255, 93, 245, 172, 186, 83, 157, 253, 76, 77, - 33, 128, 178, 15, 214, 67, 105, 107, 177, 234, 77, 48, 27, 237, 155, 84, 39, 84, 247, 27, - 22, 8, 176, 230, 24, 115, 145, 220, 254, 122, 135, 179, 171, 4, 214, 202, 64, 199, 19, 84, - 239, 138, 124, 12, - ]; - - let message: &[u8] = &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9]; - - c.bench_function("schnorr_verify", |b| { - b.iter(|| { - Bn254BlackBoxSolver.schnorr_verify( - black_box(&pub_key_x), - black_box(&pub_key_y), - black_box(&sig_bytes), - black_box(message), - ) - }) - }); -} - criterion_group!( name = benches; config = Criterion::default().sample_size(40).measurement_time(Duration::from_secs(20)).with_profiler(PProfProfiler::new(100, Output::Flamegraph(None))); - targets = bench_poseidon2, bench_schnorr_verify + targets = bench_poseidon2 ); criterion_main!(benches); diff --git a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/embedded_curve_ops.rs b/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/embedded_curve_ops.rs index a02711fda1e..e599fd25593 100644 --- a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/embedded_curve_ops.rs +++ b/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/embedded_curve_ops.rs @@ -1,6 +1,5 @@ // TODO(https://github.com/noir-lang/noir/issues/4932): rename this file to something more generic use ark_ec::AffineRepr; -use ark_ff::MontConfig; use num_bigint::BigUint; use crate::FieldElement; @@ -46,15 +45,15 @@ pub fn multi_scalar_mul( let mut bytes = scalar_high.to_be_bytes().to_vec(); bytes.extend_from_slice(&scalar_low.to_be_bytes()); - // Check if this is smaller than the grumpkin modulus let grumpkin_integer = BigUint::from_bytes_be(&bytes); - if grumpkin_integer >= grumpkin::FrConfig::MODULUS.into() { - return Err(BlackBoxResolutionError::Failed( - BlackBoxFunc::MultiScalarMul, - format!("{} is not a valid grumpkin scalar", grumpkin_integer.to_str_radix(16)), - )); - } + // Check if this is smaller than the grumpkin modulus + // if grumpkin_integer >= grumpkin::FrConfig::MODULUS.into() { + // return Err(BlackBoxResolutionError::Failed( + // BlackBoxFunc::MultiScalarMul, + // format!("{} is not a valid grumpkin scalar", grumpkin_integer.to_str_radix(16)), + // )); + // } let iteration_output_point = grumpkin::SWAffine::from(point.mul_bigint(grumpkin_integer.to_u64_digits())); @@ -120,8 +119,6 @@ fn create_point( mod tests { use super::*; - use ark_ff::BigInteger; - fn get_generator() -> [FieldElement; 3] { let generator = grumpkin::SWAffine::generator(); let generator_x = FieldElement::from_repr(*generator.x().unwrap()); @@ -175,23 +172,23 @@ mod tests { assert_eq!(res, expected_error); } - #[test] - fn rejects_grumpkin_modulus() { - let x = grumpkin::FrConfig::MODULUS.to_bytes_be(); + // #[test] + // fn rejects_grumpkin_modulus() { + // let x = grumpkin::FrConfig::MODULUS.to_bytes_be(); - let low = FieldElement::from_be_bytes_reduce(&x[16..32]); - let high = FieldElement::from_be_bytes_reduce(&x[0..16]); + // let low = FieldElement::from_be_bytes_reduce(&x[16..32]); + // let high = FieldElement::from_be_bytes_reduce(&x[0..16]); - let res = multi_scalar_mul(&get_generator(), &[low], &[high]); + // let res = multi_scalar_mul(&get_generator(), &[low], &[high]); - assert_eq!( - res, - Err(BlackBoxResolutionError::Failed( - BlackBoxFunc::MultiScalarMul, - "30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47 is not a valid grumpkin scalar".into(), - )) - ); - } + // assert_eq!( + // res, + // Err(BlackBoxResolutionError::Failed( + // BlackBoxFunc::MultiScalarMul, + // "30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47 is not a valid grumpkin scalar".into(), + // )) + // ); + // } #[test] fn rejects_invalid_point() { diff --git a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/lib.rs b/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/lib.rs index d74c17a52b5..f738a375ab1 100644 --- a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/lib.rs +++ b/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/lib.rs @@ -6,9 +6,7 @@ use acvm_blackbox_solver::{BlackBoxFunctionSolver, BlackBoxResolutionError}; mod embedded_curve_ops; mod generator; -mod pedersen; mod poseidon2; -mod schnorr; pub use embedded_curve_ops::{embedded_curve_add, multi_scalar_mul}; pub use generator::generators::derive_generators; @@ -25,24 +23,6 @@ type FieldElement = acir::acir_field::GenericFieldElement; pub struct Bn254BlackBoxSolver; impl BlackBoxFunctionSolver for Bn254BlackBoxSolver { - fn schnorr_verify( - &self, - public_key_x: &FieldElement, - public_key_y: &FieldElement, - signature: &[u8; 64], - message: &[u8], - ) -> Result { - let sig_s: [u8; 32] = signature[0..32].try_into().unwrap(); - let sig_e: [u8; 32] = signature[32..64].try_into().unwrap(); - Ok(schnorr::verify_signature( - public_key_x.into_repr(), - public_key_y.into_repr(), - sig_s, - sig_e, - message, - )) - } - fn multi_scalar_mul( &self, points: &[FieldElement], diff --git a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/pedersen/commitment.rs b/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/pedersen/commitment.rs deleted file mode 100644 index 03f03fcf5ab..00000000000 --- a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/pedersen/commitment.rs +++ /dev/null @@ -1,77 +0,0 @@ -// Taken from: https://github.com/laudiacay/barustenberg/blob/df6bc6f095fe7f288bf6a12e7317fd8eb33d68ae/barustenberg/src/crypto/pedersen/pederson.rs - -use ark_ec::{short_weierstrass::Affine, AffineRepr, CurveGroup}; -use ark_ff::{MontConfig, PrimeField}; -use grumpkin::{Fq, FqConfig, Fr, FrConfig, GrumpkinParameters}; - -use crate::generator::generators::{derive_generators, DEFAULT_DOMAIN_SEPARATOR}; - -/// Given a vector of fields, generate a pedersen commitment using the indexed generators. -pub(crate) fn commit_native_with_index( - inputs: &[Fq], - starting_index: u32, -) -> Affine { - let generators = - derive_generators(DEFAULT_DOMAIN_SEPARATOR, inputs.len() as u32, starting_index); - - // As |F_r| > |F_q|, we can safely convert any `F_q` into an `F_r` uniquely. - assert!(FrConfig::MODULUS > FqConfig::MODULUS); - - inputs.iter().enumerate().fold(Affine::zero(), |mut acc, (i, input)| { - acc = (acc + (generators[i] * Fr::from_bigint(input.into_bigint()).unwrap()).into_affine()) - .into_affine(); - acc - }) -} - -#[cfg(test)] -mod test { - - use acir::AcirField; - use ark_ec::short_weierstrass::Affine; - use ark_std::{One, Zero}; - use grumpkin::Fq; - - use crate::pedersen::commitment::commit_native_with_index; - use crate::FieldElement; - - #[test] - fn commitment() { - // https://github.com/AztecProtocol/aztec-packages/blob/72931bdb8202c34042cdfb8cee2ef44b75939879/barretenberg/cpp/src/barretenberg/crypto/pedersen_commitment/pedersen.test.cpp#L10-L18 - let res = commit_native_with_index(&[Fq::one(), Fq::one()], 0); - let expected = Affine::new( - FieldElement::from_hex( - "0x2f7a8f9a6c96926682205fb73ee43215bf13523c19d7afe36f12760266cdfe15", - ) - .unwrap() - .into_repr(), - FieldElement::from_hex( - "0x01916b316adbbf0e10e39b18c1d24b33ec84b46daddf72f43878bcc92b6057e6", - ) - .unwrap() - .into_repr(), - ); - - assert_eq!(res, expected); - } - - #[test] - fn commitment_with_zero() { - // https://github.com/AztecProtocol/aztec-packages/blob/72931bdb8202c34042cdfb8cee2ef44b75939879/barretenberg/cpp/src/barretenberg/crypto/pedersen_commitment/pedersen.test.cpp#L20-L29 - let res = commit_native_with_index(&[Fq::zero(), Fq::one()], 0); - let expected = Affine::new( - FieldElement::from_hex( - "0x054aa86a73cb8a34525e5bbed6e43ba1198e860f5f3950268f71df4591bde402", - ) - .unwrap() - .into_repr(), - FieldElement::from_hex( - "0x209dcfbf2cfb57f9f6046f44d71ac6faf87254afc7407c04eb621a6287cac126", - ) - .unwrap() - .into_repr(), - ); - - assert_eq!(res, expected); - } -} diff --git a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/pedersen/hash.rs b/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/pedersen/hash.rs deleted file mode 100644 index 152526a9943..00000000000 --- a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/pedersen/hash.rs +++ /dev/null @@ -1,69 +0,0 @@ -// Taken from: https://github.com/laudiacay/barustenberg/blob/df6bc6f095fe7f288bf6a12e7317fd8eb33d68ae/barustenberg/src/crypto/pedersen/pederson_hash.rs - -use std::sync::OnceLock; - -use ark_ec::{short_weierstrass::Affine, CurveConfig, CurveGroup}; -use grumpkin::GrumpkinParameters; - -use crate::generator::generators::derive_generators; - -use super::commitment::commit_native_with_index; - -/// Given a vector of fields, generate a pedersen hash using the indexed generators. -pub(crate) fn hash_with_index( - inputs: &[grumpkin::Fq], - starting_index: u32, -) -> ::BaseField { - let length_as_scalar: ::ScalarField = - (inputs.len() as u64).into(); - let length_prefix = *length_generator() * length_as_scalar; - let result = length_prefix + commit_native_with_index(inputs, starting_index); - result.into_affine().x -} - -fn length_generator() -> &'static Affine { - static INSTANCE: OnceLock> = OnceLock::new(); - INSTANCE.get_or_init(|| derive_generators("pedersen_hash_length".as_bytes(), 1, 0)[0]) -} - -#[cfg(test)] -pub(crate) mod test { - - use super::*; - use crate::FieldElement; - - use acir::AcirField; - use ark_std::One; - use grumpkin::Fq; - - //reference: https://github.com/AztecProtocol/barretenberg/blob/master/cpp/src/barretenberg/crypto/pedersen_hash/pedersen.test.cpp - #[test] - fn hash_one() { - // https://github.com/AztecProtocol/aztec-packages/blob/72931bdb8202c34042cdfb8cee2ef44b75939879/barretenberg/cpp/src/barretenberg/crypto/pedersen_hash/pedersen.test.cpp#L21-L26 - let res = hash_with_index(&[Fq::one(), Fq::one()], 0); - - assert_eq!( - res, - FieldElement::from_hex( - "0x07ebfbf4df29888c6cd6dca13d4bb9d1a923013ddbbcbdc3378ab8845463297b", - ) - .unwrap() - .into_repr(), - ); - } - - #[test] - fn test_hash_with_index() { - // https://github.com/AztecProtocol/aztec-packages/blob/72931bdb8202c34042cdfb8cee2ef44b75939879/barretenberg/cpp/src/barretenberg/crypto/pedersen_hash/pedersen.test.cpp#L28-L33 - let res = hash_with_index(&[Fq::one(), Fq::one()], 5); - - assert_eq!( - res, - FieldElement::from_hex( - "0x1c446df60816b897cda124524e6b03f36df0cec333fad87617aab70d7861daa6", - ) - .unwrap() - .into_repr(), - ); - } -} diff --git a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/pedersen/mod.rs b/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/pedersen/mod.rs deleted file mode 100644 index c3c4ed56450..00000000000 --- a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/pedersen/mod.rs +++ /dev/null @@ -1,2 +0,0 @@ -pub(crate) mod commitment; -pub(crate) mod hash; diff --git a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/schnorr/mod.rs b/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/schnorr/mod.rs deleted file mode 100644 index 8e3a40803f8..00000000000 --- a/noir/noir-repo/acvm-repo/bn254_blackbox_solver/src/schnorr/mod.rs +++ /dev/null @@ -1,147 +0,0 @@ -use acvm_blackbox_solver::blake2s; -use ark_ec::{ - short_weierstrass::{Affine, SWCurveConfig}, - AffineRepr, CurveConfig, CurveGroup, -}; -use ark_ff::{BigInteger, PrimeField, Zero}; -use grumpkin::{Fq, GrumpkinParameters}; - -pub(crate) fn verify_signature( - pub_key_x: Fq, - pub_key_y: Fq, - sig_s_bytes: [u8; 32], - sig_e_bytes: [u8; 32], - message: &[u8], -) -> bool { - let pub_key = Affine::::new_unchecked(pub_key_x, pub_key_y); - - if !pub_key.is_on_curve() - || !pub_key.is_in_correct_subgroup_assuming_on_curve() - || pub_key.is_zero() - { - return false; - } - - let sig_s = - ::ScalarField::from_be_bytes_mod_order(&sig_s_bytes); - let sig_e = - ::ScalarField::from_be_bytes_mod_order(&sig_e_bytes); - - if sig_s.is_zero() || sig_e.is_zero() { - return false; - } - - // R = g^{sig.s} • pub^{sig.e} - let r = GrumpkinParameters::GENERATOR * sig_s + pub_key * sig_e; - if r.is_zero() { - // this result implies k == 0, which would be catastrophic for the prover. - // it is a cheap check that ensures this doesn't happen. - return false; - } - - // compare the _hashes_ rather than field elements modulo r - // e = H(pedersen(r, pk.x, pk.y), m), where r = R.x - let target_e_bytes = schnorr_generate_challenge(message, pub_key_x, pub_key_y, r.into_affine()); - - sig_e_bytes == target_e_bytes -} - -fn schnorr_generate_challenge( - message: &[u8], - pub_key_x: Fq, - pub_key_y: Fq, - r: Affine, -) -> [u8; 32] { - // create challenge message pedersen_commitment(R.x, pubkey) - - let r_x = *r.x().expect("r has been checked to be non-zero"); - let pedersen_hash = crate::pedersen::hash::hash_with_index(&[r_x, pub_key_x, pub_key_y], 0); - - let mut hash_input: Vec = pedersen_hash.into_bigint().to_bytes_be(); - hash_input.extend(message); - - blake2s(&hash_input).unwrap() -} - -#[cfg(test)] -mod schnorr_tests { - use acir::AcirField; - - use super::verify_signature; - use crate::FieldElement; - - #[test] - fn verifies_valid_signature() { - let pub_key_x: grumpkin::Fq = FieldElement::from_hex( - "0x04b260954662e97f00cab9adb773a259097f7a274b83b113532bce27fa3fb96a", - ) - .unwrap() - .into_repr(); - let pub_key_y: grumpkin::Fq = FieldElement::from_hex( - "0x2fd51571db6c08666b0edfbfbc57d432068bccd0110a39b166ab243da0037197", - ) - .unwrap() - .into_repr(); - let sig_s_bytes: [u8; 32] = [ - 1, 13, 119, 112, 212, 39, 233, 41, 84, 235, 255, 93, 245, 172, 186, 83, 157, 253, 76, - 77, 33, 128, 178, 15, 214, 67, 105, 107, 177, 234, 77, 48, - ]; - let sig_e_bytes: [u8; 32] = [ - 27, 237, 155, 84, 39, 84, 247, 27, 22, 8, 176, 230, 24, 115, 145, 220, 254, 122, 135, - 179, 171, 4, 214, 202, 64, 199, 19, 84, 239, 138, 124, 12, - ]; - let message: &[u8] = &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9]; - - assert!(verify_signature(pub_key_x, pub_key_y, sig_s_bytes, sig_e_bytes, message)); - } - - #[test] - fn rejects_zero_e() { - let pub_key_x: grumpkin::Fq = FieldElement::from_hex( - "0x04b260954662e97f00cab9adb773a259097f7a274b83b113532bce27fa3fb96a", - ) - .unwrap() - .into_repr(); - let pub_key_y: grumpkin::Fq = FieldElement::from_hex( - "0x2fd51571db6c08666b0edfbfbc57d432068bccd0110a39b166ab243da0037197", - ) - .unwrap() - .into_repr(); - let sig_s_bytes: [u8; 32] = [ - 1, 13, 119, 112, 212, 39, 233, 41, 84, 235, 255, 93, 245, 172, 186, 83, 157, 253, 76, - 77, 33, 128, 178, 15, 214, 67, 105, 107, 177, 234, 77, 48, - ]; - let sig_e_bytes: [u8; 32] = [ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, - ]; - let message: &[u8] = &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9]; - - assert!(!verify_signature(pub_key_x, pub_key_y, sig_s_bytes, sig_e_bytes, message)); - } - - #[test] - fn rejects_zero_s() { - let pub_key_x: grumpkin::Fq = FieldElement::from_hex( - "0x04b260954662e97f00cab9adb773a259097f7a274b83b113532bce27fa3fb96a", - ) - .unwrap() - .into_repr(); - let pub_key_y: grumpkin::Fq = FieldElement::from_hex( - "0x2fd51571db6c08666b0edfbfbc57d432068bccd0110a39b166ab243da0037197", - ) - .unwrap() - .into_repr(); - let sig_s_bytes: [u8; 32] = [ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, - ]; - let sig_e_bytes: [u8; 32] = [ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, - ]; - let message: &[u8] = &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9]; - - assert!(!verify_signature(pub_key_x, pub_key_y, sig_s_bytes, sig_e_bytes, message)); - } -} diff --git a/noir/noir-repo/acvm-repo/brillig/src/black_box.rs b/noir/noir-repo/acvm-repo/brillig/src/black_box.rs index 3264388c8ef..9cc5349e45b 100644 --- a/noir/noir-repo/acvm-repo/brillig/src/black_box.rs +++ b/noir/noir-repo/acvm-repo/brillig/src/black_box.rs @@ -43,14 +43,7 @@ pub enum BlackBoxOp { signature: HeapArray, result: MemoryAddress, }, - /// Verifies a Schnorr signature over a curve which is "pairing friendly" with the curve on which the Brillig bytecode is defined. - SchnorrVerify { - public_key_x: MemoryAddress, - public_key_y: MemoryAddress, - message: HeapVector, - signature: HeapVector, - result: MemoryAddress, - }, + /// Performs multi scalar multiplication over the embedded curve. MultiScalarMul { points: HeapVector, diff --git a/noir/noir-repo/acvm-repo/brillig_vm/src/black_box.rs b/noir/noir-repo/acvm-repo/brillig_vm/src/black_box.rs index 19e2dd7553d..79aea2adf76 100644 --- a/noir/noir-repo/acvm-repo/brillig_vm/src/black_box.rs +++ b/noir/noir-repo/acvm-repo/brillig_vm/src/black_box.rs @@ -141,17 +141,6 @@ pub(crate) fn evaluate_black_box memory.write(*result_address, result.into()); Ok(()) } - BlackBoxOp::SchnorrVerify { public_key_x, public_key_y, message, signature, result } => { - let public_key_x = *memory.read(*public_key_x).extract_field().unwrap(); - let public_key_y = *memory.read(*public_key_y).extract_field().unwrap(); - let message: Vec = to_u8_vec(read_heap_vector(memory, message)); - let signature: [u8; 64] = - to_u8_vec(read_heap_vector(memory, signature)).try_into().unwrap(); - let verified = - solver.schnorr_verify(&public_key_x, &public_key_y, &signature, &message)?; - memory.write(*result, verified.into()); - Ok(()) - } BlackBoxOp::MultiScalarMul { points, scalars, outputs: result } => { let points: Vec = read_heap_vector(memory, points) .iter() @@ -362,7 +351,6 @@ fn black_box_function_from_op(op: &BlackBoxOp) -> BlackBoxFunc { BlackBoxOp::Keccakf1600 { .. } => BlackBoxFunc::Keccakf1600, BlackBoxOp::EcdsaSecp256k1 { .. } => BlackBoxFunc::EcdsaSecp256k1, BlackBoxOp::EcdsaSecp256r1 { .. } => BlackBoxFunc::EcdsaSecp256r1, - BlackBoxOp::SchnorrVerify { .. } => BlackBoxFunc::SchnorrVerify, BlackBoxOp::MultiScalarMul { .. } => BlackBoxFunc::MultiScalarMul, BlackBoxOp::EmbeddedCurveAdd { .. } => BlackBoxFunc::EmbeddedCurveAdd, BlackBoxOp::BigIntAdd { .. } => BlackBoxFunc::BigIntAdd, diff --git a/noir/noir-repo/compiler/noirc_evaluator/src/acir/generated_acir.rs b/noir/noir-repo/compiler/noirc_evaluator/src/acir/generated_acir.rs index 91206abe732..3b29c0319ab 100644 --- a/noir/noir-repo/compiler/noirc_evaluator/src/acir/generated_acir.rs +++ b/noir/noir-repo/compiler/noirc_evaluator/src/acir/generated_acir.rs @@ -225,19 +225,6 @@ impl GeneratedAcir { inputs: inputs[0].clone(), outputs: outputs.try_into().expect("Compiler should generate correct size outputs"), }, - BlackBoxFunc::SchnorrVerify => { - BlackBoxFuncCall::SchnorrVerify { - public_key_x: inputs[0][0], - public_key_y: inputs[1][0], - // Schnorr signature is an r & s, 32 bytes each - signature: inputs[2] - .clone() - .try_into() - .expect("Compiler should generate correct size inputs"), - message: inputs[3].clone(), - output: outputs[0], - } - } BlackBoxFunc::EcdsaSecp256k1 => { BlackBoxFuncCall::EcdsaSecp256k1 { // 32 bytes for each public key co-ordinate @@ -715,9 +702,7 @@ fn black_box_func_expected_input_size(name: BlackBoxFunc) -> Option { // Signature verification algorithms will take in a variable // number of inputs, since the message/hashed-message can vary in size. - BlackBoxFunc::SchnorrVerify - | BlackBoxFunc::EcdsaSecp256k1 - | BlackBoxFunc::EcdsaSecp256r1 => None, + BlackBoxFunc::EcdsaSecp256k1 | BlackBoxFunc::EcdsaSecp256r1 => None, // Inputs for multi scalar multiplication is an arbitrary number of [point, scalar] pairs. BlackBoxFunc::MultiScalarMul => None, @@ -762,9 +747,7 @@ fn black_box_expected_output_size(name: BlackBoxFunc) -> Option { BlackBoxFunc::RANGE => Some(0), // Signature verification algorithms will return a boolean - BlackBoxFunc::SchnorrVerify - | BlackBoxFunc::EcdsaSecp256k1 - | BlackBoxFunc::EcdsaSecp256r1 => Some(1), + BlackBoxFunc::EcdsaSecp256k1 | BlackBoxFunc::EcdsaSecp256r1 => Some(1), // Output of operations over the embedded curve // will be 2 field elements representing the point. diff --git a/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs b/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs index 3685c9540f3..2ddcea26570 100644 --- a/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs +++ b/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs @@ -144,27 +144,6 @@ pub(crate) fn convert_black_box_call { - if let ( - [BrilligVariable::SingleAddr(public_key_x), BrilligVariable::SingleAddr(public_key_y), signature, message], - [BrilligVariable::SingleAddr(result_register)], - ) = (function_arguments, function_results) - { - let message = convert_array_or_vector(brillig_context, *message, bb_func); - let signature = convert_array_or_vector(brillig_context, *signature, bb_func); - brillig_context.black_box_op_instruction(BlackBoxOp::SchnorrVerify { - public_key_x: public_key_x.address, - public_key_y: public_key_y.address, - message, - signature, - result: result_register.address, - }); - brillig_context.deallocate_heap_vector(message); - brillig_context.deallocate_heap_vector(signature); - } else { - unreachable!("ICE: Schnorr verify expects two registers for the public key, an array for signature, an array for the message hash and one result register") - } - } BlackBoxFunc::MultiScalarMul => { if let ([points, scalars], [BrilligVariable::BrilligArray(outputs)]) = (function_arguments, function_results) diff --git a/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_ir.rs b/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_ir.rs index b4e10035af6..8d5f14cee94 100644 --- a/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_ir.rs +++ b/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_ir.rs @@ -253,15 +253,6 @@ pub(crate) mod tests { pub(crate) struct DummyBlackBoxSolver; impl BlackBoxFunctionSolver for DummyBlackBoxSolver { - fn schnorr_verify( - &self, - _public_key_x: &FieldElement, - _public_key_y: &FieldElement, - _signature: &[u8; 64], - _message: &[u8], - ) -> Result { - Ok(true) - } fn multi_scalar_mul( &self, _points: &[FieldElement], diff --git a/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_ir/debug_show.rs b/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_ir/debug_show.rs index 55a24264fbb..ef1b5432128 100644 --- a/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_ir/debug_show.rs +++ b/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_ir/debug_show.rs @@ -326,23 +326,6 @@ impl DebugShow { result ); } - BlackBoxOp::SchnorrVerify { - public_key_x, - public_key_y, - message, - signature, - result, - } => { - debug_println!( - self.enable_debug_trace, - " SCHNORR_VERIFY {} {} {} {} -> {}", - public_key_x, - public_key_y, - message, - signature, - result - ); - } BlackBoxOp::BigIntAdd { lhs, rhs, output } => { debug_println!( self.enable_debug_trace, diff --git a/noir/noir-repo/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs b/noir/noir-repo/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs index 67222d06ea8..6ebe80128c0 100644 --- a/noir/noir-repo/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs +++ b/noir/noir-repo/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs @@ -586,7 +586,6 @@ fn simplify_black_box_func( BlackBoxFunc::EmbeddedCurveAdd => { blackbox::simplify_ec_add(dfg, solver, arguments, block, call_stack) } - BlackBoxFunc::SchnorrVerify => blackbox::simplify_schnorr_verify(dfg, solver, arguments), BlackBoxFunc::BigIntAdd | BlackBoxFunc::BigIntSub diff --git a/noir/noir-repo/compiler/noirc_evaluator/src/ssa/ir/instruction/call/blackbox.rs b/noir/noir-repo/compiler/noirc_evaluator/src/ssa/ir/instruction/call/blackbox.rs index 301b75e0bd4..b9faf1c46ec 100644 --- a/noir/noir-repo/compiler/noirc_evaluator/src/ssa/ir/instruction/call/blackbox.rs +++ b/noir/noir-repo/compiler/noirc_evaluator/src/ssa/ir/instruction/call/blackbox.rs @@ -156,39 +156,6 @@ pub(super) fn simplify_poseidon2_permutation( } } -pub(super) fn simplify_schnorr_verify( - dfg: &mut DataFlowGraph, - solver: impl BlackBoxFunctionSolver, - arguments: &[ValueId], -) -> SimplifyResult { - match ( - dfg.get_numeric_constant(arguments[0]), - dfg.get_numeric_constant(arguments[1]), - dfg.get_array_constant(arguments[2]), - dfg.get_array_constant(arguments[3]), - ) { - (Some(public_key_x), Some(public_key_y), Some((signature, _)), Some((message, _))) - if array_is_constant(dfg, &signature) && array_is_constant(dfg, &message) => - { - let signature = to_u8_vec(dfg, signature); - let signature: [u8; 64] = - signature.try_into().expect("Compiler should produce correctly sized signature"); - - let message = to_u8_vec(dfg, message); - - let Ok(valid_signature) = - solver.schnorr_verify(&public_key_x, &public_key_y, &signature, &message) - else { - return SimplifyResult::None; - }; - - let valid_signature = dfg.make_constant(valid_signature.into(), Type::bool()); - SimplifyResult::SimplifiedTo(valid_signature) - } - _ => SimplifyResult::None, - } -} - pub(super) fn simplify_hash( dfg: &mut DataFlowGraph, arguments: &[ValueId], diff --git a/noir/noir-repo/docs/docs/noir/standard_library/cryptographic_primitives/schnorr.mdx b/noir/noir-repo/docs/docs/noir/standard_library/cryptographic_primitives/schnorr.mdx index 286a0ac6c7d..4c859043787 100644 --- a/noir/noir-repo/docs/docs/noir/standard_library/cryptographic_primitives/schnorr.mdx +++ b/noir/noir-repo/docs/docs/noir/standard_library/cryptographic_primitives/schnorr.mdx @@ -10,7 +10,6 @@ import BlackBoxInfo from '@site/src/components/Notes/_blackbox'; ## schnorr::verify_signature Verifier for Schnorr signatures over the embedded curve (for BN254 it is Grumpkin). -See schnorr::verify_signature_slice for a version that works directly on slices. #include_code schnorr_verify noir_stdlib/src/schnorr.nr rust @@ -34,13 +33,4 @@ const signature = Array.from( ... ``` - -## schnorr::verify_signature_slice - -Verifier for Schnorr signatures over the embedded curve (for BN254 it is Grumpkin) -where the message is a slice. - -#include_code schnorr_verify_slice noir_stdlib/src/schnorr.nr rust - - diff --git a/noir/noir-repo/noir_stdlib/src/schnorr.nr b/noir/noir-repo/noir_stdlib/src/schnorr.nr index a43e75537ee..d9d494e3093 100644 --- a/noir/noir-repo/noir_stdlib/src/schnorr.nr +++ b/noir/noir-repo/noir_stdlib/src/schnorr.nr @@ -1,32 +1,13 @@ use crate::embedded_curve_ops::{EmbeddedCurvePoint, EmbeddedCurveScalar}; -#[foreign(schnorr_verify)] // docs:start:schnorr_verify pub fn verify_signature( - public_key_x: Field, - public_key_y: Field, + public_key: EmbeddedCurvePoint, signature: [u8; 64], message: [u8; N], ) -> bool // docs:end:schnorr_verify -{} - -#[foreign(schnorr_verify)] -// docs:start:schnorr_verify_slice -pub fn verify_signature_slice( - public_key_x: Field, - public_key_y: Field, - signature: [u8; 64], - message: [u8], -) -> bool -// docs:end:schnorr_verify_slice -{} - -pub fn verify_signature_noir( - public_key: EmbeddedCurvePoint, - signature: [u8; 64], - message: [u8; N], -) -> bool { +{ //scalar lo/hi from bytes let sig_s = EmbeddedCurveScalar::from_bytes(signature, 0); let sig_e = EmbeddedCurveScalar::from_bytes(signature, 32); @@ -109,6 +90,6 @@ fn test_zero_signature() { }; let signature: [u8; 64] = [0; 64]; let message: [u8; _] = [2; 64]; // every message - let verified = verify_signature_noir(public_key, signature, message); + let verified = verify_signature(public_key, signature, message); assert(!verified); } diff --git a/noir/noir-repo/test_programs/compile_success_empty/schnorr_simplification/src/main.nr b/noir/noir-repo/test_programs/compile_success_empty/schnorr_simplification/src/main.nr index cdfa8337094..53b71fc3842 100644 --- a/noir/noir-repo/test_programs/compile_success_empty/schnorr_simplification/src/main.nr +++ b/noir/noir-repo/test_programs/compile_success_empty/schnorr_simplification/src/main.nr @@ -1,9 +1,14 @@ +use std::embedded_curve_ops::EmbeddedCurvePoint; + // Note: If main has any unsized types, then the verifier will never be able // to figure out the circuit instance fn main() { let message = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9]; - let pub_key_x = 0x04b260954662e97f00cab9adb773a259097f7a274b83b113532bce27fa3fb96a; - let pub_key_y = 0x2fd51571db6c08666b0edfbfbc57d432068bccd0110a39b166ab243da0037197; + let pub_key = EmbeddedCurvePoint { + x: 0x04b260954662e97f00cab9adb773a259097f7a274b83b113532bce27fa3fb96a, + y: 0x2fd51571db6c08666b0edfbfbc57d432068bccd0110a39b166ab243da0037197, + is_infinite: false, + }; let signature = [ 1, 13, 119, 112, 212, 39, 233, 41, 84, 235, 255, 93, 245, 172, 186, 83, 157, 253, 76, 77, 33, 128, 178, 15, 214, 67, 105, 107, 177, 234, 77, 48, 27, 237, 155, 84, 39, 84, 247, 27, @@ -11,6 +16,6 @@ fn main() { 239, 138, 124, 12, ]; - let valid_signature = std::schnorr::verify_signature(pub_key_x, pub_key_y, signature, message); + let valid_signature = std::schnorr::verify_signature(pub_key, signature, message); assert(valid_signature); } diff --git a/noir/noir-repo/test_programs/execution_success/schnorr/src/main.nr b/noir/noir-repo/test_programs/execution_success/schnorr/src/main.nr index 21845cd54fa..ab3c65372c5 100644 --- a/noir/noir-repo/test_programs/execution_success/schnorr/src/main.nr +++ b/noir/noir-repo/test_programs/execution_success/schnorr/src/main.nr @@ -13,18 +13,12 @@ fn main( // We want to make sure that we can accurately verify a signature whose message is a slice vs. an array let message_field_bytes: [u8; 10] = message_field.to_be_bytes(); - // Is there ever a situation where someone would want - // to ensure that a signature was invalid? - // Check that passing a slice as the message is valid - let valid_signature = - std::schnorr::verify_signature_slice(pub_key_x, pub_key_y, signature, message_field_bytes); - assert(valid_signature); // Check that passing an array as the message is valid - let valid_signature = std::schnorr::verify_signature(pub_key_x, pub_key_y, signature, message); - assert(valid_signature); let pub_key = embedded_curve_ops::EmbeddedCurvePoint { x: pub_key_x, y: pub_key_y, is_infinite: false }; - let valid_signature = std::schnorr::verify_signature_noir(pub_key, signature, message); + let valid_signature = std::schnorr::verify_signature(pub_key, signature, message_field_bytes); + assert(valid_signature); + let valid_signature = std::schnorr::verify_signature(pub_key, signature, message); assert(valid_signature); std::schnorr::assert_valid_signature(pub_key, signature, message); } diff --git a/noir/noir-repo/tooling/lsp/src/solver.rs b/noir/noir-repo/tooling/lsp/src/solver.rs index 3c2d7499880..a36e30a944e 100644 --- a/noir/noir-repo/tooling/lsp/src/solver.rs +++ b/noir/noir-repo/tooling/lsp/src/solver.rs @@ -6,16 +6,6 @@ use acvm::BlackBoxFunctionSolver; pub(super) struct WrapperSolver(pub(super) Box>); impl BlackBoxFunctionSolver for WrapperSolver { - fn schnorr_verify( - &self, - public_key_x: &acvm::FieldElement, - public_key_y: &acvm::FieldElement, - signature: &[u8; 64], - message: &[u8], - ) -> Result { - self.0.schnorr_verify(public_key_x, public_key_y, signature, message) - } - fn multi_scalar_mul( &self, points: &[acvm::FieldElement], diff --git a/noir/noir-repo/tooling/profiler/src/opcode_formatter.rs b/noir/noir-repo/tooling/profiler/src/opcode_formatter.rs index b4367de9e7e..d1081de6c8f 100644 --- a/noir/noir-repo/tooling/profiler/src/opcode_formatter.rs +++ b/noir/noir-repo/tooling/profiler/src/opcode_formatter.rs @@ -10,7 +10,6 @@ fn format_blackbox_function(call: &BlackBoxFuncCall) -> String { BlackBoxFuncCall::RANGE { .. } => "range".to_string(), BlackBoxFuncCall::Blake2s { .. } => "blake2s".to_string(), BlackBoxFuncCall::Blake3 { .. } => "blake3".to_string(), - BlackBoxFuncCall::SchnorrVerify { .. } => "schnorr_verify".to_string(), BlackBoxFuncCall::EcdsaSecp256k1 { .. } => "ecdsa_secp256k1".to_string(), BlackBoxFuncCall::EcdsaSecp256r1 { .. } => "ecdsa_secp256r1".to_string(), BlackBoxFuncCall::MultiScalarMul { .. } => "multi_scalar_mul".to_string(), @@ -33,7 +32,6 @@ fn format_blackbox_op(call: &BlackBoxOp) -> String { BlackBoxOp::AES128Encrypt { .. } => "aes128_encrypt".to_string(), BlackBoxOp::Blake2s { .. } => "blake2s".to_string(), BlackBoxOp::Blake3 { .. } => "blake3".to_string(), - BlackBoxOp::SchnorrVerify { .. } => "schnorr_verify".to_string(), BlackBoxOp::EcdsaSecp256k1 { .. } => "ecdsa_secp256k1".to_string(), BlackBoxOp::EcdsaSecp256r1 { .. } => "ecdsa_secp256r1".to_string(), BlackBoxOp::MultiScalarMul { .. } => "multi_scalar_mul".to_string(),