diff --git a/cpp/scripts/bb-tests b/cpp/scripts/bb-tests index b8df6e338f..ba012981ea 100644 --- a/cpp/scripts/bb-tests +++ b/cpp/scripts/bb-tests @@ -2,7 +2,7 @@ crypto_aes128_tests crypto_blake2s_tests crypto_blake3s_tests crypto_ecdsa_tests -crypto_pedersen_tests +crypto_pedersen_commitment_tests crypto_schnorr_tests crypto_sha256_tests ecc_tests @@ -18,7 +18,7 @@ stdlib_blake2s_tests stdlib_blake3s_tests stdlib_ecdsa_tests stdlib_merkle_tree_tests -stdlib_pedersen_tests +stdlib_pedersen_commitment_tests stdlib_schnorr_tests stdlib_sha256_tests transcript_tests diff --git a/cpp/src/CMakeLists.txt b/cpp/src/CMakeLists.txt index 6a91ddd47f..a397738084 100644 --- a/cpp/src/CMakeLists.txt +++ b/cpp/src/CMakeLists.txt @@ -76,7 +76,8 @@ if(WASM) $ $ $ - $ + $ + $ $ $ $ @@ -84,7 +85,8 @@ if(WASM) $ $ $ - $ + $ + $ $ $ $ @@ -136,7 +138,8 @@ if(WASM) $ $ $ - $ + $ + $ $ $ $ @@ -144,7 +147,8 @@ if(WASM) $ $ $ - $ + $ + $ $ $ $ @@ -168,7 +172,8 @@ else() $ $ $ - $ + $ + $ $ $ $ @@ -176,7 +181,8 @@ else() $ $ $ - $ + $ + $ $ $ $ diff --git a/cpp/src/barretenberg/crypto/CMakeLists.txt b/cpp/src/barretenberg/crypto/CMakeLists.txt index 8f2b22453b..a6517b1675 100644 --- a/cpp/src/barretenberg/crypto/CMakeLists.txt +++ b/cpp/src/barretenberg/crypto/CMakeLists.txt @@ -1,9 +1,11 @@ add_subdirectory(hmac) +add_subdirectory(generators) add_subdirectory(blake2s) add_subdirectory(blake3s) add_subdirectory(blake3s_full) add_subdirectory(keccak) -add_subdirectory(pedersen) +add_subdirectory(pedersen_commitment) +add_subdirectory(pedersen_hash) add_subdirectory(schnorr) add_subdirectory(sha256) add_subdirectory(ecdsa) diff --git a/cpp/src/barretenberg/crypto/generators/CMakeLists.txt b/cpp/src/barretenberg/crypto/generators/CMakeLists.txt new file mode 100644 index 0000000000..c57e2f53c5 --- /dev/null +++ b/cpp/src/barretenberg/crypto/generators/CMakeLists.txt @@ -0,0 +1 @@ +barretenberg_module(crypto_generators ecc) \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen/fixed_base_scalar_mul.hpp b/cpp/src/barretenberg/crypto/generators/fixed_base_scalar_mul.hpp similarity index 89% rename from cpp/src/barretenberg/crypto/pedersen/fixed_base_scalar_mul.hpp rename to cpp/src/barretenberg/crypto/generators/fixed_base_scalar_mul.hpp index abe08371c5..2077483bda 100644 --- a/cpp/src/barretenberg/crypto/pedersen/fixed_base_scalar_mul.hpp +++ b/cpp/src/barretenberg/crypto/generators/fixed_base_scalar_mul.hpp @@ -1,8 +1,9 @@ #pragma once #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" +#include "./generator_data.hpp" namespace crypto { -namespace pedersen { +namespace generators { constexpr uint64_t WNAF_MASK = 0x7fffffffUL; @@ -17,7 +18,7 @@ grumpkin::g1::element fixed_base_scalar_mul(const barretenberg::fr& in, const si constexpr size_t num_quads = ((num_quads_base << 1) + 1 < num_bits) ? num_quads_base + 1 : num_quads_base; constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); uint64_t wnaf_entries[num_quads + 2] = { 0 }; bool skew = false; @@ -40,5 +41,5 @@ grumpkin::g1::element fixed_base_scalar_mul(const barretenberg::fr& in, const si return accumulator.normalize(); } -} // namespace pedersen +} // namespace generators } // namespace crypto diff --git a/cpp/src/barretenberg/crypto/pedersen/generator_data.cpp b/cpp/src/barretenberg/crypto/generators/generator_data.cpp similarity index 91% rename from cpp/src/barretenberg/crypto/pedersen/generator_data.cpp rename to cpp/src/barretenberg/crypto/generators/generator_data.cpp index c98e10c002..0a2b0d4ab9 100644 --- a/cpp/src/barretenberg/crypto/pedersen/generator_data.cpp +++ b/cpp/src/barretenberg/crypto/generators/generator_data.cpp @@ -1,7 +1,7 @@ #include "./generator_data.hpp" namespace crypto { -namespace pedersen { +namespace generators { namespace { // The number of unique base points with default main index with precomputed ladders @@ -12,8 +12,8 @@ constexpr size_t num_default_generators = 2048; #endif constexpr size_t hash_indices_generator_offset = 2048; -constexpr size_t num_hash_indices = 16; -constexpr size_t num_generators_per_hash_index = 8; +constexpr size_t num_hash_indices = 32; +constexpr size_t num_generators_per_hash_index = 64; constexpr size_t num_indexed_generators = num_hash_indices * num_generators_per_hash_index; constexpr size_t size_of_generator_data_array = hash_indices_generator_offset + num_indexed_generators; constexpr size_t num_generator_types = 3; @@ -235,21 +235,26 @@ const fixed_base_ladder* get_g1_ladder(const size_t num_bits) /** * Generator indexing: * + * Number of default generators (index = 0): N = 2048 + * Number of hash indices: H = 32 + * Number of sub indices for a given hash index: h = 64. + * Number of types of generators needed per hash index: t = 3 + * * Default generators: - * 0: P_0 P_1 P_2 ... P_{2047} + * 0: P_0 P_1 P_2 ... P_{N'-1} * - * Hash-index dependent generators: - * 1: P_{2048 + 0*8} P_{2049} ... P_{2055} - * 2: P_{2048 + 1*8} P_{2048 + 1*8 + 1} ... P_{2048 + 1*8 + 7} - * 3: + * Hash-index dependent generators: (let N' = t * N) + * 1: P_{N' + 0*h*t} P_{N' + 0*h*t + 1*t} ... P_{N' + 0*h*t + (h-1)*t} + * 2: P_{N' + 1*h*t} P_{N' + 1*h*t + 1*t} ... P_{N' + 1*h*t + (h-1)*t} + * 2: P_{N' + 2*h*t} P_{N' + 2*h*t + 1*t} ... P_{N' + 2*h*t + (h-1)*t} * 4: * . * . * . - * 31: P_{2048 + 30*8} P_{2048 + 30*8 + 1} ... P_{2048 + 30*8 + 7} - * 32: P_{2048 + 31*8} P_{2048 + 31*8 + 1} ... P_{2048 + 31*8 + 7} + * H-1: P_{N' + (H-2)*h*t} P_{N' + (H-2)*h*t + 1*t} ... P_{N' + (H-2)*h*t + (h-1)*t} + * H : P_{N' + (H-1)*h*t} P_{N' + (H-1)*h*t + 1*t} ... P_{N' + (H-1)*h*t + (h-1)*t} * - * Total generators = 2048 + 32*8 = 2304 + * Total generators = (N + H * h) * t = 2304 */ generator_data const& get_generator_data(generator_index_t index) { @@ -276,5 +281,5 @@ const fixed_base_ladder* generator_data::get_hash_ladder(size_t num_bits) const return get_ladder_internal(hash_ladder, num_bits); } -} // namespace pedersen +} // namespace generators } // namespace crypto diff --git a/cpp/src/barretenberg/crypto/pedersen/generator_data.hpp b/cpp/src/barretenberg/crypto/generators/generator_data.hpp similarity index 97% rename from cpp/src/barretenberg/crypto/pedersen/generator_data.hpp rename to cpp/src/barretenberg/crypto/generators/generator_data.hpp index 1d6c07c9eb..e3276c6c74 100644 --- a/cpp/src/barretenberg/crypto/pedersen/generator_data.hpp +++ b/cpp/src/barretenberg/crypto/generators/generator_data.hpp @@ -4,7 +4,7 @@ #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" namespace crypto { -namespace pedersen { +namespace generators { struct generator_index_t { size_t index; @@ -58,5 +58,5 @@ std::vector> const& init_generator_data(); const fixed_base_ladder* get_g1_ladder(const size_t num_bits); generator_data const& get_generator_data(generator_index_t index); -} // namespace pedersen +} // namespace generators } // namespace crypto diff --git a/cpp/src/barretenberg/crypto/pedersen/pedersen.test.cpp b/cpp/src/barretenberg/crypto/generators/generator_data.test.cpp similarity index 93% rename from cpp/src/barretenberg/crypto/pedersen/pedersen.test.cpp rename to cpp/src/barretenberg/crypto/generators/generator_data.test.cpp index 90e6503f7c..ae76d124b5 100644 --- a/cpp/src/barretenberg/crypto/pedersen/pedersen.test.cpp +++ b/cpp/src/barretenberg/crypto/generators/generator_data.test.cpp @@ -1,10 +1,11 @@ #include #include "barretenberg/common/streams.hpp" -#include "./pedersen.hpp" +#include "./fixed_base_scalar_mul.hpp" +#include "./generator_data.hpp" -using namespace crypto::pedersen; +using namespace crypto::generators; -TEST(pedersen, hash_ladder_structure) +TEST(generators, hash_ladder_structure) { generator_index_t index = { 2, 0 }; generator_data gen_data = get_generator_data(index); @@ -60,7 +61,7 @@ TEST(pedersen, hash_ladder_structure) EXPECT_EQ(grumpkin::g1::element(hash_ladder[0].one), mult); } -TEST(pedersen, fixed_base_scalar_mul) +TEST(generators, fixed_base_scalar_mul) { uint256_t scalar(123, 0, 0, 0); diff --git a/cpp/src/barretenberg/crypto/pedersen/CMakeLists.txt b/cpp/src/barretenberg/crypto/pedersen/CMakeLists.txt deleted file mode 100644 index c9e1108acd..0000000000 --- a/cpp/src/barretenberg/crypto/pedersen/CMakeLists.txt +++ /dev/null @@ -1 +0,0 @@ -barretenberg_module(crypto_pedersen ecc) \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen/pedersen.hpp b/cpp/src/barretenberg/crypto/pedersen/pedersen.hpp deleted file mode 100644 index 675da3d7b7..0000000000 --- a/cpp/src/barretenberg/crypto/pedersen/pedersen.hpp +++ /dev/null @@ -1,25 +0,0 @@ -#pragma once -#include -#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" -#include "./generator_data.hpp" -#include "./fixed_base_scalar_mul.hpp" - -namespace crypto { -namespace pedersen { - -grumpkin::g1::element hash_single(const barretenberg::fr& in, generator_index_t const& index); - -grumpkin::g1::affine_element commit_native(const std::vector& elements, const size_t hash_index = 0); - -grumpkin::fq compress_native(const std::vector& inputs, const size_t hash_index = 0); - -template grumpkin::fq compress_native(const std::array& inputs) -{ - std::vector converted(inputs.begin(), inputs.end()); - return commit_native(converted).x; -} - -grumpkin::fq compress_native(const std::vector& input); - -} // namespace pedersen -} // namespace crypto diff --git a/cpp/src/barretenberg/crypto/pedersen_commitment/CMakeLists.txt b/cpp/src/barretenberg/crypto/pedersen_commitment/CMakeLists.txt new file mode 100644 index 0000000000..9f6095fdf3 --- /dev/null +++ b/cpp/src/barretenberg/crypto/pedersen_commitment/CMakeLists.txt @@ -0,0 +1 @@ +barretenberg_module(crypto_pedersen_commitment ecc crypto_generators crypto_pedersen_hash) \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen_commitment/c_bind.cpp b/cpp/src/barretenberg/crypto/pedersen_commitment/c_bind.cpp new file mode 100644 index 0000000000..586e1f7e55 --- /dev/null +++ b/cpp/src/barretenberg/crypto/pedersen_commitment/c_bind.cpp @@ -0,0 +1,47 @@ +#include "c_bind.hpp" +#include "pedersen.hpp" +#include "barretenberg/common/serialize.hpp" +#include "barretenberg/common/timer.hpp" +#include "barretenberg/common/mem.hpp" +#include "barretenberg/common/streams.hpp" +#define WASM_EXPORT __attribute__((visibility("default"))) + +extern "C" { + +WASM_EXPORT void pedersen__init() +{ + crypto::generators::init_generator_data(); +} + +WASM_EXPORT void pedersen__compress(uint8_t const* inputs_buffer, uint8_t* output) +{ + std::vector to_compress; + read(inputs_buffer, to_compress); + auto r = crypto::pedersen_commitment::compress_native(to_compress); + barretenberg::fr::serialize_to_buffer(r, output); +} + +WASM_EXPORT void pedersen__compress_with_hash_index(uint8_t const* inputs_buffer, uint8_t* output, uint32_t hash_index) +{ + std::vector to_compress; + read(inputs_buffer, to_compress); + auto r = crypto::pedersen_commitment::compress_native(to_compress, hash_index); + barretenberg::fr::serialize_to_buffer(r, output); +} + +WASM_EXPORT void pedersen__commit(uint8_t const* inputs_buffer, uint8_t* output) +{ + std::vector to_compress; + read(inputs_buffer, to_compress); + grumpkin::g1::affine_element pedersen_hash = crypto::pedersen_commitment::commit_native(to_compress); + + write(output, pedersen_hash); +} + +WASM_EXPORT void pedersen__buffer_to_field(uint8_t const* data, size_t length, uint8_t* r) +{ + std::vector to_compress(data, data + length); + auto output = crypto::pedersen_commitment::compress_native(to_compress); + write(r, output); +} +} \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen/c_bind.hpp b/cpp/src/barretenberg/crypto/pedersen_commitment/c_bind.hpp similarity index 60% rename from cpp/src/barretenberg/crypto/pedersen/c_bind.hpp rename to cpp/src/barretenberg/crypto/pedersen_commitment/c_bind.hpp index 8e61135b9d..05a629026d 100644 --- a/cpp/src/barretenberg/crypto/pedersen/c_bind.hpp +++ b/cpp/src/barretenberg/crypto/pedersen_commitment/c_bind.hpp @@ -1,3 +1,4 @@ +#pragma once #include "barretenberg/common/serialize.hpp" #include "barretenberg/common/timer.hpp" #include "barretenberg/common/mem.hpp" @@ -8,8 +9,6 @@ extern "C" { WASM_EXPORT void pedersen__init(); -WASM_EXPORT void pedersen__compress_fields(uint8_t const* left, uint8_t const* right, uint8_t* result); - WASM_EXPORT void pedersen__compress(uint8_t const* inputs_buffer, uint8_t* output); WASM_EXPORT void pedersen__compress_with_hash_index(uint8_t const* inputs_buffer, uint8_t* output, uint32_t hash_index); @@ -17,13 +16,4 @@ WASM_EXPORT void pedersen__compress_with_hash_index(uint8_t const* inputs_buffer WASM_EXPORT void pedersen__commit(uint8_t const* inputs_buffer, uint8_t* output); WASM_EXPORT void pedersen__buffer_to_field(uint8_t const* data, size_t length, uint8_t* r); - -/** - * Given a buffer containing 32 byte pedersen leaves, return a new buffer containing the leaves and all pairs of - * nodes that define a merkle tree. - * e.g. - * input: [1][2][3][4] - * output: [1][2][3][4][compress(1,2)][compress(3,4)][compress(5,6)] - */ -WASM_EXPORT uint8_t* pedersen__hash_to_tree(uint8_t const* data); -} +} \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen/convert_buffer_to_field.hpp b/cpp/src/barretenberg/crypto/pedersen_commitment/convert_buffer_to_field.hpp similarity index 92% rename from cpp/src/barretenberg/crypto/pedersen/convert_buffer_to_field.hpp rename to cpp/src/barretenberg/crypto/pedersen_commitment/convert_buffer_to_field.hpp index cea45bd3bc..10adacf4ce 100644 --- a/cpp/src/barretenberg/crypto/pedersen/convert_buffer_to_field.hpp +++ b/cpp/src/barretenberg/crypto/pedersen_commitment/convert_buffer_to_field.hpp @@ -3,7 +3,7 @@ #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" namespace crypto { -namespace pedersen { +namespace pedersen_commitment { inline std::vector convert_buffer_to_field(const std::vector& input) { @@ -33,5 +33,5 @@ inline std::vector convert_buffer_to_field(const std::vector #endif +// using namespace crypto::generators; + namespace crypto { -namespace pedersen { +namespace pedersen_commitment { -grumpkin::g1::element hash_single(const barretenberg::fr& in, generator_index_t const& index) +grumpkin::g1::element commit_single(const barretenberg::fr& in, generator_index_t const& index) { auto gen_data = get_generator_data(index); barretenberg::fr scalar_multiplier = in.from_montgomery_form(); @@ -19,7 +21,7 @@ grumpkin::g1::element hash_single(const barretenberg::fr& in, generator_index_t constexpr size_t num_quads = ((num_quads_base << 1) + 1 < num_bits) ? num_quads_base + 1 : num_quads_base; constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); uint64_t wnaf_entries[num_quads + 2] = { 0 }; bool skew = false; @@ -56,7 +58,7 @@ grumpkin::g1::affine_element commit_native(const std::vector& inpu #endif for (size_t i = 0; i < inputs.size(); ++i) { generator_index_t index = { hash_index, i }; - out[i] = hash_single(inputs[i], index); + out[i] = commit_single(inputs[i], index); } grumpkin::g1::element r = out[0]; @@ -66,6 +68,27 @@ grumpkin::g1::affine_element commit_native(const std::vector& inpu return r.is_point_at_infinity() ? grumpkin::g1::affine_element(0, 0) : grumpkin::g1::affine_element(r); } +grumpkin::g1::affine_element commit_native(const std::vector>& input_pairs) +{ + ASSERT((input_pairs.size() < (1 << 16)) && "too many inputs for 16 bit index"); + std::vector out(input_pairs.size()); + +#ifndef NO_MULTITHREADING + // Ensure generator data is initialized before threading... + init_generator_data(); +#pragma omp parallel for num_threads(input_pairs.size()) +#endif + for (size_t i = 0; i < input_pairs.size(); ++i) { + out[i] = commit_single(input_pairs[i].first, input_pairs[i].second); + } + + grumpkin::g1::element r = out[0]; + for (size_t i = 1; i < input_pairs.size(); ++i) { + r = out[i] + r; + } + return r.is_point_at_infinity() ? grumpkin::g1::affine_element(0, 0) : grumpkin::g1::affine_element(r); +} + /** * The same as commit_native, but only return the resultant x coordinate (i.e. compress). */ @@ -74,6 +97,11 @@ grumpkin::fq compress_native(const std::vector& inputs, const size return commit_native(inputs, hash_index).x; } +grumpkin::fq compress_native(const std::vector>& input_pairs) +{ + return commit_native(input_pairs).x; +} + /** * Given an arbitrary length of bytes, convert them to fields and compress the result using the default generators. */ @@ -89,5 +117,5 @@ grumpkin::fq compress_native(const std::vector& input) return compress_native_buffer_to_field(input); } -} // namespace pedersen -} // namespace crypto +} // namespace pedersen_commitment +} // namespace crypto \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen_commitment/pedersen.hpp b/cpp/src/barretenberg/crypto/pedersen_commitment/pedersen.hpp new file mode 100644 index 0000000000..231ea1b25d --- /dev/null +++ b/cpp/src/barretenberg/crypto/pedersen_commitment/pedersen.hpp @@ -0,0 +1,31 @@ +#pragma once +#include +#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" +#include "../generators/generator_data.hpp" +#include "../generators/fixed_base_scalar_mul.hpp" + +using namespace crypto::generators; + +namespace crypto { +namespace pedersen_commitment { + +grumpkin::g1::element commit_single(const barretenberg::fr& in, generator_index_t const& index); + +grumpkin::g1::affine_element commit_native(const std::vector& inputs, const size_t hash_index = 0); + +grumpkin::g1::affine_element commit_native(const std::vector>& input_pairs); + +grumpkin::fq compress_native(const std::vector& inputs, const size_t hash_index = 0); + +template grumpkin::fq compress_native(const std::array& inputs) +{ + std::vector converted(inputs.begin(), inputs.end()); + return commit_native(converted).x; +} + +grumpkin::fq compress_native(const std::vector& input); + +grumpkin::fq compress_native(const std::vector>& input_pairs); + +} // namespace pedersen_commitment +} // namespace crypto diff --git a/cpp/src/barretenberg/crypto/pedersen_commitment/pedersen_lookup.cpp b/cpp/src/barretenberg/crypto/pedersen_commitment/pedersen_lookup.cpp new file mode 100644 index 0000000000..e2333acfa6 --- /dev/null +++ b/cpp/src/barretenberg/crypto/pedersen_commitment/pedersen_lookup.cpp @@ -0,0 +1,146 @@ +#include "./pedersen_lookup.hpp" +#include "../pedersen_hash/pedersen_lookup.hpp" +#include "./convert_buffer_to_field.hpp" + +#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" +#include "barretenberg/numeric/bitop/pow.hpp" + +using namespace crypto::pedersen_hash::lookup; + +namespace crypto::pedersen_hash::lookup { +extern std::array, NUM_PEDERSEN_TABLES> pedersen_tables; +extern std::vector pedersen_iv_table; +extern std::array generators; +} // namespace crypto::pedersen_hash::lookup + +namespace crypto { +namespace pedersen_commitment { +namespace lookup { + +grumpkin::g1::element merkle_damgard_compress(const std::vector& inputs, const size_t iv) +{ + if (inputs.size() == 0) { + auto result = grumpkin::g1::affine_one; + result.self_set_infinity(); + return result; + } + init(); + const size_t num_inputs = inputs.size(); + + grumpkin::fq result = (pedersen_iv_table[iv]).x; + for (size_t i = 0; i < num_inputs; i++) { + result = hash_pair(result, inputs[i]); + } + + return (hash_single(result, false) + hash_single(grumpkin::fq(num_inputs), true)); +} + +grumpkin::g1::element merkle_damgard_compress(const std::vector& inputs, const std::vector& ivs) +{ + if (inputs.size() == 0) { + auto result = grumpkin::g1::affine_one; + result.self_set_infinity(); + return result; + } + init(); + const size_t num_inputs = inputs.size(); + + grumpkin::fq result = (pedersen_iv_table[0]).x; + for (size_t i = 0; i < 2 * num_inputs; i++) { + if ((i & 1) == 0) { + grumpkin::fq iv_result = (pedersen_iv_table[ivs[i >> 1]]).x; + result = hash_pair(result, iv_result); + } else { + result = hash_pair(result, inputs[i >> 1]); + } + } + + return (hash_single(result, false) + hash_single(grumpkin::fq(num_inputs), true)); +} + +grumpkin::g1::element merkle_damgard_tree_compress(const std::vector& inputs, + const std::vector& ivs) +{ + const size_t num_inputs = inputs.size(); + ASSERT(num_inputs == ivs.size()); + ASSERT(numeric::is_power_of_two(num_inputs)); + if (inputs.size() == 0) { + auto result = grumpkin::g1::affine_one; + result.self_set_infinity(); + return result; + } + init(); + + // Process height 0 of the tree. + std::vector temp_storage; + for (size_t i = 0; i < num_inputs; i++) { + grumpkin::fq iv_result = (pedersen_iv_table[ivs[i]]).x; + temp_storage.push_back(hash_pair(iv_result, inputs[i])); + } + + // Process heights 1, 2, ..., log2(m) of the tree. + const size_t total_height = numeric::get_msb(num_inputs); + for (size_t height = 1; height <= total_height; height++) { + const size_t leaf_count = 1UL << (total_height - height); + for (size_t i = 0; i < leaf_count; i++) { + temp_storage[i] = hash_pair(temp_storage[2 * i], temp_storage[2 * i + 1]); + } + } + + return (hash_single(temp_storage[0], false) + hash_single(grumpkin::fq(num_inputs), true)); +} + +grumpkin::g1::affine_element commit_native(const std::vector& inputs, const size_t hash_index) +{ + return grumpkin::g1::affine_element(merkle_damgard_compress(inputs, hash_index)); +} + +grumpkin::g1::affine_element commit_native(const std::vector& inputs, + const std::vector& hash_indices) +{ + return grumpkin::g1::affine_element(merkle_damgard_compress(inputs, hash_indices)); +} + +grumpkin::fq compress_native(const std::vector& inputs, const size_t hash_index) +{ + return commit_native(inputs, hash_index).x; +} + +grumpkin::fq compress_native(const std::vector& inputs, const std::vector& hash_indices) +{ + return commit_native(inputs, hash_indices).x; +} + +grumpkin::fq compress_native_buffer_to_field(const std::vector& input) +{ + const auto elements = convert_buffer_to_field(input); + grumpkin::fq result_fq = compress_native(elements); + return result_fq; +} + +std::vector compress_native(const std::vector& input) +{ + const auto result_fq = compress_native_buffer_to_field(input); + uint256_t result_u256(result_fq); + const size_t num_bytes = input.size(); + + bool is_zero = true; + for (const auto byte : input) { + is_zero = is_zero && (byte == static_cast(0)); + } + if (is_zero) { + result_u256 = num_bytes; + } + std::vector result_buffer; + result_buffer.reserve(32); + for (size_t i = 0; i < 32; ++i) { + const uint64_t shift = (31 - i) * 8; + uint256_t shifted = result_u256 >> uint256_t(shift); + result_buffer.push_back(static_cast(shifted.data[0])); + } + return result_buffer; +} + +} // namespace lookup +} // namespace pedersen_commitment +} // namespace crypto \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen_commitment/pedersen_lookup.hpp b/cpp/src/barretenberg/crypto/pedersen_commitment/pedersen_lookup.hpp new file mode 100644 index 0000000000..0f99b13fbb --- /dev/null +++ b/cpp/src/barretenberg/crypto/pedersen_commitment/pedersen_lookup.hpp @@ -0,0 +1,32 @@ +#pragma once + +#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" + +namespace crypto { +namespace pedersen_commitment { +namespace lookup { + +grumpkin::g1::element merkle_damgard_compress(const std::vector& inputs, const size_t iv); +grumpkin::g1::element merkle_damgard_compress(const std::vector& inputs, const std::vector& ivs); +grumpkin::g1::element merkle_damgard_tree_compress(const std::vector& inputs, + const std::vector& ivs); + +grumpkin::fq compress_native(const std::vector& inputs, const size_t hash_index = 0); +grumpkin::fq compress_native(const std::vector& inputs, const std::vector& hash_indices); +std::vector compress_native(const std::vector& input); + +grumpkin::fq compress_native_buffer_to_field(const std::vector& input); + +template grumpkin::fq compress_native(const std::array& inputs) +{ + std::vector in(inputs.begin(), inputs.end()); + return compress_native(in); +} + +grumpkin::g1::affine_element commit_native(const std::vector& inputs, const size_t hash_index = 0); +grumpkin::g1::affine_element commit_native(const std::vector& inputs, + const std::vector& hash_indices); + +} // namespace lookup +} // namespace pedersen_commitment +} // namespace crypto \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen/pedersen_lookup.test.cpp b/cpp/src/barretenberg/crypto/pedersen_commitment/pedersen_lookup.test.cpp similarity index 53% rename from cpp/src/barretenberg/crypto/pedersen/pedersen_lookup.test.cpp rename to cpp/src/barretenberg/crypto/pedersen_commitment/pedersen_lookup.test.cpp index e71c3a4150..fc8b47eef6 100644 --- a/cpp/src/barretenberg/crypto/pedersen/pedersen_lookup.test.cpp +++ b/cpp/src/barretenberg/crypto/pedersen_commitment/pedersen_lookup.test.cpp @@ -3,6 +3,7 @@ #include "barretenberg/numeric/random/engine.hpp" #include "./pedersen_lookup.hpp" +#include "../pedersen_hash/pedersen_lookup.hpp" namespace { auto& engine = numeric::random::get_debug_engine(); @@ -13,14 +14,14 @@ auto compute_expected(const grumpkin::fq exponent, size_t generator_offset) uint256_t bits(exponent); std::array accumulators; const auto lambda = grumpkin::fr::cube_root_of_unity(); - const auto mask = crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE - 1; + const auto mask = crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE - 1; for (size_t i = 0; i < 15; ++i) { const auto slice_a = static_cast(bits.data[0] & mask) + 1; - bits >>= crypto::pedersen::lookup::BITS_PER_TABLE; + bits >>= crypto::pedersen_hash::lookup::BITS_PER_TABLE; const auto slice_b = static_cast(bits.data[0] & mask) + 1; - const auto generator = crypto::pedersen::lookup::get_table_generator(generator_offset + i); + const auto generator = crypto::pedersen_hash::lookup::get_table_generator(generator_offset + i); if (i == 0) { accumulators[0] = generator * (lambda * slice_a); @@ -31,7 +32,7 @@ auto compute_expected(const grumpkin::fq exponent, size_t generator_offset) accumulators[1] += (generator * grumpkin::fr(slice_b)); } } - bits >>= crypto::pedersen::lookup::BITS_PER_TABLE; + bits >>= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } return (accumulators[0] + accumulators[1]); } @@ -70,9 +71,9 @@ TEST(pedersen_lookup, hash_single) const fq exponent = engine.get_random_uint256(); - const affine_element result(crypto::pedersen::lookup::hash_single(exponent, false)); + const affine_element result(crypto::pedersen_hash::lookup::hash_single(exponent, false)); - const auto mask = crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE - 1; + const auto mask = crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE - 1; uint256_t bits(exponent); @@ -82,10 +83,10 @@ TEST(pedersen_lookup, hash_single) for (size_t i = 0; i < 15; ++i) { const auto slice_a = static_cast(bits.data[0] & mask) + 1; - bits >>= crypto::pedersen::lookup::BITS_PER_TABLE; + bits >>= crypto::pedersen_hash::lookup::BITS_PER_TABLE; const auto slice_b = static_cast(bits.data[0] & mask) + 1; - const element generator = crypto::pedersen::lookup::get_table_generator(i); + const element generator = crypto::pedersen_hash::lookup::get_table_generator(i); if (i == 0) { accumulators[0] = generator * (lambda * slice_a); @@ -96,7 +97,7 @@ TEST(pedersen_lookup, hash_single) accumulators[1] += (generator * (slice_b)); } } - bits >>= crypto::pedersen::lookup::BITS_PER_TABLE; + bits >>= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } const affine_element expected(accumulators[0] + accumulators[1]); @@ -112,7 +113,7 @@ TEST(pedersen_lookup, hash_pair) const fq left = engine.get_random_uint256(); const fq right = engine.get_random_uint256(); - const fq result(crypto::pedersen::lookup::hash_pair(left, right)); + const fq result(crypto::pedersen_hash::lookup::hash_pair(left, right)); const affine_element expected(compute_expected(left, 0) + compute_expected(right, 15)); @@ -131,7 +132,7 @@ TEST(pedersen_lookup, merkle_damgard_compress) inputs.push_back(engine.get_random_uint256()); } - const auto result = crypto::pedersen::lookup::merkle_damgard_compress(inputs, iv); + const auto result = crypto::pedersen_commitment::lookup::merkle_damgard_compress(inputs, iv); fq intermediate = (grumpkin::g1::affine_one * fr(iv + 1)).x; for (size_t i = 0; i < m; i++) { @@ -141,3 +142,67 @@ TEST(pedersen_lookup, merkle_damgard_compress) EXPECT_EQ(affine_element(result).x, affine_element(compute_expected(intermediate, 0) + compute_expected(fq(m), 15)).x); } + +TEST(pedersen_lookup, merkle_damgard_compress_multiple_iv) +{ + typedef grumpkin::fq fq; + typedef grumpkin::fr fr; + typedef grumpkin::g1::affine_element affine_element; + + const size_t m = 10; + std::vector ivs; + std::vector inputs; + for (size_t i = 0; i < m; i++) { + inputs.push_back(engine.get_random_uint256()); + ivs.push_back(engine.get_random_uint8()); + } + + const auto result = crypto::pedersen_commitment::lookup::merkle_damgard_compress(inputs, ivs); + + const size_t initial_iv = 0; + fq intermediate = (grumpkin::g1::affine_one * fr(initial_iv + 1)).x; + for (size_t i = 0; i < 2 * m; i++) { + if ((i & 1) == 0) { + const auto iv = (grumpkin::g1::affine_one * fr(ivs[i >> 1] + 1)).x; + intermediate = affine_element(compute_expected(intermediate, 0) + compute_expected(iv, 15)).x; + } else { + intermediate = affine_element(compute_expected(intermediate, 0) + compute_expected(inputs[i >> 1], 15)).x; + } + } + + EXPECT_EQ(affine_element(result).x, + affine_element(compute_expected(intermediate, 0) + compute_expected(fq(m), 15)).x); +} + +TEST(pedersen_lookup, merkle_damgard_tree_compress) +{ + typedef grumpkin::fq fq; + typedef grumpkin::fr fr; + typedef grumpkin::g1::affine_element affine_element; + + const size_t m = 8; + std::vector ivs; + std::vector inputs; + for (size_t i = 0; i < m; i++) { + inputs.push_back(engine.get_random_uint256()); + ivs.push_back(engine.get_random_uint8()); + } + + const auto result = crypto::pedersen_commitment::lookup::merkle_damgard_tree_compress(inputs, ivs); + + std::vector temp; + for (size_t i = 0; i < m; i++) { + const fq iv_term = (grumpkin::g1::affine_one * fr(ivs[i] + 1)).x; + temp.push_back(affine_element(compute_expected(iv_term, 0) + compute_expected(inputs[i], 15)).x); + } + + const size_t logm = numeric::get_msb(m); + for (size_t j = 1; j <= logm; j++) { + const size_t nodes = (1UL << (logm - j)); + for (size_t i = 0; i < nodes; i++) { + temp[i] = affine_element(compute_expected(temp[2 * i], 0) + compute_expected(temp[2 * i + 1], 15)).x; + } + } + + EXPECT_EQ(affine_element(result).x, affine_element(compute_expected(temp[0], 0) + compute_expected(fq(m), 15)).x); +} diff --git a/cpp/src/barretenberg/crypto/pedersen/sidon_set/sidon_set.hpp b/cpp/src/barretenberg/crypto/pedersen_commitment/sidon_set/sidon_set.hpp similarity index 97% rename from cpp/src/barretenberg/crypto/pedersen/sidon_set/sidon_set.hpp rename to cpp/src/barretenberg/crypto/pedersen_commitment/sidon_set/sidon_set.hpp index a1a6db817d..8240f2f7a1 100644 --- a/cpp/src/barretenberg/crypto/pedersen/sidon_set/sidon_set.hpp +++ b/cpp/src/barretenberg/crypto/pedersen_commitment/sidon_set/sidon_set.hpp @@ -3,9 +3,9 @@ #include #include -#include "barretenberg/numeric/uintx/uintx.hpp" -#include "barretenberg/ecc/fields/field.hpp" -#include "barretenberg/ecc/fields/field2.hpp" +#include +#include +#include namespace crypto { @@ -223,4 +223,4 @@ template inline std::vector compute_sidon_set() } } // namespace sidon } // namespace pedersen -} // namespace crypto +} // namespace crypto \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen/sidon_set/sidon_set.test.cpp b/cpp/src/barretenberg/crypto/pedersen_commitment/sidon_set/sidon_set.test.cpp similarity index 95% rename from cpp/src/barretenberg/crypto/pedersen/sidon_set/sidon_set.test.cpp rename to cpp/src/barretenberg/crypto/pedersen_commitment/sidon_set/sidon_set.test.cpp index 615067414b..a3b4fbc428 100644 --- a/cpp/src/barretenberg/crypto/pedersen/sidon_set/sidon_set.test.cpp +++ b/cpp/src/barretenberg/crypto/pedersen_commitment/sidon_set/sidon_set.test.cpp @@ -1,6 +1,6 @@ #include -#include "barretenberg/numeric/bitop/get_msb.hpp" -#include "barretenberg/numeric/random/engine.hpp" +#include +#include #include "./sidon_set.hpp" @@ -78,4 +78,4 @@ TEST(sidon, compute_sidon_set) for (size_t i = 1; i < sums.size(); ++i) { EXPECT_EQ(sums[i] != sums[i - 1], true); } -} +} \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen_hash/CMakeLists.txt b/cpp/src/barretenberg/crypto/pedersen_hash/CMakeLists.txt new file mode 100644 index 0000000000..46f39c7163 --- /dev/null +++ b/cpp/src/barretenberg/crypto/pedersen_hash/CMakeLists.txt @@ -0,0 +1 @@ +barretenberg_module(crypto_pedersen_hash ecc crypto_generators) \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen/c_bind.cpp b/cpp/src/barretenberg/crypto/pedersen_hash/c_bind.cpp similarity index 54% rename from cpp/src/barretenberg/crypto/pedersen/c_bind.cpp rename to cpp/src/barretenberg/crypto/pedersen_hash/c_bind.cpp index 8f8a9e6a74..65022ea2d6 100644 --- a/cpp/src/barretenberg/crypto/pedersen/c_bind.cpp +++ b/cpp/src/barretenberg/crypto/pedersen_hash/c_bind.cpp @@ -8,51 +8,37 @@ extern "C" { -WASM_EXPORT void pedersen__init() +WASM_EXPORT void pedersen_hash__init() { - crypto::pedersen::init_generator_data(); + crypto::generators::init_generator_data(); } -WASM_EXPORT void pedersen__compress_fields(uint8_t const* left, uint8_t const* right, uint8_t* result) +WASM_EXPORT void pedersen__hash_pair(uint8_t const* left, uint8_t const* right, uint8_t* result) { auto lhs = barretenberg::fr::serialize_from_buffer(left); auto rhs = barretenberg::fr::serialize_from_buffer(right); - auto r = crypto::pedersen::compress_native({ lhs, rhs }); + auto r = crypto::pedersen_hash::hash_multiple({ lhs, rhs }); barretenberg::fr::serialize_to_buffer(r, result); } -WASM_EXPORT void pedersen__compress(uint8_t const* inputs_buffer, uint8_t* output) +WASM_EXPORT void pedersen__hash_multiple(uint8_t const* inputs_buffer, uint8_t* output) { std::vector to_compress; read(inputs_buffer, to_compress); - auto r = crypto::pedersen::compress_native(to_compress); + auto r = crypto::pedersen_hash::hash_multiple(to_compress); barretenberg::fr::serialize_to_buffer(r, output); } -WASM_EXPORT void pedersen__compress_with_hash_index(uint8_t const* inputs_buffer, uint8_t* output, uint32_t hash_index) +WASM_EXPORT void pedersen__hash_multiple_with_hash_index(uint8_t const* inputs_buffer, + uint8_t* output, + uint32_t hash_index) { std::vector to_compress; read(inputs_buffer, to_compress); - auto r = crypto::pedersen::compress_native(to_compress, hash_index); + auto r = crypto::pedersen_hash::hash_multiple(to_compress, hash_index); barretenberg::fr::serialize_to_buffer(r, output); } -WASM_EXPORT void pedersen__commit(uint8_t const* inputs_buffer, uint8_t* output) -{ - std::vector to_compress; - read(inputs_buffer, to_compress); - grumpkin::g1::affine_element pedersen_hash = crypto::pedersen::commit_native(to_compress); - - write(output, pedersen_hash); -} - -WASM_EXPORT void pedersen__buffer_to_field(uint8_t const* data, size_t length, uint8_t* r) -{ - std::vector to_compress(data, data + length); - auto output = crypto::pedersen::compress_native(to_compress); - write(r, output); -} - /** * Given a buffer containing 32 byte pedersen leaves, return a new buffer containing the leaves and all pairs of * nodes that define a merkle tree. @@ -67,7 +53,7 @@ WASM_EXPORT uint8_t* pedersen__hash_to_tree(uint8_t const* data) fields.reserve(num_outputs); for (size_t i = 0; fields.size() < num_outputs; i += 2) { - fields.push_back(crypto::pedersen::compress_native({ fields[i], fields[i + 1] })); + fields.push_back(crypto::pedersen_hash::hash_multiple({ fields[i], fields[i + 1] })); } auto buf_size = 4 + num_outputs * sizeof(grumpkin::fq); @@ -77,4 +63,4 @@ WASM_EXPORT uint8_t* pedersen__hash_to_tree(uint8_t const* data) return buf; } -} +} \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen_hash/c_bind.hpp b/cpp/src/barretenberg/crypto/pedersen_hash/c_bind.hpp new file mode 100644 index 0000000000..cd2804b26c --- /dev/null +++ b/cpp/src/barretenberg/crypto/pedersen_hash/c_bind.hpp @@ -0,0 +1,28 @@ +#pragma once +#include "barretenberg/common/serialize.hpp" +#include "barretenberg/common/timer.hpp" +#include "barretenberg/common/mem.hpp" +#include "barretenberg/common/streams.hpp" +#define WASM_EXPORT __attribute__((visibility("default"))) + +extern "C" { + +WASM_EXPORT void pedersen_hash__init(); + +WASM_EXPORT void pedersen__hash_pair(uint8_t const* left, uint8_t const* right, uint8_t* result); + +WASM_EXPORT void pedersen__hash_multiple(uint8_t const* inputs_buffer, uint8_t* output); + +WASM_EXPORT void pedersen__hash_multiple_with_hash_index(uint8_t const* inputs_buffer, + uint8_t* output, + uint32_t hash_index); + +/** + * Given a buffer containing 32 byte pedersen leaves, return a new buffer containing the leaves and all pairs of + * nodes that define a merkle tree. + * e.g. + * input: [1][2][3][4] + * output: [1][2][3][4][compress(1,2)][compress(3,4)][compress(5,6)] + */ +WASM_EXPORT uint8_t* pedersen__hash_to_tree(uint8_t const* data); +} \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen_hash/pedersen.cpp b/cpp/src/barretenberg/crypto/pedersen_hash/pedersen.cpp new file mode 100644 index 0000000000..06ffc6cce9 --- /dev/null +++ b/cpp/src/barretenberg/crypto/pedersen_hash/pedersen.cpp @@ -0,0 +1,71 @@ +#include "./pedersen.hpp" +#include "barretenberg/common/throw_or_abort.hpp" +#include +#ifndef NO_MULTITHREADING +#include +#endif + +namespace crypto { +namespace pedersen_hash { + +grumpkin::g1::element hash_single(const barretenberg::fr& in, generator_index_t const& index) +{ + auto gen_data = get_generator_data(index); + barretenberg::fr scalar_multiplier = in.from_montgomery_form(); + + constexpr size_t num_bits = 254; + constexpr size_t num_quads_base = (num_bits - 1) >> 1; + constexpr size_t num_quads = ((num_quads_base << 1) + 1 < num_bits) ? num_quads_base + 1 : num_quads_base; + constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; + + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); + + uint64_t wnaf_entries[num_quads + 2] = { 0 }; + bool skew = false; + barretenberg::wnaf::fixed_wnaf(&scalar_multiplier.data[0], &wnaf_entries[0], skew, 0); + + grumpkin::g1::element accumulator; + accumulator = grumpkin::g1::element(ladder[0].one); + if (skew) { + accumulator -= gen_data.skew_generator; + } + + for (size_t i = 0; i < num_quads; ++i) { + uint64_t entry = wnaf_entries[i + 1]; + const grumpkin::g1::affine_element& point_to_add = + ((entry & WNAF_MASK) == 1) ? ladder[i + 1].three : ladder[i + 1].one; + uint64_t predicate = (entry >> 31U) & 1U; + accumulator.self_mixed_add_or_sub(point_to_add, predicate); + } + return accumulator; +} + +/** + * Given a vector of fields, generate a pedersen hash using the indexed generators. + */ +grumpkin::fq hash_multiple(const std::vector& inputs, const size_t hash_index) +{ + ASSERT((inputs.size() < (1 << 16)) && "too many inputs for 16 bit index"); + std::vector out(inputs.size()); + +#ifndef NO_MULTITHREADING + // Ensure generator data is initialized before threading... + init_generator_data(); +#pragma omp parallel for num_threads(inputs.size()) +#endif + for (size_t i = 0; i < inputs.size(); ++i) { + generator_index_t index = { hash_index, i }; + out[i] = hash_single(inputs[i], index); + } + + grumpkin::g1::element r = out[0]; + for (size_t i = 1; i < inputs.size(); ++i) { + r = out[i] + r; + } + grumpkin::g1::affine_element result = + r.is_point_at_infinity() ? grumpkin::g1::affine_element(0, 0) : grumpkin::g1::affine_element(r); + return result.x; +} + +} // namespace pedersen_hash +} // namespace crypto \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen_hash/pedersen.hpp b/cpp/src/barretenberg/crypto/pedersen_hash/pedersen.hpp new file mode 100644 index 0000000000..b6cad2ad2b --- /dev/null +++ b/cpp/src/barretenberg/crypto/pedersen_hash/pedersen.hpp @@ -0,0 +1,17 @@ +#pragma once +#include +#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" +#include "../generators/generator_data.hpp" +#include "../generators/fixed_base_scalar_mul.hpp" + +using namespace crypto::generators; + +namespace crypto { +namespace pedersen_hash { + +grumpkin::g1::element hash_single(const barretenberg::fr& in, generator_index_t const& index); + +grumpkin::fq hash_multiple(const std::vector& inputs, const size_t hash_index = 0); + +} // namespace pedersen_hash +} // namespace crypto diff --git a/cpp/src/barretenberg/crypto/pedersen/pedersen_lookup.cpp b/cpp/src/barretenberg/crypto/pedersen_hash/pedersen_lookup.cpp similarity index 70% rename from cpp/src/barretenberg/crypto/pedersen/pedersen_lookup.cpp rename to cpp/src/barretenberg/crypto/pedersen_hash/pedersen_lookup.cpp index b43bb3594b..f455c684be 100644 --- a/cpp/src/barretenberg/crypto/pedersen/pedersen_lookup.cpp +++ b/cpp/src/barretenberg/crypto/pedersen_hash/pedersen_lookup.cpp @@ -1,16 +1,15 @@ #include "./pedersen_lookup.hpp" -#include "./convert_buffer_to_field.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" namespace crypto { -namespace pedersen { +namespace pedersen_hash { namespace lookup { -namespace { -static std::array, NUM_PEDERSEN_TABLES> pedersen_tables; -static std::vector pedersen_iv_table; -static std::array generators; +std::array, NUM_PEDERSEN_TABLES> pedersen_tables; +std::vector pedersen_iv_table; +std::array generators; + static bool inited = false; void init_single_lookup_table(const size_t index) @@ -83,7 +82,6 @@ void init() init_iv_lookup_table(); inited = true; } -} // namespace grumpkin::g1::affine_element get_table_generator(const size_t table_index) { @@ -149,63 +147,26 @@ grumpkin::fq hash_pair(const grumpkin::fq& left, const grumpkin::fq& right) return result.x; } -grumpkin::g1::element merkle_damgard_compress(const std::vector& inputs, const size_t iv) +grumpkin::fq hash_multiple(const std::vector& inputs, const size_t hash_index) { if (inputs.size() == 0) { auto result = grumpkin::g1::affine_one; result.self_set_infinity(); - return result; + return result.x; } init(); const size_t num_inputs = inputs.size(); - grumpkin::fq result = (pedersen_iv_table[iv]).x; + grumpkin::fq result = (pedersen_iv_table[hash_index]).x; for (size_t i = 0; i < num_inputs; i++) { result = hash_pair(result, inputs[i]); } - return (hash_single(result, false) + hash_single(grumpkin::fq(num_inputs), true)); -} - -grumpkin::g1::affine_element commit_native(const std::vector& inputs, const size_t hash_index) -{ - return grumpkin::g1::affine_element(merkle_damgard_compress(inputs, hash_index)); -} - -grumpkin::fq compress_native(const std::vector& inputs, const size_t hash_index) -{ - return commit_native(inputs, hash_index).x; -} - -grumpkin::fq compress_native_buffer_to_field(const std::vector& input) -{ - const auto elements = convert_buffer_to_field(input); - grumpkin::fq result_fq = compress_native(elements); - return result_fq; + auto final_result = + grumpkin::g1::affine_element(hash_single(result, false) + hash_single(grumpkin::fq(num_inputs), true)); + return final_result.x; } -std::vector compress_native(const std::vector& input) -{ - const auto result_fq = compress_native_buffer_to_field(input); - uint256_t result_u256(result_fq); - const size_t num_bytes = input.size(); - - bool is_zero = true; - for (const auto byte : input) { - is_zero = is_zero && (byte == static_cast(0)); - } - if (is_zero) { - result_u256 = num_bytes; - } - std::vector result_buffer; - result_buffer.reserve(32); - for (size_t i = 0; i < 32; ++i) { - const uint64_t shift = (31 - i) * 8; - uint256_t shifted = result_u256 >> uint256_t(shift); - result_buffer.push_back(static_cast(shifted.data[0])); - } - return result_buffer; -} } // namespace lookup -} // namespace pedersen -} // namespace crypto +} // namespace pedersen_hash +} // namespace crypto \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/pedersen/pedersen_lookup.hpp b/cpp/src/barretenberg/crypto/pedersen_hash/pedersen_lookup.hpp similarity index 64% rename from cpp/src/barretenberg/crypto/pedersen/pedersen_lookup.hpp rename to cpp/src/barretenberg/crypto/pedersen_hash/pedersen_lookup.hpp index adec023426..9a019a8547 100644 --- a/cpp/src/barretenberg/crypto/pedersen/pedersen_lookup.hpp +++ b/cpp/src/barretenberg/crypto/pedersen_hash/pedersen_lookup.hpp @@ -3,7 +3,7 @@ #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" namespace crypto { -namespace pedersen { +namespace pedersen_hash { namespace lookup { constexpr size_t BITS_PER_HASH = 512; @@ -19,31 +19,26 @@ constexpr size_t NUM_PEDERSEN_TABLES = NUM_PEDERSEN_TABLES_RAW + (NUM_PEDERSEN_T constexpr size_t PEDERSEN_IV_TABLE_SIZE = (1UL) << 10; constexpr size_t NUM_PEDERSEN_IV_TABLES = 4; -grumpkin::g1::affine_element get_table_generator(const size_t table_index); +extern std::array, NUM_PEDERSEN_TABLES> pedersen_tables; +extern std::vector pedersen_iv_table; +extern std::array generators; -const std::array& get_endomorphism_scalars(); +void init_single_lookup_table(const size_t index); +void init_small_lookup_table(const size_t index); +void init_iv_lookup_table(); +void init(); +grumpkin::g1::affine_element get_table_generator(const size_t table_index); +const std::array& get_endomorphism_scalars(); const std::vector& get_table(const size_t table_index); const std::vector& get_iv_table(); grumpkin::g1::element hash_single(const grumpkin::fq& input, const bool parity); grumpkin::fq hash_pair(const grumpkin::fq& left, const grumpkin::fq& right); -grumpkin::g1::element merkle_damgard_compress(const std::vector& inputs, const size_t iv); - -grumpkin::fq compress_native(const std::vector& inputs, const size_t hash_index = 0); -std::vector compress_native(const std::vector& input); - -grumpkin::fq compress_native_buffer_to_field(const std::vector& input); - -template grumpkin::fq compress_native(const std::array& inputs) -{ - std::vector in(inputs.begin(), inputs.end()); - return compress_native(in); -} -grumpkin::g1::affine_element commit_native(const std::vector& inputs, const size_t hash_index = 0); +grumpkin::fq hash_multiple(const std::vector& inputs, const size_t hash_index = 0); } // namespace lookup -} // namespace pedersen -} // namespace crypto +} // namespace pedersen_hash +} // namespace crypto \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/schnorr/CMakeLists.txt b/cpp/src/barretenberg/crypto/schnorr/CMakeLists.txt index 2719d4b6b9..e0a1c61740 100644 --- a/cpp/src/barretenberg/crypto/schnorr/CMakeLists.txt +++ b/cpp/src/barretenberg/crypto/schnorr/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(crypto_schnorr crypto_pedersen crypto_blake2s crypto_keccak crypto_sha256 numeric) \ No newline at end of file +barretenberg_module(crypto_schnorr crypto_pedersen_commitment crypto_blake2s crypto_keccak crypto_sha256 numeric) \ No newline at end of file diff --git a/cpp/src/barretenberg/crypto/schnorr/schnorr.tcc b/cpp/src/barretenberg/crypto/schnorr/schnorr.tcc index a9b04e8c51..6984479398 100644 --- a/cpp/src/barretenberg/crypto/schnorr/schnorr.tcc +++ b/cpp/src/barretenberg/crypto/schnorr/schnorr.tcc @@ -1,7 +1,7 @@ #pragma once #include "barretenberg/crypto/hmac/hmac.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "schnorr.hpp" @@ -42,8 +42,8 @@ static auto generate_schnorr_challenge(const std::string& message, const typename G1::affine_element& R) { using Fq = typename G1::coordinate_field; - // create challenge message pedersen_hash(R.x, pubkey) - Fq compressed_keys = crypto::pedersen::compress_native({ R.x, pubkey.x, pubkey.y }); + // create challenge message pedersen_commitment(R.x, pubkey) + Fq compressed_keys = crypto::pedersen_commitment::compress_native({ R.x, pubkey.x, pubkey.y }); std::vector e_buffer; write(e_buffer, compressed_keys); std::copy(message.begin(), message.end(), std::back_inserter(e_buffer)); diff --git a/cpp/src/barretenberg/honk/circuit_constructors/standard_circuit_constructor.test.cpp b/cpp/src/barretenberg/honk/circuit_constructors/standard_circuit_constructor.test.cpp index 3822ad63fe..fddea40502 100644 --- a/cpp/src/barretenberg/honk/circuit_constructors/standard_circuit_constructor.test.cpp +++ b/cpp/src/barretenberg/honk/circuit_constructors/standard_circuit_constructor.test.cpp @@ -1,7 +1,7 @@ #include "standard_circuit_constructor.hpp" #include -#include "barretenberg/crypto/pedersen/pedersen.hpp" -#include "barretenberg/crypto/pedersen/generator_data.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" +#include "barretenberg/crypto/generators/generator_data.hpp" using namespace barretenberg; using namespace bonk; diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index 7b69ef834c..482fd3672d 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -16,6 +16,9 @@ namespace honk { class StandardHonkComposer { public: static constexpr plonk::ComposerType type = plonk::ComposerType::STANDARD_HONK; + static constexpr plonk::merkle::HashType merkle_hash_type = plonk::merkle::HashType::LOOKUP_PEDERSEN; + static constexpr plonk::pedersen::CommitmentType commitment_type = + plonk::pedersen::CommitmentType::FIXED_BASE_PEDERSEN; static constexpr size_t UINT_LOG2_BASE = 2; // An instantiation of the circuit constructor that only depends on arithmetization, not on the proof system diff --git a/cpp/src/barretenberg/join_split_example/proofs/join_split/CMakeLists.txt b/cpp/src/barretenberg/join_split_example/proofs/join_split/CMakeLists.txt index 560148e432..2a44f93e25 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/join_split/CMakeLists.txt +++ b/cpp/src/barretenberg/join_split_example/proofs/join_split/CMakeLists.txt @@ -5,7 +5,7 @@ barretenberg_module( crypto_schnorr stdlib_blake2s stdlib_sha256 - stdlib_pedersen + stdlib_pedersen_commitment stdlib_schnorr stdlib_primitives stdlib_merkle_tree) \ No newline at end of file diff --git a/cpp/src/barretenberg/join_split_example/proofs/join_split/compute_signing_data.cpp b/cpp/src/barretenberg/join_split_example/proofs/join_split/compute_signing_data.cpp index 0a40dd74c8..8dd99f57ec 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/join_split/compute_signing_data.cpp +++ b/cpp/src/barretenberg/join_split_example/proofs/join_split/compute_signing_data.cpp @@ -1,12 +1,12 @@ #include "compute_signing_data.hpp" #include "../notes/native/index.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" namespace join_split_example { namespace proofs { namespace join_split { -using namespace crypto::pedersen; +using namespace crypto::pedersen_commitment; using namespace notes::native; barretenberg::fr compute_signing_data(join_split_tx const& tx) diff --git a/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.test.cpp b/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.test.cpp index c023322bbe..80e99bb4fa 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.test.cpp +++ b/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.test.cpp @@ -801,9 +801,9 @@ TEST_F(join_split_tests, test_0_input_notes_and_detect_circuit_change) EXPECT_TRUE(result.valid); // The below part detects any changes in the join-split circuit - constexpr uint32_t CIRCUIT_GATE_COUNT = 64000; + constexpr uint32_t CIRCUIT_GATE_COUNT = 59175; constexpr uint32_t GATES_NEXT_POWER_OF_TWO = 65536; - const uint256_t VK_HASH("bb2062d006d31d3234766277711eb28577d5f6082d0f484b87e8235628f8e864"); + const uint256_t VK_HASH("edcee79f9736d8a9dcc7a5c822a49bc930315bdad7f7b67accc60ab196eb63d9"); auto number_of_gates_js = result.number_of_gates; auto vk_hash_js = get_verification_key()->sha256_hash(); diff --git a/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split_tx.cpp b/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split_tx.cpp index 6bf3c1bfe1..46d1e37586 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split_tx.cpp +++ b/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split_tx.cpp @@ -1,5 +1,5 @@ #include "join_split_tx.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" namespace join_split_example { namespace proofs { diff --git a/cpp/src/barretenberg/join_split_example/proofs/join_split/verify_signature.hpp b/cpp/src/barretenberg/join_split_example/proofs/join_split/verify_signature.hpp index 87347fe765..96f538f4f2 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/join_split/verify_signature.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/join_split/verify_signature.hpp @@ -1,5 +1,5 @@ #include "barretenberg/stdlib/encryption/schnorr/schnorr.hpp" -#include "barretenberg/stdlib/hash/pedersen/pedersen.hpp" +#include "barretenberg/stdlib/commitment/pedersen/pedersen.hpp" namespace join_split_example { namespace proofs { @@ -23,7 +23,7 @@ inline void verify_signature(field_ct const& public_value, public_value, public_owner, public_asset_id, output_note1_commitment, output_note2_commitment, nullifier1, nullifier2, backward_link, allow_chain, }; - byte_array_ct message = pedersen::compress(to_compress); + byte_array_ct message = pedersen_commitment::compress(to_compress); verify_signature(message, owner_pub_key, signature); } diff --git a/cpp/src/barretenberg/join_split_example/proofs/mock/CMakeLists.txt b/cpp/src/barretenberg/join_split_example/proofs/mock/CMakeLists.txt index 7695dfdc80..2edf8f230d 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/mock/CMakeLists.txt +++ b/cpp/src/barretenberg/join_split_example/proofs/mock/CMakeLists.txt @@ -2,5 +2,5 @@ barretenberg_module( rollup_proofs_mock stdlib_blake2s stdlib_sha256 - stdlib_pedersen + stdlib_pedersen_commitment stdlib_primitives) \ No newline at end of file diff --git a/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.hpp b/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.hpp index 6f61e4e936..b8bd47c6cf 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.hpp @@ -1,7 +1,7 @@ #pragma once #include "barretenberg/common/map.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" -#include "barretenberg/stdlib/hash/pedersen/pedersen.hpp" +#include "barretenberg/stdlib/commitment/pedersen/pedersen.hpp" namespace join_split_example { namespace proofs { @@ -15,7 +15,8 @@ template void mock_circuit(Composer& composer, std::vector::compress(field_t(witness_t(&composer, 1)), field_t(witness_t(&composer, 1))); + plonk::stdlib::pedersen_commitment::compress(field_t(witness_t(&composer, 1)), + field_t(witness_t(&composer, 1))); } } // namespace mock diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/CMakeLists.txt b/cpp/src/barretenberg/join_split_example/proofs/notes/CMakeLists.txt index 58b7fd37fd..0efb8cfc27 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/CMakeLists.txt +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/CMakeLists.txt @@ -3,7 +3,7 @@ barretenberg_module( crypto_schnorr stdlib_blake2s stdlib_sha256 - stdlib_pedersen + stdlib_pedersen_commitment stdlib_schnorr stdlib_primitives stdlib_merkle_tree) \ No newline at end of file diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/account/commit.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/account/commit.hpp index b1e6f3eadb..df19439727 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/account/commit.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/account/commit.hpp @@ -14,7 +14,7 @@ inline auto commit(field_ct const& account_alias_hash, point_ct const& account_public_key, point_ct const& signing_pub_key) { - return pedersen::compress( + return pedersen_commitment::compress( { account_alias_hash, account_public_key.x, diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/complete_partial_commitment.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/complete_partial_commitment.hpp index d92ded2135..f25866ae0d 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/complete_partial_commitment.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/complete_partial_commitment.hpp @@ -14,8 +14,8 @@ inline auto complete_partial_commitment(field_ct const& partial_commitment, field_ct const& interaction_nonce, suint_ct const& fee) { - return pedersen::compress({ partial_commitment, interaction_nonce, fee.value }, - GeneratorIndex::CLAIM_NOTE_COMMITMENT); + return pedersen_commitment::compress({ partial_commitment, interaction_nonce, fee.value }, + GeneratorIndex::CLAIM_NOTE_COMMITMENT); } } // namespace claim diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/compute_nullifier.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/compute_nullifier.hpp index 27f7284ea5..ec43ad383b 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/compute_nullifier.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/compute_nullifier.hpp @@ -13,7 +13,8 @@ using namespace plonk::stdlib::types; inline field_ct compute_nullifier(field_ct const& note_commitment) { - return pedersen::compress(std::vector{ note_commitment }, GeneratorIndex::CLAIM_NOTE_NULLIFIER); + return pedersen_commitment::compress(std::vector{ note_commitment }, + GeneratorIndex::CLAIM_NOTE_NULLIFIER); // Note: unlike for value note nullifiers, we don't need to then Blake2-hash this result (which would provide a // psuedorandom-looking nullifier) because the contents of a claim note commitment are public anyway. diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/create_partial_commitment.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/create_partial_commitment.hpp index b5c6180b5e..a59eeb3e93 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/create_partial_commitment.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/create_partial_commitment.hpp @@ -16,8 +16,9 @@ inline auto create_partial_commitment(field_ct const& deposit_value, field_ct const& value_note_partial_commitment, field_ct const& input_nullifier) { - return pedersen::compress({ deposit_value, bridge_call_data, value_note_partial_commitment, input_nullifier }, - GeneratorIndex::CLAIM_NOTE_PARTIAL_COMMITMENT); + return pedersen_commitment::compress( + { deposit_value, bridge_call_data, value_note_partial_commitment, input_nullifier }, + GeneratorIndex::CLAIM_NOTE_PARTIAL_COMMITMENT); } } // namespace claim diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/complete_partial_commitment.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/complete_partial_commitment.hpp index cb1c475283..97b46ce5ba 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/complete_partial_commitment.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/complete_partial_commitment.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/stdlib/types/types.hpp" -#include "barretenberg/stdlib/hash/pedersen/pedersen.hpp" +#include "barretenberg/stdlib/commitment/pedersen/pedersen.hpp" #include "../../constants.hpp" namespace join_split_example { @@ -16,8 +16,9 @@ inline auto complete_partial_commitment(field_ct const& value_note_partial_commi suint_ct const& asset_id, field_ct const& input_nullifier) { - return pedersen::compress({ value_note_partial_commitment, value.value, asset_id.value, input_nullifier }, - GeneratorIndex::VALUE_NOTE_COMMITMENT); + return pedersen_commitment::compress( + { value_note_partial_commitment, value.value, asset_id.value, input_nullifier }, + GeneratorIndex::VALUE_NOTE_COMMITMENT); } } // namespace value diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/compute_nullifier.cpp b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/compute_nullifier.cpp index f501e2df2b..c8d12392b3 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/compute_nullifier.cpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/compute_nullifier.cpp @@ -30,7 +30,7 @@ field_ct compute_nullifier(field_ct const& note_commitment, // We compress the hash_inputs with Pedersen, because that's cheaper (constraint-wise) than compressing // the data directly with Blake2s in the next step. - const auto compressed_inputs = pedersen::compress(hash_inputs, GeneratorIndex::JOIN_SPLIT_NULLIFIER); + const auto compressed_inputs = pedersen_commitment::compress(hash_inputs, GeneratorIndex::JOIN_SPLIT_NULLIFIER); // Blake2s hash the compressed result. Without this it's possible to leak info from the pedersen compression. /** E.g. we can extract a representation of the hashed_pk: diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/create_partial_commitment.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/create_partial_commitment.hpp index bedd3d0688..46850725f3 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/create_partial_commitment.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/create_partial_commitment.hpp @@ -16,8 +16,8 @@ inline auto create_partial_commitment(field_ct const& secret, bool_ct const& account_required, field_ct const& creator_pubkey) { - return pedersen::compress({ secret, owner.x, owner.y, account_required, creator_pubkey }, - GeneratorIndex::VALUE_NOTE_PARTIAL_COMMITMENT); + return pedersen_commitment::compress({ secret, owner.x, owner.y, account_required, creator_pubkey }, + GeneratorIndex::VALUE_NOTE_PARTIAL_COMMITMENT); } } // namespace value diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/account_note.cpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/account_note.cpp index 13b951ed20..ab68a0bc72 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/account_note.cpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/account_note.cpp @@ -1,5 +1,5 @@ #include "account_note.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "../../constants.hpp" namespace join_split_example { @@ -12,8 +12,8 @@ grumpkin::fq generate_account_commitment(const barretenberg::fr& alias_hash, const barretenberg::fr& owner_x, const barretenberg::fr& signing_x) { - return crypto::pedersen::compress_native({ alias_hash, owner_x, signing_x }, - GeneratorIndex::ACCOUNT_NOTE_COMMITMENT); + return crypto::pedersen_commitment::compress_native({ alias_hash, owner_x, signing_x }, + GeneratorIndex::ACCOUNT_NOTE_COMMITMENT); } grumpkin::fq account_note::commit() const diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/account_note.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/account_note.hpp index 3a5d3750b2..7f10d40c3a 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/account_note.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/account_note.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "../../constants.hpp" namespace join_split_example { diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/compute_account_alias_hash_nullifier.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/compute_account_alias_hash_nullifier.hpp index 55d98889da..44801e1079 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/compute_account_alias_hash_nullifier.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/compute_account_alias_hash_nullifier.hpp @@ -1,6 +1,6 @@ #pragma once #include "account_note.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "../../constants.hpp" namespace join_split_example { @@ -13,8 +13,8 @@ using namespace barretenberg; inline fr compute_account_alias_hash_nullifier(fr const& alias_hash) { - return crypto::pedersen::compress_native(std::vector{ alias_hash }, - notes::GeneratorIndex::ACCOUNT_ALIAS_HASH_NULLIFIER); + return crypto::pedersen_commitment::compress_native(std::vector{ alias_hash }, + notes::GeneratorIndex::ACCOUNT_ALIAS_HASH_NULLIFIER); } } // namespace account diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/compute_account_public_key_nullifier.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/compute_account_public_key_nullifier.hpp index 68f7c6784b..a88b18ed32 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/compute_account_public_key_nullifier.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/account/compute_account_public_key_nullifier.hpp @@ -1,6 +1,6 @@ #pragma once #include "account_note.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "../../constants.hpp" namespace join_split_example { @@ -13,8 +13,8 @@ using namespace barretenberg; inline fr compute_account_public_key_nullifier(grumpkin::g1::affine_element const& public_key) { - return crypto::pedersen::compress_native(std::vector{ public_key.x }, - notes::GeneratorIndex::ACCOUNT_PUBLIC_KEY_NULLIFIER); + return crypto::pedersen_commitment::compress_native(std::vector{ public_key.x }, + notes::GeneratorIndex::ACCOUNT_PUBLIC_KEY_NULLIFIER); } } // namespace account diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/bridge_call_data.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/bridge_call_data.hpp index 1c60a3ac4e..22d79996ad 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/bridge_call_data.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/bridge_call_data.hpp @@ -1,7 +1,7 @@ #pragma once #include "barretenberg/common/serialize.hpp" #include "../constants.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "barretenberg/common/throw_or_abort.hpp" diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/claim_note.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/claim_note.hpp index 9c05253c6e..a89e12bcfb 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/claim_note.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/claim_note.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/common/serialize.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "create_partial_commitment.hpp" #include "complete_partial_commitment.hpp" diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/claim_note_tx_data.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/claim_note_tx_data.hpp index 72a572982c..83c2f6375c 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/claim_note_tx_data.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/claim_note_tx_data.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/common/serialize.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "../bridge_call_data.hpp" diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/complete_partial_commitment.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/complete_partial_commitment.hpp index aa945e1145..27407bf567 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/complete_partial_commitment.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/complete_partial_commitment.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/common/serialize.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "../../constants.hpp" @@ -14,8 +14,8 @@ inline auto complete_partial_commitment(grumpkin::fq const& claim_note_partial_c uint32_t interaction_nonce, uint256_t fee) { - return crypto::pedersen::compress_native({ claim_note_partial_commitment, interaction_nonce, fee }, - GeneratorIndex::CLAIM_NOTE_COMMITMENT); + return crypto::pedersen_commitment::compress_native({ claim_note_partial_commitment, interaction_nonce, fee }, + GeneratorIndex::CLAIM_NOTE_COMMITMENT); } } // namespace claim diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/compute_nullifier.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/compute_nullifier.hpp index f03fa0a4d7..8503c35d2a 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/compute_nullifier.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/compute_nullifier.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/common/serialize.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "../../constants.hpp" @@ -14,7 +14,7 @@ using namespace barretenberg; inline auto compute_nullifier(grumpkin::fq const& note_commitment) { - return crypto::pedersen::compress_native({ note_commitment }, GeneratorIndex::CLAIM_NOTE_NULLIFIER); + return crypto::pedersen_commitment::compress_native({ note_commitment }, GeneratorIndex::CLAIM_NOTE_NULLIFIER); } } // namespace claim diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/create_partial_commitment.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/create_partial_commitment.hpp index 1743abc1e8..fd5c302007 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/create_partial_commitment.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/claim/create_partial_commitment.hpp @@ -1,6 +1,6 @@ #pragma once #include "claim_note.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "../../constants.hpp" namespace join_split_example { @@ -14,7 +14,7 @@ inline auto create_partial_commitment(uint256_t const& deposit_value, grumpkin::fq const& value_note_partial_commitment, grumpkin::fq const& input_nullifier) { - return crypto::pedersen::compress_native( + return crypto::pedersen_commitment::compress_native( { deposit_value, bridge_call_data, value_note_partial_commitment, input_nullifier }, GeneratorIndex::CLAIM_NOTE_PARTIAL_COMMITMENT); } diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/complete_partial_commitment.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/complete_partial_commitment.hpp index 0744a78619..0d33dc091b 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/complete_partial_commitment.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/complete_partial_commitment.hpp @@ -1,5 +1,5 @@ #pragma once -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "../../constants.hpp" namespace join_split_example { @@ -13,8 +13,8 @@ inline auto complete_partial_commitment(grumpkin::fq const& partial_commitment, uint32_t asset_id, grumpkin::fq input_nullifier) { - return crypto::pedersen::compress_native({ partial_commitment, value, asset_id, input_nullifier }, - GeneratorIndex::VALUE_NOTE_COMMITMENT); + return crypto::pedersen_commitment::compress_native({ partial_commitment, value, asset_id, input_nullifier }, + GeneratorIndex::VALUE_NOTE_COMMITMENT); }; } // namespace value diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/compute_nullifier.cpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/compute_nullifier.cpp index 2a7a89e92f..d16a4bb722 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/compute_nullifier.cpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/compute_nullifier.cpp @@ -1,6 +1,6 @@ #include "compute_nullifier.hpp" #include "../../constants.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/crypto/blake2s/blake2s.hpp" namespace join_split_example { @@ -17,7 +17,7 @@ fr compute_nullifier(grumpkin::fq const& note_commitment, grumpkin::fr const& account_private_key, const bool is_note_in_use) { - auto hashed_pk = crypto::pedersen::fixed_base_scalar_mul<254>( + auto hashed_pk = crypto::generators::fixed_base_scalar_mul<254>( fr(account_private_key), GeneratorIndex::JOIN_SPLIT_NULLIFIER_ACCOUNT_PRIVATE_KEY); std::vector buf{ @@ -26,7 +26,7 @@ fr compute_nullifier(grumpkin::fq const& note_commitment, hashed_pk.y, is_note_in_use, }; - auto compressed_inputs = crypto::pedersen::compress_native(buf, GeneratorIndex::JOIN_SPLIT_NULLIFIER); + auto compressed_inputs = crypto::pedersen_commitment::compress_native(buf, GeneratorIndex::JOIN_SPLIT_NULLIFIER); auto blake_result = blake2::blake2s(to_buffer(compressed_inputs)); return from_buffer(blake_result); diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/create_partial_commitment.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/create_partial_commitment.hpp index 1f26ffde99..5105074c02 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/create_partial_commitment.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/create_partial_commitment.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/common/serialize.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "../../constants.hpp" @@ -15,8 +15,8 @@ inline auto create_partial_commitment(barretenberg::fr const& secret, bool account_required, barretenberg::fr const& creator_pubkey) { - return crypto::pedersen::compress_native({ secret, owner.x, owner.y, account_required, creator_pubkey }, - GeneratorIndex::VALUE_NOTE_PARTIAL_COMMITMENT); + return crypto::pedersen_commitment::compress_native({ secret, owner.x, owner.y, account_required, creator_pubkey }, + GeneratorIndex::VALUE_NOTE_PARTIAL_COMMITMENT); } } // namespace value diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/value_note.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/value_note.hpp index 83e201eec0..421106004d 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/value_note.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/native/value/value_note.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/common/serialize.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "create_partial_commitment.hpp" #include "complete_partial_commitment.hpp" diff --git a/cpp/src/barretenberg/plonk/CMakeLists.txt b/cpp/src/barretenberg/plonk/CMakeLists.txt index 651baa2baa..0893749023 100644 --- a/cpp/src/barretenberg/plonk/CMakeLists.txt +++ b/cpp/src/barretenberg/plonk/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(plonk proof_system transcript crypto_pedersen polynomials crypto_sha256 ecc crypto_blake3s) \ No newline at end of file +barretenberg_module(plonk proof_system transcript crypto_pedersen_commitment polynomials crypto_sha256 ecc crypto_blake3s) \ No newline at end of file diff --git a/cpp/src/barretenberg/plonk/composer/plookup_tables/pedersen.hpp b/cpp/src/barretenberg/plonk/composer/plookup_tables/pedersen.hpp index b9f5372516..91107bb624 100644 --- a/cpp/src/barretenberg/plonk/composer/plookup_tables/pedersen.hpp +++ b/cpp/src/barretenberg/plonk/composer/plookup_tables/pedersen.hpp @@ -2,7 +2,7 @@ #include "./types.hpp" -#include "barretenberg/crypto/pedersen/pedersen_lookup.hpp" +#include "barretenberg/crypto/pedersen_hash/pedersen_lookup.hpp" #include "barretenberg/numeric/bitop/rotate.hpp" #include "barretenberg/numeric/bitop/sparse_form.hpp" #include "barretenberg/numeric/bitop/pow.hpp" @@ -14,14 +14,14 @@ namespace basic { template inline std::array get_basic_pedersen_table_values(const std::array key) { - const auto& basic_table = crypto::pedersen::lookup::get_table(generator_index); + const auto& basic_table = crypto::pedersen_hash::lookup::get_table(generator_index); const size_t index = static_cast(key[0]); return { basic_table[index].x, basic_table[index].y }; } inline std::array get_pedersen_iv_table_values(const std::array key) { - const auto& iv_table = crypto::pedersen::lookup::get_iv_table(); + const auto& iv_table = crypto::pedersen_hash::lookup::get_iv_table(); const size_t index = static_cast(key[0]); return { iv_table[index].x, iv_table[index].y }; } @@ -32,11 +32,11 @@ inline BasicTable generate_basic_pedersen_table(BasicTableId id, const size_t ta BasicTable table; table.id = id; table.table_index = table_index; - table.size = - is_small ? crypto::pedersen::lookup::PEDERSEN_SMALL_TABLE_SIZE : crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE; + table.size = is_small ? crypto::pedersen_hash::lookup::PEDERSEN_SMALL_TABLE_SIZE + : crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE; table.use_twin_keys = false; - const auto& basic_table = crypto::pedersen::lookup::get_table(generator_index); + const auto& basic_table = crypto::pedersen_hash::lookup::get_table(generator_index); for (size_t i = 0; i < table.size; ++i) { table.column_1.emplace_back(i); @@ -58,10 +58,10 @@ inline BasicTable generate_pedersen_iv_table(BasicTableId id) BasicTable table; table.id = id; table.table_index = 0; - table.size = crypto::pedersen::lookup::PEDERSEN_IV_TABLE_SIZE; + table.size = crypto::pedersen_hash::lookup::PEDERSEN_IV_TABLE_SIZE; table.use_twin_keys = false; - const auto& iv_table = crypto::pedersen::lookup::get_iv_table(); + const auto& iv_table = crypto::pedersen_hash::lookup::get_iv_table(); for (size_t i = 0; i < table.size; ++i) { table.column_1.emplace_back(i); @@ -80,9 +80,9 @@ inline BasicTable generate_pedersen_iv_table(BasicTableId id) inline MultiTable get_pedersen_iv_table(const MultiTableId id = PEDERSEN_IV) { - MultiTable table(crypto::pedersen::lookup::PEDERSEN_IV_TABLE_SIZE, 0, 0, 1); + MultiTable table(crypto::pedersen_hash::lookup::PEDERSEN_IV_TABLE_SIZE, 0, 0, 1); table.id = id; - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_IV_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_IV_TABLE_SIZE); table.get_table_values.emplace_back(&get_pedersen_iv_table_values); table.lookup_ids = { PEDERSEN_IV_BASE }; @@ -91,12 +91,12 @@ inline MultiTable get_pedersen_iv_table(const MultiTableId id = PEDERSEN_IV) inline MultiTable get_pedersen_left_lo_table(const MultiTableId id = PEDERSEN_LEFT_LO) { - const size_t num_entries = 126 / crypto::pedersen::lookup::BITS_PER_TABLE; - MultiTable table(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); + const size_t num_entries = 126 / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + MultiTable table(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); table.id = id; for (size_t i = 0; i < num_entries; ++i) { - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } table.get_table_values = { &get_basic_pedersen_table_values<0>, &get_basic_pedersen_table_values<0>, @@ -115,14 +115,14 @@ inline MultiTable get_pedersen_left_lo_table(const MultiTableId id = PEDERSEN_LE inline MultiTable get_pedersen_left_hi_table(const MultiTableId id = PEDERSEN_LEFT_HI) { const size_t num_entries = - (128 + crypto::pedersen::lookup::BITS_PER_TABLE) / crypto::pedersen::lookup::BITS_PER_TABLE; - MultiTable table(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); + (128 + crypto::pedersen_hash::lookup::BITS_PER_TABLE) / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + MultiTable table(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); table.id = id; for (size_t i = 0; i < num_entries - 1; ++i) { - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_SMALL_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_SMALL_TABLE_SIZE); table.get_table_values = { &get_basic_pedersen_table_values<7>, &get_basic_pedersen_table_values<7>, &get_basic_pedersen_table_values<8>, &get_basic_pedersen_table_values<8>, @@ -141,12 +141,12 @@ inline MultiTable get_pedersen_left_hi_table(const MultiTableId id = PEDERSEN_LE inline MultiTable get_pedersen_right_lo_table(const MultiTableId id = PEDERSEN_RIGHT_LO) { - const size_t num_entries = 126 / crypto::pedersen::lookup::BITS_PER_TABLE; - MultiTable table(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); + const size_t num_entries = 126 / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + MultiTable table(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); table.id = id; for (size_t i = 0; i < num_entries; ++i) { - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } table.get_table_values = { &get_basic_pedersen_table_values<15>, &get_basic_pedersen_table_values<15>, @@ -165,14 +165,14 @@ inline MultiTable get_pedersen_right_lo_table(const MultiTableId id = PEDERSEN_R inline MultiTable get_pedersen_right_hi_table(const MultiTableId id = PEDERSEN_RIGHT_HI) { const size_t num_entries = - (128 + crypto::pedersen::lookup::BITS_PER_TABLE) / crypto::pedersen::lookup::BITS_PER_TABLE; - MultiTable table(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); + (128 + crypto::pedersen_hash::lookup::BITS_PER_TABLE) / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + MultiTable table(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE, 0, 0, num_entries); table.id = id; for (size_t i = 0; i < num_entries - 1; ++i) { - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } - table.slice_sizes.emplace_back(crypto::pedersen::lookup::PEDERSEN_SMALL_TABLE_SIZE); + table.slice_sizes.emplace_back(crypto::pedersen_hash::lookup::PEDERSEN_SMALL_TABLE_SIZE); table.get_table_values = { &get_basic_pedersen_table_values<22>, &get_basic_pedersen_table_values<22>, &get_basic_pedersen_table_values<23>, &get_basic_pedersen_table_values<23>, diff --git a/cpp/src/barretenberg/plonk/composer/standard_composer.hpp b/cpp/src/barretenberg/plonk/composer/standard_composer.hpp index 20f490e22c..0732571136 100644 --- a/cpp/src/barretenberg/plonk/composer/standard_composer.hpp +++ b/cpp/src/barretenberg/plonk/composer/standard_composer.hpp @@ -18,7 +18,8 @@ inline std::vector standard_selector_propertie class StandardComposer : public ComposerBase { public: static constexpr ComposerType type = ComposerType::STANDARD; - static constexpr MerkleHashType merkle_hash_type = MerkleHashType::FIXED_BASE_PEDERSEN; + static constexpr merkle::HashType merkle_hash_type = merkle::HashType::FIXED_BASE_PEDERSEN; + static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; static constexpr size_t UINT_LOG2_BASE = 2; StandardComposer(const size_t size_hint = 0) diff --git a/cpp/src/barretenberg/plonk/composer/standard_composer.test.cpp b/cpp/src/barretenberg/plonk/composer/standard_composer.test.cpp index 632b40da09..193a1f2206 100644 --- a/cpp/src/barretenberg/plonk/composer/standard_composer.test.cpp +++ b/cpp/src/barretenberg/plonk/composer/standard_composer.test.cpp @@ -1,7 +1,7 @@ #include "standard_composer.hpp" #include -#include "barretenberg/crypto/pedersen/pedersen.hpp" -#include "barretenberg/crypto/pedersen/generator_data.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" +#include "barretenberg/crypto/generators/generator_data.hpp" #include "barretenberg/proof_system/proving_key/serialize.hpp" using namespace barretenberg; @@ -540,4 +540,4 @@ TEST(standard_composer, test_check_circuit_broken) bool result = composer.check_circuit(); EXPECT_EQ(result, false); } -} // namespace plonk \ No newline at end of file +} // namespace plonk diff --git a/cpp/src/barretenberg/plonk/composer/turbo_composer.hpp b/cpp/src/barretenberg/plonk/composer/turbo_composer.hpp index b089a85429..2c7af6aaa5 100644 --- a/cpp/src/barretenberg/plonk/composer/turbo_composer.hpp +++ b/cpp/src/barretenberg/plonk/composer/turbo_composer.hpp @@ -7,7 +7,8 @@ namespace plonk { class TurboComposer : public ComposerBase { public: static constexpr ComposerType type = ComposerType::TURBO; - static constexpr MerkleHashType merkle_hash_type = MerkleHashType::FIXED_BASE_PEDERSEN; + static constexpr merkle::HashType merkle_hash_type = merkle::HashType::FIXED_BASE_PEDERSEN; + static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; static constexpr size_t UINT_LOG2_BASE = 2; enum TurboSelectors { QM, QC, Q1, Q2, Q3, Q4, Q5, QARITH, QFIXED, QRANGE, QLOGIC, NUM }; diff --git a/cpp/src/barretenberg/plonk/composer/turbo_composer.test.cpp b/cpp/src/barretenberg/plonk/composer/turbo_composer.test.cpp index 2cbefaa1ae..6b15595826 100644 --- a/cpp/src/barretenberg/plonk/composer/turbo_composer.test.cpp +++ b/cpp/src/barretenberg/plonk/composer/turbo_composer.test.cpp @@ -1,11 +1,11 @@ #include "turbo_composer.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include #include "barretenberg/proof_system/proving_key/serialize.hpp" using namespace barretenberg; using namespace bonk; -using namespace crypto::pedersen; +using namespace crypto::pedersen_commitment; namespace { auto& engine = numeric::random::get_debug_engine(); @@ -212,8 +212,8 @@ TEST(turbo_composer, small_scalar_multipliers) constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; constexpr size_t initial_exponent = ((num_bits & 1) == 1) ? num_bits - 1 : num_bits; constexpr uint64_t bit_mask = (1ULL << num_bits) - 1UL; - auto gen_data = crypto::pedersen::get_generator_data(DEFAULT_GEN_1); - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); + auto gen_data = crypto::generators::get_generator_data(DEFAULT_GEN_1); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); grumpkin::g1::affine_element generator = gen_data.generator; grumpkin::g1::element origin_points[2]; @@ -252,7 +252,7 @@ TEST(turbo_composer, small_scalar_multipliers) fr one = fr::one(); fr three = ((one + one) + one); for (size_t i = 0; i < num_quads; ++i) { - uint64_t entry = wnaf_entries[i + 1] & crypto::pedersen::WNAF_MASK; + uint64_t entry = wnaf_entries[i + 1] & crypto::generators::WNAF_MASK; fr prev_accumulator = accumulator_transcript[i] + accumulator_transcript[i]; prev_accumulator = prev_accumulator + prev_accumulator; @@ -341,8 +341,8 @@ TEST(turbo_composer, large_scalar_multipliers) constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; constexpr size_t initial_exponent = num_bits; // ((num_bits & 1) == 1) ? num_bits - 1 : num_bits; - auto gen_data = crypto::pedersen::get_generator_data(DEFAULT_GEN_1); - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); + auto gen_data = crypto::generators::get_generator_data(DEFAULT_GEN_1); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); grumpkin::g1::affine_element generator = gen_data.generator; grumpkin::g1::element origin_points[2]; @@ -382,7 +382,7 @@ TEST(turbo_composer, large_scalar_multipliers) fr one = fr::one(); fr three = ((one + one) + one); for (size_t i = 0; i < num_quads; ++i) { - uint64_t entry = wnaf_entries[i + 1] & crypto::pedersen::WNAF_MASK; + uint64_t entry = wnaf_entries[i + 1] & crypto::generators::WNAF_MASK; fr prev_accumulator = accumulator_transcript[i] + accumulator_transcript[i]; prev_accumulator = prev_accumulator + prev_accumulator; @@ -978,8 +978,8 @@ TEST(turbo_composer, test_check_circuit_fixed_group) constexpr size_t num_wnaf_bits = (num_quads << 1) + 1; constexpr size_t initial_exponent = num_bits; // ((num_bits & 1) == 1) ? num_bits - 1 : num_bits; - auto gen_data = crypto::pedersen::get_generator_data(DEFAULT_GEN_1); - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); + auto gen_data = crypto::generators::get_generator_data(DEFAULT_GEN_1); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits); grumpkin::g1::affine_element generator = gen_data.generator; grumpkin::g1::element origin_points[2]; diff --git a/cpp/src/barretenberg/plonk/composer/ultra_composer.hpp b/cpp/src/barretenberg/plonk/composer/ultra_composer.hpp index 599e9e921b..f19d001fae 100644 --- a/cpp/src/barretenberg/plonk/composer/ultra_composer.hpp +++ b/cpp/src/barretenberg/plonk/composer/ultra_composer.hpp @@ -11,7 +11,8 @@ class UltraComposer : public ComposerBase { public: static constexpr ComposerType type = ComposerType::PLOOKUP; - static constexpr MerkleHashType merkle_hash_type = MerkleHashType::LOOKUP_PEDERSEN; + static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; + static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; static constexpr size_t NUM_RESERVED_GATES = 4; // This must be >= num_roots_cut_out_of_vanishing_polynomial // See the comment in plonk/proof_system/prover/prover.cpp // ProverBase::compute_quotient_commitments() for why 4 exactly. diff --git a/cpp/src/barretenberg/plonk/composer/ultra_composer.test.cpp b/cpp/src/barretenberg/plonk/composer/ultra_composer.test.cpp index 51e0838b5f..ff4d807bb6 100644 --- a/cpp/src/barretenberg/plonk/composer/ultra_composer.test.cpp +++ b/cpp/src/barretenberg/plonk/composer/ultra_composer.test.cpp @@ -1,6 +1,6 @@ #include "barretenberg/stdlib/primitives/plookup/plookup.hpp" #include "ultra_composer.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include #include "barretenberg/numeric/bitop/get_msb.hpp" #include "barretenberg/numeric/uintx/uintx.hpp" @@ -49,8 +49,8 @@ TEST(ultra_composer, create_gates_from_plookup_accumulators) std::vector expected_y; const size_t num_lookups_hi = - (128 + crypto::pedersen::lookup::BITS_PER_TABLE) / crypto::pedersen::lookup::BITS_PER_TABLE; - const size_t num_lookups_lo = 126 / crypto::pedersen::lookup::BITS_PER_TABLE; + (128 + crypto::pedersen_hash::lookup::BITS_PER_TABLE) / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + const size_t num_lookups_lo = 126 / crypto::pedersen_hash::lookup::BITS_PER_TABLE; const size_t num_lookups = num_lookups_hi + num_lookups_lo; EXPECT_EQ(num_lookups_hi, lookup_witnesses_hi[ColumnIdx::C1].size()); @@ -65,10 +65,10 @@ TEST(ultra_composer, create_gates_from_plookup_accumulators) const size_t num_rounds = (num_lookups + 1) / 2; uint256_t bits(input_value); - const auto mask = crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE - 1; + const auto mask = crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE - 1; for (size_t i = 0; i < num_rounds; ++i) { - const auto& table = crypto::pedersen::lookup::get_table(i); + const auto& table = crypto::pedersen_hash::lookup::get_table(i); const size_t index = i * 2; uint64_t slice_a = ((bits >> (index * 9)) & mask).data[0]; @@ -86,7 +86,7 @@ TEST(ultra_composer, create_gates_from_plookup_accumulators) } for (size_t i = num_lookups - 2; i < num_lookups; --i) { - expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } size_t hi_shift = 126; @@ -97,7 +97,7 @@ TEST(ultra_composer, create_gates_from_plookup_accumulators) expected_scalars[i]); EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[ColumnIdx::C2][i]), expected_x[i]); EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[ColumnIdx::C3][i]), expected_y[i]); - hi_shift -= crypto::pedersen::lookup::BITS_PER_TABLE; + hi_shift -= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } for (size_t i = 0; i < num_lookups_hi; ++i) { @@ -149,9 +149,9 @@ TEST(ultra_composer, test_elliptic_gate) typedef grumpkin::g1::element element; UltraComposer composer = UltraComposer(); - affine_element p1 = crypto::pedersen::get_generator_data({ 0, 0 }).generator; + affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; - affine_element p2 = crypto::pedersen::get_generator_data({ 0, 1 }).generator; + affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; affine_element p3(element(p1) + element(p2)); uint32_t x1 = composer.add_variable(p1.x); diff --git a/cpp/src/barretenberg/plonk/proof_system/constants.hpp b/cpp/src/barretenberg/plonk/proof_system/constants.hpp index 9d6229b039..ad87afc3b8 100644 --- a/cpp/src/barretenberg/plonk/proof_system/constants.hpp +++ b/cpp/src/barretenberg/plonk/proof_system/constants.hpp @@ -13,12 +13,21 @@ enum ComposerType { // This variable sets the composer (TURBO or ULTRA) of the entire stdlib and rollup modules. // To switch to using a new composer, only changing this variable should activate the new composer // throughout the stdlib and circuits. -static constexpr uint32_t SYSTEM_COMPOSER = ComposerType::TURBO; +static constexpr uint32_t SYSTEM_COMPOSER = ComposerType::PLOOKUP; -enum MerkleHashType { +namespace merkle { +enum HashType { FIXED_BASE_PEDERSEN, LOOKUP_PEDERSEN, }; +} + +namespace pedersen { +enum CommitmentType { + FIXED_BASE_PEDERSEN, + LOOKUP_PEDERSEN, +}; +} // limb size when simulating a non-native field using bigfield class // (needs to be a universal constant to be used by native verifier) diff --git a/cpp/src/barretenberg/stdlib/CMakeLists.txt b/cpp/src/barretenberg/stdlib/CMakeLists.txt index 22c25b1480..c3fa01c851 100644 --- a/cpp/src/barretenberg/stdlib/CMakeLists.txt +++ b/cpp/src/barretenberg/stdlib/CMakeLists.txt @@ -1,4 +1,5 @@ add_subdirectory(hash) +add_subdirectory(commitment) add_subdirectory(encryption) add_subdirectory(primitives) add_subdirectory(recursion) diff --git a/cpp/src/barretenberg/stdlib/commitment/CMakeLists.txt b/cpp/src/barretenberg/stdlib/commitment/CMakeLists.txt new file mode 100644 index 0000000000..e95d22b87b --- /dev/null +++ b/cpp/src/barretenberg/stdlib/commitment/CMakeLists.txt @@ -0,0 +1 @@ +add_subdirectory(pedersen) \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/commitment/pedersen/CMakeLists.txt b/cpp/src/barretenberg/stdlib/commitment/pedersen/CMakeLists.txt new file mode 100644 index 0000000000..2ba8c14140 --- /dev/null +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/CMakeLists.txt @@ -0,0 +1 @@ +barretenberg_module(stdlib_pedersen_commitment stdlib_primitives stdlib_pedersen_hash crypto_pedersen_commitment crypto_generators) diff --git a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.bench.cpp b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.bench.cpp similarity index 92% rename from cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.bench.cpp rename to cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.bench.cpp index 1f330830d0..c0b784cd2c 100644 --- a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.bench.cpp +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.bench.cpp @@ -1,6 +1,6 @@ #include "pedersen.hpp" #include -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/ecc/curves/bn254/fr.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "barretenberg/plonk/composer/turbo_composer.hpp" @@ -43,7 +43,7 @@ void generate_test_pedersen_circuit(plonk::TurboComposer& turbo_composer, size_t plonk::stdlib::witness_t(&turbo_composer, barretenberg::fr::random_element())); for (size_t i = 0; i < num_repetitions; ++i) { - out = plonk::stdlib::pedersen::compress(left, out); + out = plonk::stdlib::pedersen_commitment::compress(left, out); } } @@ -56,18 +56,18 @@ grumpkin::fq pedersen_function(const size_t count) grumpkin::fq left = grumpkin::fq::random_element(); grumpkin::fq out = grumpkin::fq::random_element(); for (size_t i = 0; i < count; ++i) { - out = crypto::pedersen::compress_native({ left, out }); + out = crypto::pedersen_commitment::compress_native({ left, out }); } return out; } -void native_pedersen_hash_bench(State& state) noexcept +void native_pedersen_commitment_bench(State& state) noexcept { for (auto _ : state) { const size_t count = (static_cast(state.range(0))); (pedersen_function(count)); } } -BENCHMARK(native_pedersen_hash_bench) +BENCHMARK(native_pedersen_commitment_bench) ->Arg(num_hashes[0]) ->Arg(num_hashes[1]) ->Arg(num_hashes[2]) @@ -86,7 +86,7 @@ void native_pedersen_eight_hash_bench(State& state) noexcept elements[i] = grumpkin::fq::random_element(); } for (auto _ : state) { - crypto::pedersen::compress_native(elements); + crypto::pedersen_commitment::compress_native(elements); } } BENCHMARK(native_pedersen_eight_hash_bench)->MinTime(3); @@ -97,7 +97,7 @@ void construct_pedersen_witnesses_bench(State& state) noexcept plonk::TurboComposer composer = plonk::TurboComposer(BARRETENBERG_SRS_PATH, static_cast(state.range(0))); generate_test_pedersen_circuit(composer, static_cast(state.range(0))); - std::cout << "composer gates = " << composer.num_gates << std::endl; + std::cout << "composer gates = " << composer.get_num_gates() << std::endl; composer.compute_witness(); } } diff --git a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.cpp b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.cpp new file mode 100644 index 0000000000..5d6ccbf036 --- /dev/null +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.cpp @@ -0,0 +1,140 @@ +#include "pedersen.hpp" +#include "pedersen_plookup.hpp" +#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" +#include "../../hash/pedersen/pedersen.hpp" + +#include "../../primitives/composers/composers.hpp" +#include "../../primitives/packed_byte_array/packed_byte_array.hpp" + +namespace plonk { +namespace stdlib { + +using namespace barretenberg; +using namespace crypto::pedersen_commitment; + +template +point pedersen_commitment::commit(const std::vector& inputs, const size_t hash_index) +{ + if constexpr (C::type == ComposerType::PLOOKUP && C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { + return pedersen_plookup_commitment::commit(inputs, hash_index); + } + + std::vector to_accumulate; + for (size_t i = 0; i < inputs.size(); ++i) { + generator_index_t index = { hash_index, i }; + to_accumulate.push_back(pedersen_hash::commit_single(inputs[i], index)); + } + return pedersen_hash::accumulate(to_accumulate); +} + +template +point pedersen_commitment::commit(const std::vector& inputs, + const std::vector& hash_generator_indices) +{ + if (inputs.size() != hash_generator_indices.size()) { + throw_or_abort("Vector size mismatch."); + } + + if constexpr (C::type == ComposerType::PLOOKUP && C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { + return pedersen_plookup_commitment::commit(inputs, hash_generator_indices); + } + + std::vector to_accumulate; + for (size_t i = 0; i < inputs.size(); ++i) { + to_accumulate.push_back(pedersen_hash::commit_single(inputs[i], hash_generator_indices[i])); + } + + return pedersen_hash::accumulate(to_accumulate); +} + +template +point pedersen_commitment::commit(const std::vector>& input_pairs) +{ + if constexpr (C::type == ComposerType::PLOOKUP && C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { + return pedersen_plookup_commitment::commit(input_pairs); + } + + std::vector to_accumulate; + std::vector inputs; + for (size_t i = 0; i < input_pairs.size(); ++i) { + to_accumulate.push_back(pedersen_hash::commit_single(input_pairs[i].first, input_pairs[i].second)); + inputs.push_back(input_pairs[i].first); + } + + return pedersen_hash::accumulate(to_accumulate); +} + +/** + * Compress the pair (in_left, in_right) with a given hash index. + * Called unsafe because this allows the option of not validating the input elements are unique, i.e. +field_t pedersen_commitment::compress_unsafe(const field_t& in_left, + const field_t& in_right, + const size_t hash_index, + const bool validate_input_is_in_field) +{ + if constexpr (C::type == ComposerType::PLOOKUP && C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { + return pedersen_plookup_commitment::compress({ in_left, in_right }); + } + + std::vector accumulators; + generator_index_t index_1 = { hash_index, 0 }; + generator_index_t index_2 = { hash_index, 1 }; + accumulators.push_back(pedersen_hash::commit_single(in_left, index_1, validate_input_is_in_field)); + accumulators.push_back(pedersen_hash::commit_single(in_right, index_2, validate_input_is_in_field)); + return pedersen_hash::accumulate(accumulators).x; +} + +/** + * Compress a vector of scalars with a given hash index. + */ +template +field_t pedersen_commitment::compress(const std::vector& inputs, const size_t hash_index) +{ + if constexpr (C::type == ComposerType::PLOOKUP && C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { + return pedersen_plookup_commitment::compress(inputs, hash_index); + } + + return commit(inputs, hash_index).x; +} + +/** + * Compress a byte_array. + * + * If the input values are all zero, we return the array length instead of "0\" + * This is because we require the inputs to regular pedersen compression function are nonzero (we use this method to + * hash the base layer of our merkle trees) + */ +template field_t pedersen_commitment::compress(const byte_array& input) +{ + const size_t num_bytes = input.size(); + const size_t bytes_per_element = 31; + size_t num_elements = (num_bytes % bytes_per_element != 0) + (num_bytes / bytes_per_element); + + std::vector elements; + for (size_t i = 0; i < num_elements; ++i) { + size_t bytes_to_slice = 0; + if (i == num_elements - 1) { + bytes_to_slice = num_bytes - (i * bytes_per_element); + } else { + bytes_to_slice = bytes_per_element; + } + field_t element = static_cast(input.slice(i * bytes_per_element, bytes_to_slice)); + elements.emplace_back(element); + } + field_t compressed = compress(elements, 0); + + bool_t is_zero(true); + for (const auto& element : elements) { + is_zero = is_zero && element.is_zero(); + } + + field_t output = field_t::conditional_assign(is_zero, field_t(num_bytes), compressed); + return output; +} + +INSTANTIATE_STDLIB_TYPE(pedersen_commitment); + +} // namespace stdlib +} // namespace plonk \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.hpp b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.hpp new file mode 100644 index 0000000000..698f32bc51 --- /dev/null +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.hpp @@ -0,0 +1,59 @@ +#pragma once +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" +#include "../../primitives/composers/composers_fwd.hpp" +#include "../../primitives/field/field.hpp" +#include "../../primitives/point/point.hpp" +#include "../../primitives/byte_array/byte_array.hpp" + +using namespace crypto::generators; + +namespace plonk { +namespace stdlib { + +constexpr uint64_t WNAF_MASK = crypto::generators::WNAF_MASK; + +template class pedersen_commitment { + private: + typedef plonk::stdlib::field_t field_t; + typedef plonk::stdlib::point point; + typedef plonk::stdlib::byte_array byte_array; + typedef plonk::stdlib::bool_t bool_t; + + public: + static point commit(const std::vector& inputs, const size_t hash_index = 0); + + static point commit(const std::vector& inputs, + const std::vector& hash_generator_indices); + + static point commit(const std::vector>& input_pairs); + + static field_t compress_unsafe(const field_t& left, + const field_t& right, + const size_t hash_index, + const bool validate_input_is_in_field); + + static field_t compress(const field_t& left, const field_t& right, const size_t hash_index = 0) + { + return compress_unsafe(left, right, hash_index, true); + } + + static field_t compress(const std::vector& inputs, const size_t hash_index = 0); + + static field_t compress(const std::vector& inputs, + const std::vector& hash_generator_indices); + + static field_t compress(const std::vector>& input_pairs); + + template static field_t compress(const std::array& inputs) + { + std::vector in(inputs.begin(), inputs.end()); + return compress(in); + } + + static field_t compress(const byte_array& inputs); +}; + +EXTERN_STDLIB_TYPE(pedersen_commitment); + +} // namespace stdlib +} // namespace plonk \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.test.cpp b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.test.cpp similarity index 71% rename from cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.test.cpp rename to cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.test.cpp index 9dc474f3ad..748e2f45de 100644 --- a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.test.cpp +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.test.cpp @@ -1,7 +1,7 @@ #include "pedersen.hpp" #include "pedersen_plookup.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" -#include "barretenberg/crypto/pedersen/pedersen_lookup.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen_lookup.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "barretenberg/numeric/random/engine.hpp" #include "barretenberg/common/test.hpp" @@ -21,7 +21,7 @@ template class stdlib_pedersen : public testing::Test { typedef typename curve::fr_ct fr_ct; typedef typename curve::witness_ct witness_ct; typedef typename curve::public_witness_ct public_witness_ct; - typedef typename stdlib::pedersen pedersen; + typedef typename stdlib::pedersen_commitment pedersen_commitment; public: static grumpkin::g1::element pedersen_recover(const fr& left_in, const fr& right_in) @@ -70,10 +70,10 @@ template class stdlib_pedersen : public testing::Test { compute_split_scalar(&right_wnafs[126], 2) }; grumpkin::g1::affine_element grumpkin_points[4]{ - crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_1).generator, - crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_1).aux_generator, - crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_2).generator, - crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_2).aux_generator, + crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_1).generator, + crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_1).aux_generator, + crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_2).generator, + crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_2).aux_generator, }; grumpkin::g1::element result_points[4]{ @@ -91,12 +91,12 @@ template class stdlib_pedersen : public testing::Test { if (left_skew) { grumpkin::g1::affine_element left_skew_gen = - crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_1).skew_generator; + crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_1).skew_generator; hash_output_left -= left_skew_gen; } if (right_skew) { grumpkin::g1::affine_element right_skew_gen = - crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_2).skew_generator; + crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_2).skew_generator; hash_output_right -= right_skew_gen; } @@ -154,7 +154,7 @@ template class stdlib_pedersen : public testing::Test { composer.fix_witness(left.witness_index, left.get_value()); composer.fix_witness(right.witness_index, right.get_value()); - fr_ct out = pedersen::compress(left, right); + fr_ct out = pedersen_commitment::compress(left, right); auto prover = composer.create_prover(); @@ -175,7 +175,7 @@ template class stdlib_pedersen : public testing::Test { EXPECT_EQ(out.get_value(), hash_output.x); - fr compress_native = crypto::pedersen::compress_native({ left.get_value(), right.get_value() }); + fr compress_native = crypto::pedersen_commitment::compress_native({ left.get_value(), right.get_value() }); EXPECT_EQ(out.get_value(), compress_native); } @@ -195,11 +195,11 @@ template class stdlib_pedersen : public testing::Test { fr_ct r_minus_two = witness_ct(&composer, r_minus_two_fr); fr_ct r = witness_ct(&composer, r_fr); - fr_ct out_1_with_zero = pedersen::compress(zero, one); - fr_ct out_1_with_r = pedersen::compress(r, one); - fr_ct out_2 = pedersen::compress(r_minus_one, r_minus_two); - fr_ct out_with_zero = pedersen::compress(out_1_with_zero, out_2); - fr_ct out_with_r = pedersen::compress(out_1_with_r, out_2); + fr_ct out_1_with_zero = pedersen_commitment::compress(zero, one); + fr_ct out_1_with_r = pedersen_commitment::compress(r, one); + fr_ct out_2 = pedersen_commitment::compress(r_minus_one, r_minus_two); + fr_ct out_with_zero = pedersen_commitment::compress(out_1_with_zero, out_2); + fr_ct out_with_r = pedersen_commitment::compress(out_1_with_r, out_2); auto prover = composer.create_prover(); @@ -232,12 +232,15 @@ template class stdlib_pedersen : public testing::Test { EXPECT_EQ(r_minus_one_fr, recovered_r_minus_one); EXPECT_EQ(r_minus_two_fr, recovered_r_minus_two); - fr compress_native_1_with_zero = crypto::pedersen::compress_native({ zero.get_value(), one.get_value() }); - fr compress_native_1_with_r = crypto::pedersen::compress_native({ r.get_value(), one.get_value() }); - fr compress_native_2 = crypto::pedersen::compress_native({ r_minus_one.get_value(), r_minus_two.get_value() }); + fr compress_native_1_with_zero = + crypto::pedersen_commitment::compress_native({ zero.get_value(), one.get_value() }); + fr compress_native_1_with_r = crypto::pedersen_commitment::compress_native({ r.get_value(), one.get_value() }); + fr compress_native_2 = + crypto::pedersen_commitment::compress_native({ r_minus_one.get_value(), r_minus_two.get_value() }); fr compress_native_with_zero = - crypto::pedersen::compress_native({ out_1_with_zero.get_value(), out_2.get_value() }); - fr compress_native_with_r = crypto::pedersen::compress_native({ out_1_with_r.get_value(), out_2.get_value() }); + crypto::pedersen_commitment::compress_native({ out_1_with_zero.get_value(), out_2.get_value() }); + fr compress_native_with_r = + crypto::pedersen_commitment::compress_native({ out_1_with_r.get_value(), out_2.get_value() }); EXPECT_EQ(out_1_with_zero.get_value(), compress_native_1_with_zero); EXPECT_EQ(out_1_with_r.get_value(), compress_native_1_with_r); @@ -264,7 +267,7 @@ template class stdlib_pedersen : public testing::Test { fr_ct right = witness_ct(&composer, right_in); for (size_t i = 0; i < 256; ++i) { - left = pedersen::compress(left, right); + left = pedersen_commitment::compress(left, right); } composer.set_public_input(left.witness_index); @@ -292,10 +295,10 @@ template class stdlib_pedersen : public testing::Test { input.push_back(engine.get_random_uint8()); } - fr expected = crypto::pedersen::compress_native(input); + fr expected = crypto::pedersen_commitment::compress_native(input); byte_array_ct circuit_input(&composer, input); - auto result = pedersen::compress(circuit_input); + auto result = pedersen_commitment::compress(circuit_input); EXPECT_EQ(result.get_value(), expected); @@ -349,9 +352,9 @@ template class stdlib_pedersen : public testing::Test { witnesses.push_back(witness_ct(&composer, input)); } - barretenberg::fr expected = crypto::pedersen::compress_native(inputs); + barretenberg::fr expected = crypto::pedersen_commitment::compress_native(inputs); - fr_ct result = pedersen::compress(witnesses); + fr_ct result = pedersen_commitment::compress(witnesses); EXPECT_EQ(result.get_value(), expected); } @@ -380,8 +383,8 @@ template class stdlib_pedersen : public testing::Test { } constexpr size_t hash_idx = 10; - grumpkin::fq expected = crypto::pedersen::compress_native(inputs, hash_idx); - auto result = pedersen::compress(witness_inputs, hash_idx); + grumpkin::fq expected = crypto::pedersen_commitment::compress_native(inputs, hash_idx); + auto result = pedersen_commitment::compress(witness_inputs, hash_idx); EXPECT_EQ(result.get_value(), expected); } @@ -402,8 +405,8 @@ template class stdlib_pedersen : public testing::Test { } } - barretenberg::fr expected = crypto::pedersen::compress_native(inputs); - auto result = pedersen::compress(witness_inputs); + barretenberg::fr expected = crypto::pedersen_commitment::compress_native(inputs); + auto result = pedersen_commitment::compress(witness_inputs); EXPECT_EQ(result.get_value(), expected); } @@ -448,98 +451,4 @@ TYPED_TEST(stdlib_pedersen, compress_constants) TestFixture::test_compress_constants(); }; -// Tests of Plookup-based Pedersen hash -namespace plookup_pedersen_tests { -typedef stdlib::field_t field_ct; -typedef stdlib::witness_t witness_ct; -TEST(stdlib_pedersen, test_pedersen_plookup) -{ - plonk::UltraComposer composer = plonk::UltraComposer(); - - fr left_in = fr::random_element(); - fr right_in = fr::random_element(); - - field_ct left = witness_ct(&composer, left_in); - field_ct right = witness_ct(&composer, right_in); - - field_ct result = stdlib::pedersen_plookup::compress(left, right); - - fr expected = crypto::pedersen::lookup::hash_pair(left_in, right_in); - - EXPECT_EQ(result.get_value(), expected); - - auto prover = composer.create_prover(); - - printf("composer gates = %zu\n", composer.get_num_gates()); - auto verifier = composer.create_verifier(); - - plonk::proof proof = prover.construct_proof(); - - bool proof_result = verifier.verify_proof(proof); - EXPECT_EQ(proof_result, true); -} - -TEST(stdlib_pedersen, test_compress_many_plookup) -{ - plonk::UltraComposer composer = plonk::UltraComposer(); - - std::vector input_values{ - fr::random_element(), fr::random_element(), fr::random_element(), - fr::random_element(), fr::random_element(), fr::random_element(), - }; - std::vector inputs; - for (const auto& input : input_values) { - inputs.emplace_back(witness_ct(&composer, input)); - } - - const size_t hash_idx = 20; - - field_ct result = stdlib::pedersen_plookup::compress(inputs, hash_idx); - - auto expected = crypto::pedersen::lookup::compress_native(input_values, hash_idx); - - EXPECT_EQ(result.get_value(), expected); - - auto prover = composer.create_prover(); - - printf("composer gates = %zu\n", composer.get_num_gates()); - auto verifier = composer.create_verifier(); - - plonk::proof proof = prover.construct_proof(); - - bool proof_result = verifier.verify_proof(proof); - EXPECT_EQ(proof_result, true); -} - -TEST(stdlib_pedersen, test_merkle_damgard_compress_plookup) -{ - plonk::UltraComposer composer = plonk::UltraComposer(); - - std::vector input_values{ - fr::random_element(), fr::random_element(), fr::random_element(), - fr::random_element(), fr::random_element(), fr::random_element(), - }; - std::vector inputs; - for (const auto& input : input_values) { - inputs.emplace_back(witness_ct(&composer, input)); - } - field_ct iv = witness_ct(&composer, fr(10)); - - field_ct result = stdlib::pedersen_plookup::merkle_damgard_compress(inputs, iv).x; - - auto expected = crypto::pedersen::lookup::merkle_damgard_compress(input_values, 10); - - EXPECT_EQ(result.get_value(), expected.normalize().x); - - auto prover = composer.create_prover(); - - printf("composer gates = %zu\n", composer.get_num_gates()); - auto verifier = composer.create_verifier(); - - plonk::proof proof = prover.construct_proof(); - - bool proof_result = verifier.verify_proof(proof); - EXPECT_EQ(proof_result, true); -} -} // namespace plookup_pedersen_tests } // namespace test_stdlib_pedersen diff --git a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.cpp b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.cpp new file mode 100644 index 0000000000..24825f2469 --- /dev/null +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.cpp @@ -0,0 +1,145 @@ +#include "pedersen_plookup.hpp" +#include +#include +#include "../../hash/pedersen/pedersen_plookup.hpp" + +#include +#include "../../primitives/composers/composers.hpp" +#include "../../primitives/plookup/plookup.hpp" + +namespace plonk { +namespace stdlib { + +using namespace barretenberg; + +template +point pedersen_plookup_commitment::compress_to_point(const field_t& left, const field_t& right) +{ + auto p2 = pedersen_plookup_hash::hash_single(left, false); + auto p1 = pedersen_plookup_hash::hash_single(right, true); + + return pedersen_plookup_hash::add_points(p1, p2); +} + +template field_t pedersen_plookup_commitment::compress(const field_t& left, const field_t& right) +{ + return compress_to_point(left, right).x; +} + +template +point pedersen_plookup_commitment::merkle_damgard_compress(const std::vector& inputs, const field_t& iv) +{ + if (inputs.size() == 0) { + return point{ 0, 0 }; + } + + auto result = plookup_read::get_lookup_accumulators(MultiTableId::PEDERSEN_IV, iv)[ColumnIdx::C2][0]; + auto num_inputs = inputs.size(); + for (size_t i = 0; i < num_inputs; i++) { + result = compress(result, inputs[i]); + } + + return compress_to_point(result, field_t(num_inputs)); +} + +template +point pedersen_plookup_commitment::merkle_damgard_compress(const std::vector& inputs, + const std::vector& ivs) +{ + const size_t num_inputs = inputs.size(); + if (num_inputs == 0) { + return point{ 0, 0 }; + } + + auto result = plookup_read::get_lookup_accumulators(MultiTableId::PEDERSEN_IV, 0)[ColumnIdx::C2][0]; + for (size_t i = 0; i < 2 * num_inputs; i++) { + if ((i & 1) == 0) { + auto iv_result = + plookup_read::get_lookup_accumulators(MultiTableId::PEDERSEN_IV, ivs[i >> 1])[ColumnIdx::C2][0]; + result = compress(result, iv_result); + } else { + result = compress(result, inputs[i >> 1]); + } + } + + return compress_to_point(result, field_t(num_inputs)); +} + +template +point pedersen_plookup_commitment::merkle_damgard_tree_compress(const std::vector& inputs, + const std::vector& ivs) +{ + const size_t num_inputs = inputs.size(); + ASSERT(num_inputs == ivs.size()); + ASSERT(numeric::is_power_of_two(num_inputs)); + if (num_inputs == 0) { + return point{ 0, 0 }; + } + + // Process height 0 of the tree. + std::vector temp_storage; + for (size_t i = 0; i < num_inputs; i++) { + auto iv_result = plookup_read::get_lookup_accumulators(MultiTableId::PEDERSEN_IV, ivs[i])[ColumnIdx::C2][0]; + temp_storage.push_back(compress(iv_result, inputs[i])); + } + + // Process heights 1, 2, ..., log2(m) of the tree. + const size_t total_height = numeric::get_msb(num_inputs); + for (size_t height = 1; height <= total_height; height++) { + const size_t leaf_count = 1UL << (total_height - height); + for (size_t i = 0; i < leaf_count; i++) { + temp_storage[i] = compress(temp_storage[2 * i], temp_storage[2 * i + 1]); + } + } + + return compress_to_point(temp_storage[0], field_t(num_inputs)); +} + +template +point pedersen_plookup_commitment::commit(const std::vector& inputs, const size_t hash_index) +{ + return merkle_damgard_compress(inputs, field_t(hash_index)); +} + +template +point pedersen_plookup_commitment::commit(const std::vector& inputs, + const std::vector& hash_indices) +{ + std::vector hash_indices_; + for (size_t i = 0; i < hash_indices.size(); i++) { + hash_indices_.push_back(field_t(hash_indices[i])); + } + + return merkle_damgard_compress(inputs, hash_indices_); +} + +template +field_t pedersen_plookup_commitment::compress(const std::vector& inputs, const size_t hash_index) +{ + return commit(inputs, hash_index).x; +} + +template +field_t pedersen_plookup_commitment::compress(const std::vector& inputs, + const std::vector& hash_indices) +{ + return commit(inputs, hash_indices).x; +} + +template +field_t pedersen_plookup_commitment::compress(const std::vector>& input_pairs) +{ + std::vector inputs; + std::vector hash_indices; + for (size_t i = 0; i < input_pairs.size(); i++) { + inputs.push_back(input_pairs[0].first); + hash_indices.push_back(input_pairs[0].second); + } + + return commit(inputs, hash_indices).x; +} + +template class pedersen_plookup_commitment; + +} // namespace stdlib +} // namespace plonk \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.hpp b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.hpp new file mode 100644 index 0000000000..abdf65643b --- /dev/null +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.hpp @@ -0,0 +1,43 @@ +#pragma once +#include "../../primitives/composers/composers_fwd.hpp" +#include "../../primitives/field/field.hpp" +#include "../../primitives/point/point.hpp" +#include "../../primitives/packed_byte_array/packed_byte_array.hpp" + +namespace plonk { +namespace stdlib { + +template class pedersen_plookup_commitment { + private: + typedef plonk::stdlib::field_t field_t; + typedef plonk::stdlib::point point; + typedef plonk::stdlib::packed_byte_array packed_byte_array; + typedef plonk::stdlib::bool_t bool_t; + + public: + static point commit(const std::vector& inputs, const size_t hash_index = 0); + static point commit(const std::vector& inputs, const std::vector& hash_indices); + + static field_t compress(const field_t& left, const field_t& right); + static field_t compress(const std::vector& inputs, const size_t hash_index = 0); + static field_t compress(const packed_byte_array& input) { return compress(input.get_limbs()); } + + static field_t compress(const std::vector& inputs, const std::vector& hash_indices); + static field_t compress(const std::vector>& input_pairs); + + template static field_t compress(const std::array& inputs) + { + std::vector in(inputs.begin(), inputs.end()); + return compress(in); + } + + static point merkle_damgard_compress(const std::vector& inputs, const field_t& iv); + static point merkle_damgard_compress(const std::vector& inputs, const std::vector& ivs); + static point merkle_damgard_tree_compress(const std::vector& inputs, const std::vector& ivs); + + static point compress_to_point(const field_t& left, const field_t& right); +}; + +extern template class pedersen_plookup_commitment; +} // namespace stdlib +} // namespace plonk \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.test.cpp b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.test.cpp new file mode 100644 index 0000000000..ab13dbebcb --- /dev/null +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.test.cpp @@ -0,0 +1,183 @@ +#include "pedersen.hpp" +#include "pedersen_plookup.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen_lookup.hpp" +#include "barretenberg/crypto/pedersen_hash/pedersen_lookup.hpp" +#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" +#include "barretenberg/common/test.hpp" +#include "barretenberg/stdlib/primitives/curves/bn254.hpp" + +namespace test_stdlib_pedersen { +using namespace barretenberg; +using namespace plonk; +namespace { +auto& engine = numeric::random::get_debug_engine(); +} + +namespace plookup_pedersen_tests { +typedef stdlib::field_t field_ct; +typedef stdlib::witness_t witness_ct; +TEST(stdlib_pedersen, test_pedersen_plookup) +{ + UltraComposer composer = UltraComposer(); + + fr left_in = fr::random_element(); + fr right_in = fr::random_element(); + + field_ct left = witness_ct(&composer, left_in); + field_ct right = witness_ct(&composer, right_in); + + field_ct result = stdlib::pedersen_plookup_commitment::compress(left, right); + + fr expected = crypto::pedersen_hash::lookup::hash_pair(left_in, right_in); + + EXPECT_EQ(result.get_value(), expected); + + auto prover = composer.create_prover(); + + printf("composer gates = %zu\n", composer.get_num_gates()); + auto verifier = composer.create_verifier(); + + auto proof = prover.construct_proof(); + + bool proof_result = verifier.verify_proof(proof); + EXPECT_EQ(proof_result, true); +} + +TEST(stdlib_pedersen, test_compress_many_plookup) +{ + UltraComposer composer = UltraComposer(); + + std::vector input_values{ + fr::random_element(), fr::random_element(), fr::random_element(), + fr::random_element(), fr::random_element(), fr::random_element(), + }; + std::vector inputs; + for (const auto& input : input_values) { + inputs.emplace_back(witness_ct(&composer, input)); + } + + const size_t hash_idx = 20; + + field_ct result = stdlib::pedersen_plookup_commitment::compress(inputs, hash_idx); + + auto expected = crypto::pedersen_commitment::lookup::compress_native(input_values, hash_idx); + + EXPECT_EQ(result.get_value(), expected); + + auto prover = composer.create_prover(); + + printf("composer gates = %zu\n", composer.get_num_gates()); + auto verifier = composer.create_verifier(); + + auto proof = prover.construct_proof(); + + bool proof_result = verifier.verify_proof(proof); + EXPECT_EQ(proof_result, true); +} + +TEST(stdlib_pedersen, test_merkle_damgard_compress_plookup) +{ + UltraComposer composer = UltraComposer(); + + std::vector input_values{ + fr::random_element(), fr::random_element(), fr::random_element(), + fr::random_element(), fr::random_element(), fr::random_element(), + }; + std::vector inputs; + for (const auto& input : input_values) { + inputs.emplace_back(witness_ct(&composer, input)); + } + field_ct iv = witness_ct(&composer, fr(10)); + + field_ct result = stdlib::pedersen_plookup_commitment::merkle_damgard_compress(inputs, iv).x; + + auto expected = crypto::pedersen_commitment::lookup::merkle_damgard_compress(input_values, 10); + + EXPECT_EQ(result.get_value(), expected.normalize().x); + + auto prover = composer.create_prover(); + + printf("composer gates = %zu\n", composer.get_num_gates()); + auto verifier = composer.create_verifier(); + + auto proof = prover.construct_proof(); + + bool proof_result = verifier.verify_proof(proof); + EXPECT_EQ(proof_result, true); +} + +TEST(stdlib_pedersen, test_merkle_damgard_compress_multiple_iv_plookup) +{ + UltraComposer composer = UltraComposer(); + + const size_t m = 10; + std::vector input_values; + std::vector iv_values; + for (size_t i = 0; i < m; i++) { + input_values.push_back(fr::random_element()); + iv_values.push_back(engine.get_random_uint8()); + } + + std::vector inputs; + std::vector ivs; + for (size_t i = 0; i < m; i++) { + inputs.emplace_back(witness_ct(&composer, input_values[i])); + ivs.emplace_back(witness_ct(&composer, fr(iv_values[i]))); + } + + field_ct result = stdlib::pedersen_plookup_commitment::merkle_damgard_compress(inputs, ivs).x; + + auto expected = crypto::pedersen_commitment::lookup::merkle_damgard_compress(input_values, iv_values); + + EXPECT_EQ(result.get_value(), expected.normalize().x); + + auto prover = composer.create_prover(); + + printf("composer gates = %zu\n", composer.get_num_gates()); + auto verifier = composer.create_verifier(); + + auto proof = prover.construct_proof(); + + bool proof_result = verifier.verify_proof(proof); + EXPECT_EQ(proof_result, true); +} + +TEST(stdlib_pedersen, test_merkle_damgard_tree_compress_plookup) +{ + UltraComposer composer = UltraComposer(); + + const size_t m = 16; + std::vector input_values; + std::vector iv_values; + for (size_t i = 0; i < m; i++) { + input_values.push_back(fr::random_element()); + iv_values.push_back(engine.get_random_uint8()); + } + + std::vector inputs; + std::vector ivs; + for (size_t i = 0; i < m; i++) { + inputs.emplace_back(witness_ct(&composer, input_values[i])); + ivs.emplace_back(witness_ct(&composer, fr(iv_values[i]))); + } + + field_ct result = stdlib::pedersen_plookup_commitment::merkle_damgard_tree_compress(inputs, ivs).x; + + auto expected = crypto::pedersen_commitment::lookup::merkle_damgard_tree_compress(input_values, iv_values); + + EXPECT_EQ(result.get_value(), expected.normalize().x); + + auto prover = composer.create_prover(); + + printf("composer gates = %zu\n", composer.get_num_gates()); + auto verifier = composer.create_verifier(); + + auto proof = prover.construct_proof(); + + bool proof_result = verifier.verify_proof(proof); + EXPECT_EQ(proof_result, true); +} + +} // namespace plookup_pedersen_tests +} // namespace test_stdlib_pedersen diff --git a/cpp/src/barretenberg/stdlib/encryption/schnorr/CMakeLists.txt b/cpp/src/barretenberg/stdlib/encryption/schnorr/CMakeLists.txt index 20a100dff1..d200b786ae 100644 --- a/cpp/src/barretenberg/stdlib/encryption/schnorr/CMakeLists.txt +++ b/cpp/src/barretenberg/stdlib/encryption/schnorr/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(stdlib_schnorr stdlib_pedersen stdlib_blake2s stdlib_primitives) \ No newline at end of file +barretenberg_module(stdlib_schnorr stdlib_pedersen_commitment stdlib_blake2s stdlib_primitives) \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.cpp b/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.cpp index 35ebcde4b9..a6e9cd90fa 100644 --- a/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.cpp +++ b/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.cpp @@ -1,8 +1,9 @@ #include "schnorr.hpp" #include -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "barretenberg/stdlib/hash/blake2s/blake2s.hpp" +#include "barretenberg/stdlib/commitment/pedersen/pedersen.hpp" #include "../../primitives/composers/composers.hpp" @@ -161,7 +162,7 @@ point variable_base_mul(const point& pub_key, const point& current_accu // Various elliptic curve point additions that follow assume that the two points are distinct and not mutually // inverse. collision_offset is chosen to prevent a malicious prover from exploiting this assumption. - grumpkin::g1::affine_element collision_offset = crypto::pedersen::get_generator_data(DEFAULT_GEN_1).generator; + grumpkin::g1::affine_element collision_offset = crypto::generators::get_generator_data(DEFAULT_GEN_1).generator; grumpkin::g1::affine_element collision_end = collision_offset * grumpkin::fr(uint256_t(1) << 129); const bool init = current_accumulator.x.get_value() == pub_key.x.get_value(); @@ -290,7 +291,7 @@ std::array, 2> verify_signature_internal(const byte_array& message // build input (pedersen(([s]g + [e]pub).x | pub.x | pub.y) | message) to hash function // pedersen hash ([r].x | pub.x) to make sure the size of `hash_input` is <= 64 bytes for a 32 byte message - byte_array hash_input(stdlib::pedersen::compress({ x_3, pub_key.x, pub_key.y })); + byte_array hash_input(stdlib::pedersen_commitment::compress({ x_3, pub_key.x, pub_key.y })); hash_input.write(message); // compute e' = hash(([s]g + [e]pub).x | message) diff --git a/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp b/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp index c5e43842f7..1607eaac4f 100644 --- a/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp +++ b/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp @@ -1,5 +1,5 @@ #include "schnorr.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include #include "barretenberg/stdlib/types/types.hpp" diff --git a/cpp/src/barretenberg/stdlib/hash/pedersen/CMakeLists.txt b/cpp/src/barretenberg/stdlib/hash/pedersen/CMakeLists.txt index 66047381be..c4504582a2 100644 --- a/cpp/src/barretenberg/stdlib/hash/pedersen/CMakeLists.txt +++ b/cpp/src/barretenberg/stdlib/hash/pedersen/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(stdlib_pedersen stdlib_primitives crypto_pedersen) +barretenberg_module(stdlib_pedersen_hash stdlib_primitives crypto_pedersen_commitment crypto_generators) diff --git a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.cpp b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.cpp index 5db83ffca1..bfa4895b4b 100644 --- a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.cpp +++ b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.cpp @@ -1,34 +1,13 @@ #include "pedersen.hpp" #include "pedersen_plookup.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" -#include "pedersen_gates.hpp" - #include "../../primitives/composers/composers.hpp" -#include "../../primitives/packed_byte_array/packed_byte_array.hpp" namespace plonk { namespace stdlib { using namespace barretenberg; -using namespace crypto::pedersen; -using namespace bonk; - -namespace { -/** - * Adds two group elements using elliptic curve addition. - **/ -template point add_points(const point& first, const point& second) -{ - field_t lhs = second.y - first.y; - field_t rhs = second.x - first.x; - // since we are adding multiples of different generators, creating a zero denum is as hard as DL - field_t lambda = lhs.divide_no_zero_check(rhs); - field_t x_3 = lambda * lambda - second.x - first.x; - field_t y_3 = lambda * (first.x - x_3) - first.y; - return { x_3, y_3 }; -} -} // namespace +using namespace crypto::pedersen_hash; /** * Description of function: @@ -58,16 +37,15 @@ template point add_points(const point& first, const point& * Full documentation: https://hackmd.io/gRsmqUGkSDOCI9O22qWXBA?view **/ template -point pedersen::hash_single(const field_t& in, - const generator_index_t hash_index, - const bool validate_input_is_in_field) +point pedersen_hash::hash_single_internal(const field_t& in, + const generator_index_t hash_index, + const bool validate_input_is_in_field) { C* ctx = in.context; - field_t scalar = in.normalize(); if (in.is_constant()) { - const auto hash_native = crypto::pedersen::hash_single(in.get_value(), hash_index).normalize(); + const auto hash_native = crypto::pedersen_hash::hash_single(in.get_value(), hash_index).normalize(); return { field_t(ctx, hash_native.x), field_t(ctx, hash_native.y) }; } @@ -83,8 +61,8 @@ point pedersen::hash_single(const field_t& in, // initial_exponent = ((num_bits & 1) == 1) ? num_bits - 1: num_bits; // this may require updating the logic around accumulator_offset constexpr size_t initial_exponent = num_bits; - const auto gen_data = crypto::pedersen::get_generator_data(hash_index); - const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); + const auto gen_data = crypto::generators::get_generator_data(hash_index); + const crypto::generators::fixed_base_ladder* ladder = gen_data.get_hash_ladder(num_bits); grumpkin::g1::affine_element skew_generator = gen_data.skew_generator; // Here n = num_quads = 127. @@ -226,21 +204,19 @@ point pedersen::hash_single(const field_t& in, gates.create_fixed_group_add_gate(round_quad); } else { if constexpr (C::type == plonk::PLOOKUP && - C::merkle_hash_type == plonk::MerkleHashType::FIXED_BASE_PEDERSEN) { - /* In TurboComposer, the selector q_5 is used to show that w_1 and w_2 are properly initialized to the - * coordinates of P_s = (-s + 4^n)[g]. In UltraPlonK, we have removed q_5 for overall efficiency (it - * would only be used here in this gate), but this presents us a cost in the present circuit: we must - * use an additional gate to perform part of the initialization. Since q_5 is only involved in the - * x-coordinate initialization (in the notation of the widget, Constraint 5), we only perform that part - * of the initialization with additional gates, letting Constraints 4 and 6 be handled in the Ultra - * version of the widget as in the Turbo verison. - * x-coordinate initialization constraint (Pi = origin_points[i] for i = 0,1): - * c * (P0.x - x_0) + (P0.x - P1.x) * (1 - a_0)) - * = -c * x_0 + c * P0.x - (P0.x - P1.x) * a_0 + (P0.x - P1.x) - * In present terms, x_0 = round_quad.a, c = round_quad.c, P0.x = init_quad.q_x_1, - * a_0 = round_quad.d, P0.x - P1.x = init_quad.q_x_2, - * so we want to impose the constraint: - * 0 = -round_quad.a * round_quad.c + (C::merkle_hash_type == plonk::merkle::HashType::FIXED_BASE_PEDERSEN || + C::commitment_type == plonk::pedersen::CommitmentType::FIXED_BASE_PEDERSEN)) { + /* In TurboComposer, the selector q_5 is used to show that w_1 and w_2 are properly initialized to + * the coordinates of P_s = (-s + 4^n)[g]. In UltraPlonK, we have removed q_5 for overall efficiency + * (it would only be used here in this gate), but this presents us a cost in the present circuit: we + * must use an additional gate to perform part of the initialization. Since q_5 is only involved in + * the x-coordinate initialization (in the notation of the widget, Constraint 5), we only perform + * that part of the initialization with additional gates, letting Constraints 4 and 6 be handled in + * the Ultra version of the widget as in the Turbo verison. x-coordinate initialization constraint + * (Pi = origin_points[i] for i = 0,1): c * (P0.x - x_0) + (P0.x - P1.x) * (1 - a_0)) = -c * x_0 + c + * * P0.x - (P0.x - P1.x) * a_0 + (P0.x - P1.x) In present terms, x_0 = round_quad.a, c = + * round_quad.c, P0.x = init_quad.q_x_1, a_0 = round_quad.d, P0.x - P1.x = + * init_quad.q_x_2, so we want to impose the constraint: 0 = -round_quad.a * round_quad.c * + init_quad.q_x_1 * round_quad.c * - init_quad.q_x_2 * round_quad.d * + init_quad.q_x_2 @@ -291,6 +267,40 @@ point pedersen::hash_single(const field_t& in, return result; } +/** + * Compute pedersen hash of the field element `in` using either lookup tables or its WNAF representation. + * + * Full documentation: https://hackmd.io/gRsmqUGkSDOCI9O22qWXBA?view + **/ +template +point pedersen_hash::hash_single(const field_t& in, + const generator_index_t hash_index, + const bool validate_input_is_in_field) +{ + if constexpr (C::type == ComposerType::PLOOKUP && C::merkle_hash_type == merkle::HashType::LOOKUP_PEDERSEN) { + return pedersen_plookup_hash::hash_single(in, hash_index.index == 0); + } + + return pedersen_hash::hash_single_internal(in, hash_index, validate_input_is_in_field); +} + +/** + * Subsidiary function used by the Pedersen commitment gadget to "hash" a field element. + * + * Full documentation: https://hackmd.io/gRsmqUGkSDOCI9O22qWXBA?view + **/ +template +point pedersen_hash::commit_single(const field_t& in, + const generator_index_t hash_index, + const bool validate_input_is_in_field) +{ + if constexpr (C::type == ComposerType::PLOOKUP && C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { + return pedersen_plookup_hash::hash_single(in, hash_index.index == 0); + } + + return pedersen_hash::hash_single_internal(in, hash_index, validate_input_is_in_field); +} + /** * Check the wnaf sum is smaller than the circuit modulus * @@ -304,7 +314,7 @@ point pedersen::hash_single(const field_t& in, * * Total cost is ~36 gates **/ -template void pedersen::validate_wnaf_is_in_field(C* ctx, const std::vector& accumulator) +template void pedersen_hash::validate_wnaf_is_in_field(C* ctx, const std::vector& accumulator) { /** * To validate that `w < r`, we use schoolbook subtraction @@ -498,7 +508,24 @@ template void pedersen::validate_wnaf_is_in_field(C* ctx, const y_hi.create_range_constraint(128, "pedersen: range constraint on y_lo fails in validate_wnaf_is_in_field"); } -template point pedersen::accumulate(const std::vector& to_accumulate) +/** + * Adds two group elements using elliptic curve addition. + **/ +template point pedersen_hash::add_points(const point& first, const point& second) +{ + field_t lhs = second.y - first.y; + field_t rhs = second.x - first.x; + // since we are adding multiples of different generators, creating a zero denum is as hard as DL + field_t lambda = lhs.divide_no_zero_check(rhs); + field_t x_3 = lambda * lambda - second.x - first.x; + field_t y_3 = lambda * (first.x - x_3) - first.y; + return { x_3, y_3 }; +} + +/** + * Accumulate a set of group elements using simple elliptic curve addition. + */ +template point pedersen_hash::accumulate(const std::vector& to_accumulate) { if (to_accumulate.size() == 0) { return point{ 0, 0 }; @@ -511,70 +538,26 @@ template point pedersen::accumulate(const std::vector& return accumulator; } -// called unsafe because allowing the option of not validating the input elements are unique, i.e. -field_t pedersen::compress_unsafe(const field_t& in_left, - const field_t& in_right, - const size_t hash_index, - const bool validate_input_is_in_field) +field_t pedersen_hash::hash_multiple(const std::vector& inputs, + const size_t hash_index, + const bool validate_inputs_in_field) { - std::vector accumulators; - generator_index_t index_1 = { hash_index, 0 }; - generator_index_t index_2 = { hash_index, 1 }; - accumulators.push_back(hash_single(in_left, index_1, validate_input_is_in_field)); - accumulators.push_back(hash_single(in_right, index_2, validate_input_is_in_field)); - return accumulate(accumulators).x; -} + if constexpr (C::type == plonk::ComposerType::PLOOKUP && + C::merkle_hash_type == plonk::merkle::HashType::LOOKUP_PEDERSEN) { + return pedersen_plookup_hash::hash_multiple(inputs, hash_index); + } -template point pedersen::commit(const std::vector& inputs, const size_t hash_index) -{ std::vector to_accumulate; for (size_t i = 0; i < inputs.size(); ++i) { generator_index_t index = { hash_index, i }; - to_accumulate.push_back(hash_single(inputs[i], index)); + to_accumulate.push_back(pedersen_hash::hash_single(inputs[i], index, validate_inputs_in_field)); } - return accumulate(to_accumulate); -} - -template field_t pedersen::compress(const std::vector& inputs, const size_t hash_index) -{ - return commit(inputs, hash_index).x; -} - -// If the input values are all zero, we return the array length instead of `0\` -// This is because we require the inputs to regular pedersen compression function are nonzero (we use this method to -// hash the base layer of our merkle trees) -template field_t pedersen::compress(const byte_array& input) -{ - const size_t num_bytes = input.size(); - const size_t bytes_per_element = 31; - size_t num_elements = (num_bytes % bytes_per_element != 0) + (num_bytes / bytes_per_element); - - std::vector elements; - for (size_t i = 0; i < num_elements; ++i) { - size_t bytes_to_slice = 0; - if (i == num_elements - 1) { - bytes_to_slice = num_bytes - (i * bytes_per_element); - } else { - bytes_to_slice = bytes_per_element; - } - field_t element = static_cast(input.slice(i * bytes_per_element, bytes_to_slice)); - elements.emplace_back(element); - } - field_t compressed = compress(elements, 0); - - bool_t is_zero(true); - for (const auto& element : elements) { - is_zero = is_zero && element.is_zero(); - } - - field_t output = field_t::conditional_assign(is_zero, field_t(num_bytes), compressed); - return output; + point result = pedersen_hash::accumulate(to_accumulate); + return result.x; } -template class pedersen; -template class pedersen; -template class pedersen; +INSTANTIATE_STDLIB_TYPE(pedersen_hash); } // namespace stdlib -} // namespace plonk +} // namespace plonk \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.hpp b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.hpp index 1f8b1afd52..2d0718dfb4 100644 --- a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.hpp +++ b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.hpp @@ -1,57 +1,48 @@ #pragma once -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_hash/pedersen.hpp" #include "../../primitives/composers/composers_fwd.hpp" #include "../../primitives/field/field.hpp" #include "../../primitives/point/point.hpp" -#include "../../primitives/byte_array/byte_array.hpp" namespace plonk { namespace stdlib { -constexpr uint64_t WNAF_MASK = crypto::pedersen::WNAF_MASK; +using namespace barretenberg; +using namespace crypto::pedersen_hash; -template class pedersen { - private: +template class pedersen_hash { + + public: typedef plonk::stdlib::field_t field_t; typedef plonk::stdlib::point point; - typedef plonk::stdlib::byte_array byte_array; typedef plonk::stdlib::bool_t bool_t; - static point hash_single(const field_t& in, - const crypto::pedersen::generator_index_t hash_index, - const bool validate_input_is_in_field = true); - static point accumulate(const std::vector& to_accumulate); - - public: - // called unsafe because allowing the option of not validating the input elements are unique, i.e. & inputs, const size_t hash_index = 0); + public: + static void validate_wnaf_is_in_field(ComposerContext* ctx, const std::vector& accumulator); - template static field_t compress(const std::array& inputs) - { - std::vector in(inputs.begin(), inputs.end()); - return compress(in); - } + static point accumulate(const std::vector& to_accumulate); - static field_t compress(const byte_array& inputs); + static point hash_single(const field_t& in, + const crypto::generators::generator_index_t hash_index, + const bool validate_input_is_in_field = true); - static void validate_wnaf_is_in_field(ComposerContext* ctx, const std::vector& accumulator); + static point commit_single(const field_t& in, + const crypto::generators::generator_index_t hash_index, + const bool validate_input_is_in_field = true); - static point commit(const std::vector& inputs, const size_t hash_index = 0); + static field_t hash_multiple(const std::vector& in, + const size_t hash_index = 0, + const bool validate_inputs_in_field = true); }; -extern template class pedersen; -extern template class pedersen; -extern template class pedersen; +EXTERN_STDLIB_TYPE(pedersen_hash); } // namespace stdlib -} // namespace plonk +} // namespace plonk \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.cpp b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.cpp index 964f9e6371..3bdd25609d 100644 --- a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.cpp +++ b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.cpp @@ -1,5 +1,5 @@ #include "pedersen_plookup.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_hash/pedersen.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "barretenberg/plonk/composer/plookup_tables/types.hpp" @@ -13,7 +13,14 @@ namespace stdlib { using namespace barretenberg; -template point pedersen_plookup::add_points(const point& p1, const point& p2, const AddType add_type) +/** + * Add two curve points in one of the following ways: + * one: p1 + p2 + * lambda: p1 + λ.p2 + * one_plus_lambda: p1 + (1 + λ).p2 + */ +template +point pedersen_plookup_hash::add_points(const point& p1, const point& p2, const AddType add_type) { C* ctx = p1.x.context ? p1.x.context : (p1.y.context ? p1.y.context : (p2.x.context ? p2.x.context : p2.y.context)); grumpkin::fq x_1_raw = p1.x.get_value(); @@ -68,11 +75,14 @@ template point pedersen_plookup::add_points(const point& p1, return p3; } -template point pedersen_plookup::hash_single(const field_t& scalar, const bool parity) +/** + * Hash a single field element using lookup tables. + */ +template point pedersen_plookup_hash::hash_single(const field_t& scalar, const bool parity) { if (scalar.is_constant()) { C* ctx = scalar.get_context(); - const auto hash_native = crypto::pedersen::lookup::hash_single(scalar.get_value(), parity).normalize(); + const auto hash_native = crypto::pedersen_hash::lookup::hash_single(scalar.get_value(), parity).normalize(); return { field_t(ctx, hash_native.x), field_t(ctx, hash_native.y) }; } @@ -125,47 +135,30 @@ template point pedersen_plookup::hash_single(const field_t& s return res; } -template point pedersen_plookup::compress_to_point(const field_t& left, const field_t& right) -{ - auto p2 = hash_single(left, false); - auto p1 = hash_single(right, true); - - return add_points(p1, p2); -} - -template field_t pedersen_plookup::compress(const field_t& left, const field_t& right) -{ - return compress_to_point(left, right).x; -} - +/** + * Hash a bunch of field element using merkle damagard construction. + */ template -point pedersen_plookup::merkle_damgard_compress(const std::vector& inputs, const field_t& iv) +field_t pedersen_plookup_hash::hash_multiple(const std::vector& inputs, const size_t hash_index) { if (inputs.size() == 0) { - return point{ 0, 0 }; + return point{ 0, 0 }.x; } - auto result = plookup_read::get_lookup_accumulators(MultiTableId::PEDERSEN_IV, iv)[ColumnIdx::C2][0]; + auto result = plookup_read::get_lookup_accumulators(MultiTableId::PEDERSEN_IV, hash_index)[ColumnIdx::C2][0]; auto num_inputs = inputs.size(); for (size_t i = 0; i < num_inputs; i++) { - result = compress(result, inputs[i]); + auto p2 = pedersen_plookup_hash::hash_single(result, false); + auto p1 = pedersen_plookup_hash::hash_single(inputs[i], true); + result = add_points(p1, p2).x; } - return compress_to_point(result, field_t(num_inputs)); -} - -template point pedersen_plookup::commit(const std::vector& inputs, const size_t hash_index) -{ - return merkle_damgard_compress(inputs, field_t(hash_index)); -} - -template -field_t pedersen_plookup::compress(const std::vector& inputs, const size_t hash_index) -{ - return commit(inputs, hash_index).x; + auto p2 = hash_single(result, false); + auto p1 = hash_single(field_t(num_inputs), true); + return add_points(p1, p2).x; } -template class pedersen_plookup; +template class pedersen_plookup_hash; } // namespace stdlib -} // namespace plonk +} // namespace plonk \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.hpp b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.hpp index bc01ff94a8..74d898ecac 100644 --- a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.hpp +++ b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.hpp @@ -7,7 +7,7 @@ namespace plonk { namespace stdlib { -template class pedersen_plookup { +template class pedersen_plookup_hash { private: typedef plonk::stdlib::field_t field_t; typedef plonk::stdlib::point point; @@ -20,27 +20,14 @@ template class pedersen_plookup { ONE_PLUS_LAMBDA, }; - static point hash_single(const field_t& in, const bool parity); - static point add_points(const point& p1, const point& p2, const AddType add_type = ONE); - public: - static field_t compress(const field_t& left, const field_t& right); - static field_t compress(const std::vector& inputs, const size_t hash_index = 0); - static field_t compress(const packed_byte_array& input) { return compress(input.get_limbs()); } - - template static field_t compress(const std::array& inputs) - { - std::vector in(inputs.begin(), inputs.end()); - return compress(in); - } - - static point merkle_damgard_compress(const std::vector& inputs, const field_t& iv); + static point add_points(const point& p1, const point& p2, const AddType add_type = ONE); - static point commit(const std::vector& inputs, const size_t hash_index = 0); + static point hash_single(const field_t& in, const bool parity); - static point compress_to_point(const field_t& left, const field_t& right); + static field_t hash_multiple(const std::vector& in, const size_t hash_index = 0); }; -extern template class pedersen_plookup; +extern template class pedersen_plookup_hash; } // namespace stdlib } // namespace plonk \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/merkle_tree/CMakeLists.txt b/cpp/src/barretenberg/stdlib/merkle_tree/CMakeLists.txt index 2457820baf..f0378375a7 100644 --- a/cpp/src/barretenberg/stdlib/merkle_tree/CMakeLists.txt +++ b/cpp/src/barretenberg/stdlib/merkle_tree/CMakeLists.txt @@ -1 +1,43 @@ -barretenberg_module(stdlib_merkle_tree stdlib_primitives stdlib_blake3s stdlib_pedersen) +barretenberg_module(stdlib_merkle_tree stdlib_primitives stdlib_blake3s stdlib_pedersen_hash) + +if(NOT WASM) + include(FetchContent) + FetchContent_Declare( + leveldb + GIT_REPOSITORY https://github.com/google/leveldb.git + GIT_TAG 1.22 + FIND_PACKAGE_ARGS + ) + + # Disable some leveldb targets before we call FetchContent_MakeAvailable + # so they are configured correctly if it needs to fetch + set(LEVELDB_BUILD_TESTS OFF CACHE BOOL "LevelDB tests off") + set(LEVELDB_BUILD_BENCHMARKS OFF CACHE BOOL "LevelDB benchmarks off") + + FetchContent_MakeAvailable(leveldb) + + if (leveldb_FOUND) + # Globally installed leveldb needs Threads available as Threads::Threads as discovered by `find_package` + find_package(Threads REQUIRED) + + foreach(target IN LISTS stdlib_merkle_tree_lib_targets stdlib_merkle_tree_exe_targets) + target_link_libraries(${target} PRIVATE leveldb::leveldb) + endforeach() + else() + # FetchContent_MakeAvailable calls FetchContent_Populate if `find_package` is unsuccessful + # so these variables will be available if we reach this case + set_property(DIRECTORY ${leveldb_SOURCE_DIR} PROPERTY EXCLUDE_FROM_ALL) + set_property(DIRECTORY ${leveldb_BINARY_DIR} PROPERTY EXCLUDE_FROM_ALL) + + # Silence all compiler warnings from LevelDB + target_compile_options( + leveldb + PRIVATE + -w + ) + + foreach(target IN LISTS stdlib_merkle_tree_lib_targets stdlib_merkle_tree_exe_targets) + target_link_libraries(${target} PRIVATE leveldb) + endforeach() + endif() +endif() diff --git a/cpp/src/barretenberg/stdlib/merkle_tree/hash.hpp b/cpp/src/barretenberg/stdlib/merkle_tree/hash.hpp index 56af194120..710d571088 100644 --- a/cpp/src/barretenberg/stdlib/merkle_tree/hash.hpp +++ b/cpp/src/barretenberg/stdlib/merkle_tree/hash.hpp @@ -1,7 +1,9 @@ #pragma once #include "barretenberg/common/net.hpp" #include "barretenberg/crypto/blake2s/blake2s.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" +#include "barretenberg/crypto/pedersen_hash/pedersen_lookup.hpp" +#include "barretenberg/crypto/pedersen_commitment/convert_buffer_to_field.hpp" #include "barretenberg/stdlib/hash/blake2s/blake2s.hpp" #include "barretenberg/stdlib/hash/pedersen/pedersen.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" @@ -11,19 +13,9 @@ namespace plonk { namespace stdlib { namespace merkle_tree { -template inline field_t hash_value(byte_array const& input) -{ - return plonk::stdlib::pedersen::compress(input); -} - -inline barretenberg::fr hash_value_native(std::vector const& input) -{ - return crypto::pedersen::compress_native(input); -} - inline barretenberg::fr compress_native(barretenberg::fr const& lhs, barretenberg::fr const& rhs) { - return crypto::pedersen::compress_native({ lhs, rhs }); + return crypto::pedersen_hash::lookup::hash_multiple({ lhs, rhs }); } } // namespace merkle_tree diff --git a/cpp/src/barretenberg/stdlib/merkle_tree/hash.test.cpp b/cpp/src/barretenberg/stdlib/merkle_tree/hash.test.cpp index 34874b412c..c1536b6c76 100644 --- a/cpp/src/barretenberg/stdlib/merkle_tree/hash.test.cpp +++ b/cpp/src/barretenberg/stdlib/merkle_tree/hash.test.cpp @@ -11,17 +11,7 @@ TEST(stdlib_merkle_tree_hash, compress_native_vs_circuit) fr x = uint256_t(0x5ec473eb273a8011, 0x50160109385471ca, 0x2f3095267e02607d, 0x02586f4a39e69b86); Composer composer = Composer(); witness_ct y = witness_ct(&composer, x); - field_ct z = plonk::stdlib::pedersen::compress(y, y); - auto zz = crypto::pedersen::compress_native({ x, x }); - EXPECT_EQ(z.get_value(), zz); -} - -TEST(stdlib_merkle_tree_hash, hash_value_native_vs_circuit) -{ - std::vector x = std::vector(64, '\1'); - Composer composer = Composer(); - byte_array_ct y(&composer, x); - field_ct z = merkle_tree::hash_value(y); - fr zz = merkle_tree::hash_value_native(x); + field_ct z = plonk::stdlib::pedersen_hash::hash_multiple({ y, y }); + auto zz = crypto::pedersen_hash::lookup::hash_multiple({ x, x }); EXPECT_EQ(z.get_value(), zz); } diff --git a/cpp/src/barretenberg/stdlib/merkle_tree/membership.hpp b/cpp/src/barretenberg/stdlib/merkle_tree/membership.hpp index 3273eefcf6..c6bb070207 100644 --- a/cpp/src/barretenberg/stdlib/merkle_tree/membership.hpp +++ b/cpp/src/barretenberg/stdlib/merkle_tree/membership.hpp @@ -43,7 +43,7 @@ bool_t check_subtree_membership(field_t const& root, // current iff path_bit If either of these does not hold, then the final computed merkle root will not match field_t left = field_t::conditional_assign(path_bit, hashes[i].first, current); field_t right = field_t::conditional_assign(path_bit, current, hashes[i].second); - current = pedersen::compress_unsafe(left, right, 0, is_updating_tree); + current = pedersen_hash::hash_multiple({ left, right }, 0, is_updating_tree); } return (current == root); @@ -199,7 +199,7 @@ template field_t compute_tree_root(std::vector 1) { std::vector> next_layer(layer.size() / 2); for (size_t i = 0; i < next_layer.size(); ++i) { - next_layer[i] = pedersen::compress(layer[i * 2], layer[i * 2 + 1]); + next_layer[i] = pedersen_hash::hash_multiple({ layer[i * 2], layer[i * 2 + 1] }); } layer = std::move(next_layer); } diff --git a/cpp/src/barretenberg/stdlib/primitives/group/group.hpp b/cpp/src/barretenberg/stdlib/primitives/group/group.hpp index 5886cc964f..a66cac7a71 100644 --- a/cpp/src/barretenberg/stdlib/primitives/group/group.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/group/group.hpp @@ -3,7 +3,7 @@ #include "../field/field.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "barretenberg/plonk/composer/composer_base.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "../../hash/pedersen/pedersen.hpp" #include "../../hash/pedersen/pedersen_gates.hpp" @@ -14,7 +14,7 @@ namespace plonk { namespace stdlib { using namespace barretenberg; -using namespace crypto::pedersen; +using namespace crypto::pedersen_hash; template class group { public: @@ -137,7 +137,7 @@ auto group::fixed_base_scalar_mul_internal(const field_t::fixed_base_scalar_mul_internal(const field_t= 254) { - plonk::stdlib::pedersen::validate_wnaf_is_in_field(ctx, accumulator_witnesses); + plonk::stdlib::pedersen_hash::validate_wnaf_is_in_field(ctx, accumulator_witnesses); } aligned_free(multiplication_transcript); aligned_free(accumulator_transcript); diff --git a/cpp/src/barretenberg/stdlib/primitives/group/group.test.cpp b/cpp/src/barretenberg/stdlib/primitives/group/group.test.cpp index 2c69100a8d..fbd26bc5b5 100644 --- a/cpp/src/barretenberg/stdlib/primitives/group/group.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/group/group.test.cpp @@ -20,7 +20,7 @@ TEST(stdlib_group, test_fixed_base_scalar_mul) { auto scalar = uint256_t(123, 0, 0, 0); auto priv_key = grumpkin::fr(scalar); - auto pub_key = crypto::pedersen::get_generator_data(crypto::pedersen::DEFAULT_GEN_1).generator * priv_key; + auto pub_key = crypto::generators::get_generator_data(crypto::generators::DEFAULT_GEN_1).generator * priv_key; Composer composer; auto priv_key_witness = field_ct(witness_ct(&composer, fr(scalar))); @@ -30,7 +30,7 @@ TEST(stdlib_group, test_fixed_base_scalar_mul) EXPECT_EQ(result.x.get_value(), pub_key.x); EXPECT_EQ(result.y.get_value(), pub_key.y); - auto native_result = crypto::pedersen::fixed_base_scalar_mul<128>(barretenberg::fr(scalar), 0); + auto native_result = crypto::generators::fixed_base_scalar_mul<128>(barretenberg::fr(scalar), 0); EXPECT_EQ(native_result.x, pub_key.x); EXPECT_EQ(native_result.y, pub_key.y); diff --git a/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.test.cpp b/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.test.cpp index 60c5947536..9f962f1861 100644 --- a/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.test.cpp @@ -4,7 +4,7 @@ #include "barretenberg/plonk/composer/ultra_composer.hpp" #include "barretenberg/numeric/random/engine.hpp" #include "barretenberg/numeric/bitop/rotate.hpp" -#include "barretenberg/crypto/pedersen/pedersen_lookup.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen_lookup.hpp" #include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp" #include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp" #include "barretenberg/stdlib/primitives/uint/uint.hpp" @@ -41,8 +41,8 @@ TEST(stdlib_plookup, pedersen_lookup_left) std::vector expected_y; const size_t num_lookups_hi = - (128 + crypto::pedersen::lookup::BITS_PER_TABLE) / crypto::pedersen::lookup::BITS_PER_TABLE; - const size_t num_lookups_lo = 126 / crypto::pedersen::lookup::BITS_PER_TABLE; + (128 + crypto::pedersen_hash::lookup::BITS_PER_TABLE) / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + const size_t num_lookups_lo = 126 / crypto::pedersen_hash::lookup::BITS_PER_TABLE; EXPECT_EQ(num_lookups_hi, lookup_hi[ColumnIdx::C1].size()); EXPECT_EQ(num_lookups_lo, lookup_lo[ColumnIdx::C1].size()); @@ -57,21 +57,21 @@ TEST(stdlib_plookup, pedersen_lookup_left) const size_t num_rounds = (num_lookups + 1) / 2; uint256_t bits(input_value); - const auto mask = crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE - 1; + const auto mask = crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE - 1; for (size_t i = 0; i < num_rounds; ++i) { - const auto& table = crypto::pedersen::lookup::get_table(i); + const auto& table = crypto::pedersen_hash::lookup::get_table(i); const size_t index = i * 2; size_t slice_a = - static_cast(((bits >> (index * crypto::pedersen::lookup::BITS_PER_TABLE)) & mask).data[0]); + static_cast(((bits >> (index * crypto::pedersen_hash::lookup::BITS_PER_TABLE)) & mask).data[0]); expected_x[index] = (table[slice_a].x); expected_y[index] = (table[slice_a].y); expected_scalars[index] = slice_a; if (i < 14) { size_t slice_b = static_cast( - ((bits >> ((index + 1) * crypto::pedersen::lookup::BITS_PER_TABLE)) & mask).data[0]); + ((bits >> ((index + 1) * crypto::pedersen_hash::lookup::BITS_PER_TABLE)) & mask).data[0]); expected_x[index + 1] = (table[slice_b].x); expected_y[index + 1] = (table[slice_b].y); expected_scalars[index + 1] = slice_b; @@ -80,7 +80,7 @@ TEST(stdlib_plookup, pedersen_lookup_left) } for (size_t i = num_lookups - 2; i < num_lookups; --i) { - expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } size_t hi_shift = 126; const fr hi_cumulative = lookup_hi[ColumnIdx::C1][0].get_value(); @@ -89,7 +89,7 @@ TEST(stdlib_plookup, pedersen_lookup_left) EXPECT_EQ(lookup_lo[ColumnIdx::C1][i].get_value() + (hi_cumulative * hi_mult), expected_scalars[i]); EXPECT_EQ(lookup_lo[ColumnIdx::C2][i].get_value(), expected_x[i]); EXPECT_EQ(lookup_lo[ColumnIdx::C3][i].get_value(), expected_y[i]); - hi_shift -= crypto::pedersen::lookup::BITS_PER_TABLE; + hi_shift -= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } for (size_t i = 0; i < num_lookups_hi; ++i) { EXPECT_EQ(lookup_hi[ColumnIdx::C1][i].get_value(), expected_scalars[i + num_lookups_lo]); @@ -121,8 +121,8 @@ TEST(stdlib_plookup, pedersen_lookup_right) std::vector expected_y; const size_t num_lookups_hi = - (128 + crypto::pedersen::lookup::BITS_PER_TABLE) / crypto::pedersen::lookup::BITS_PER_TABLE; - const size_t num_lookups_lo = 126 / crypto::pedersen::lookup::BITS_PER_TABLE; + (128 + crypto::pedersen_hash::lookup::BITS_PER_TABLE) / crypto::pedersen_hash::lookup::BITS_PER_TABLE; + const size_t num_lookups_lo = 126 / crypto::pedersen_hash::lookup::BITS_PER_TABLE; EXPECT_EQ(num_lookups_hi, lookup_hi[ColumnIdx::C1].size()); EXPECT_EQ(num_lookups_lo, lookup_lo[ColumnIdx::C1].size()); @@ -137,21 +137,21 @@ TEST(stdlib_plookup, pedersen_lookup_right) const size_t num_rounds = (num_lookups + 1) / 2; uint256_t bits(input_value); - const auto mask = crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE - 1; + const auto mask = crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE - 1; for (size_t i = 0; i < num_rounds; ++i) { - const auto& table = crypto::pedersen::lookup::get_table(i + num_rounds); + const auto& table = crypto::pedersen_hash::lookup::get_table(i + num_rounds); const size_t index = i * 2; size_t slice_a = - static_cast(((bits >> (index * crypto::pedersen::lookup::BITS_PER_TABLE)) & mask).data[0]); + static_cast(((bits >> (index * crypto::pedersen_hash::lookup::BITS_PER_TABLE)) & mask).data[0]); expected_x[index] = (table[slice_a].x); expected_y[index] = (table[slice_a].y); expected_scalars[index] = slice_a; if (i < 14) { size_t slice_b = static_cast( - ((bits >> ((index + 1) * crypto::pedersen::lookup::BITS_PER_TABLE)) & mask).data[0]); + ((bits >> ((index + 1) * crypto::pedersen_hash::lookup::BITS_PER_TABLE)) & mask).data[0]); expected_x[index + 1] = (table[slice_b].x); expected_y[index + 1] = (table[slice_b].y); expected_scalars[index + 1] = slice_b; @@ -160,7 +160,7 @@ TEST(stdlib_plookup, pedersen_lookup_right) } for (size_t i = num_lookups - 2; i < num_lookups; --i) { - expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE); + expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE); } size_t hi_shift = 126; const fr hi_cumulative = lookup_hi[ColumnIdx::C1][0].get_value(); @@ -169,7 +169,7 @@ TEST(stdlib_plookup, pedersen_lookup_right) EXPECT_EQ(lookup_lo[ColumnIdx::C1][i].get_value() + (hi_cumulative * hi_mult), expected_scalars[i]); EXPECT_EQ(lookup_lo[ColumnIdx::C2][i].get_value(), expected_x[i]); EXPECT_EQ(lookup_lo[ColumnIdx::C3][i].get_value(), expected_y[i]); - hi_shift -= crypto::pedersen::lookup::BITS_PER_TABLE; + hi_shift -= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } for (size_t i = 0; i < num_lookups_hi; ++i) { EXPECT_EQ(lookup_hi[ColumnIdx::C1][i].get_value(), expected_scalars[i + num_lookups_lo]); diff --git a/cpp/src/barretenberg/stdlib/recursion/CMakeLists.txt b/cpp/src/barretenberg/stdlib/recursion/CMakeLists.txt index 0790762551..c5d1124e59 100644 --- a/cpp/src/barretenberg/stdlib/recursion/CMakeLists.txt +++ b/cpp/src/barretenberg/stdlib/recursion/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(stdlib_recursion ecc plonk stdlib_primitives stdlib_pedersen stdlib_blake3s) \ No newline at end of file +barretenberg_module(stdlib_recursion ecc plonk stdlib_primitives stdlib_pedersen_commitment stdlib_blake3s) \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/recursion/transcript/transcript.hpp b/cpp/src/barretenberg/stdlib/recursion/transcript/transcript.hpp index fd5352f78d..5654dac23a 100644 --- a/cpp/src/barretenberg/stdlib/recursion/transcript/transcript.hpp +++ b/cpp/src/barretenberg/stdlib/recursion/transcript/transcript.hpp @@ -8,8 +8,8 @@ #include "../../primitives/curves/bn254.hpp" #include "../verification_key/verification_key.hpp" #include "../../hash/blake3s/blake3s.hpp" -#include "../../hash/pedersen/pedersen.hpp" -#include "../../hash/pedersen/pedersen_plookup.hpp" +#include "../../commitment/pedersen/pedersen.hpp" +#include "../../commitment/pedersen/pedersen_plookup.hpp" #include "../../primitives/bigfield/bigfield.hpp" #include "../../primitives/biggroup/biggroup.hpp" #include "../../primitives/bool/bool.hpp" @@ -247,9 +247,9 @@ template class Transcript { field_pt T0; if constexpr (Composer::type == ComposerType::PLOOKUP) { - T0 = stdlib::pedersen_plookup::compress(compression_buffer); + T0 = stdlib::pedersen_plookup_commitment::compress(compression_buffer); } else { - T0 = stdlib::pedersen::compress(compression_buffer); + T0 = stdlib::pedersen_commitment::compress(compression_buffer); } byte_array compressed_buffer(T0); diff --git a/cpp/src/barretenberg/stdlib/recursion/verification_key/verification_key.hpp b/cpp/src/barretenberg/stdlib/recursion/verification_key/verification_key.hpp index b5b448bde9..d5169518bd 100644 --- a/cpp/src/barretenberg/stdlib/recursion/verification_key/verification_key.hpp +++ b/cpp/src/barretenberg/stdlib/recursion/verification_key/verification_key.hpp @@ -12,13 +12,13 @@ #include "barretenberg/ecc/curves/bn254/fq12.hpp" #include "barretenberg/ecc/curves/bn254/pairing.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" -#include "barretenberg/crypto/pedersen/pedersen_lookup.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen_lookup.hpp" #include "../../primitives/uint/uint.hpp" #include "../../primitives/memory/rom_table.hpp" -#include "../../hash/pedersen/pedersen.hpp" -#include "../../hash/pedersen/pedersen_plookup.hpp" +#include "../../commitment/pedersen/pedersen.hpp" +#include "../../commitment/pedersen/pedersen_plookup.hpp" #include "../../primitives/curves/bn254.hpp" namespace plonk { @@ -55,14 +55,14 @@ template struct evaluation_domain { field_t compress() const { if constexpr (Composer::type == ComposerType::PLOOKUP) { - field_t out = pedersen_plookup::compress({ + field_t out = pedersen_plookup_commitment::compress({ root, domain, generator, }); return out; } else { - field_t out = pedersen::compress({ + field_t out = pedersen_commitment::compress({ root, domain, generator, @@ -75,13 +75,13 @@ template struct evaluation_domain { { barretenberg::fr out; if constexpr (Composer::type == ComposerType::PLOOKUP) { - out = crypto::pedersen::lookup::compress_native({ + out = crypto::pedersen_commitment::lookup::compress_native({ input.root, input.domain, input.generator, }); } else { - out = crypto::pedersen::compress_native({ + out = crypto::pedersen_commitment::compress_native({ input.root, input.domain, input.generator, @@ -206,9 +206,9 @@ template struct verification_key { field_t compressed_key; if constexpr (Composer::type == ComposerType::PLOOKUP) { - compressed_key = pedersen_plookup::compress(key_witnesses); + compressed_key = pedersen_plookup_commitment::compress(key_witnesses); } else { - compressed_key = pedersen::compress(key_witnesses); + compressed_key = pedersen_commitment::compress(key_witnesses); } return compressed_key; } @@ -246,9 +246,9 @@ template struct verification_key { } barretenberg::fr compressed_key; if constexpr (Composer::type == ComposerType::PLOOKUP) { - compressed_key = crypto::pedersen::lookup::compress_native(key_witnesses); + compressed_key = crypto::pedersen_commitment::lookup::compress_native(key_witnesses); } else { - compressed_key = crypto::pedersen::compress_native(key_witnesses); + compressed_key = crypto::pedersen_commitment::compress_native(key_witnesses); } return compressed_key; } diff --git a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp index 1a6ee080bb..cb4dfcac57 100644 --- a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp +++ b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp @@ -39,7 +39,7 @@ template class stdlib_verifier : public testing::Test { a = (a * b) + b + a; a = a.madd(b, c); } - plonk::stdlib::pedersen::compress(a, b); + plonk::stdlib::pedersen_commitment::compress(a, b); typename inner_curve::byte_array_ct to_hash(&composer, "nonsense test data"); stdlib::blake3s(to_hash); @@ -86,7 +86,7 @@ template class stdlib_verifier : public testing::Test { a = (a * b) + b + a; a = c.madd(b, a); } - plonk::stdlib::pedersen::compress(a, a); + plonk::stdlib::pedersen_commitment::compress(a, a); inner_curve::byte_array_ct to_hash(&composer, "different nonsense test data"); stdlib::blake3s(to_hash); diff --git a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier_turbo.test.cpp b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier_turbo.test.cpp index 61d0b55a8f..e34bf8cf9a 100644 --- a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier_turbo.test.cpp +++ b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier_turbo.test.cpp @@ -37,7 +37,7 @@ template class stdlib_verifier_turbo : public testing:: a = (a * b) + b + a; a = a.madd(b, c); } - plonk::stdlib::pedersen::compress(a, b); + plonk::stdlib::pedersen_commitment::compress(a, b); typename inner_curve::byte_array_ct to_hash(&composer, "nonsense test data"); stdlib::blake3s(to_hash); @@ -109,7 +109,7 @@ template class stdlib_verifier_turbo : public testing:: a = (a * b) + b + a; a = c.madd(b, a); } - plonk::stdlib::pedersen::compress(a, a); + plonk::stdlib::pedersen_commitment::compress(a, a); inner_curve::byte_array_ct to_hash(&composer, "different nonsense test data"); stdlib::blake3s(to_hash); diff --git a/cpp/src/barretenberg/stdlib/types/types.hpp b/cpp/src/barretenberg/stdlib/types/types.hpp index 4fdc71e1c0..a67be9307c 100644 --- a/cpp/src/barretenberg/stdlib/types/types.hpp +++ b/cpp/src/barretenberg/stdlib/types/types.hpp @@ -13,8 +13,8 @@ #include "barretenberg/stdlib/primitives/witness/witness.hpp" #include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp" #include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp" -#include "barretenberg/stdlib/hash/pedersen/pedersen.hpp" -#include "barretenberg/stdlib/hash/pedersen/pedersen_plookup.hpp" +#include "barretenberg/stdlib/commitment/pedersen/pedersen.hpp" +#include "barretenberg/stdlib/commitment/pedersen/pedersen_plookup.hpp" #include "barretenberg/stdlib/merkle_tree/hash_path.hpp" #include "barretenberg/stdlib/encryption/schnorr/schnorr.hpp" #include "barretenberg/stdlib/primitives/curves/bn254.hpp" @@ -73,7 +73,7 @@ typedef stdlib::bit_array bit_array_ct; typedef stdlib::bigfield fq_ct; typedef stdlib::element biggroup_ct; typedef stdlib::point point_ct; -typedef stdlib::pedersen pedersen; +typedef stdlib::pedersen_commitment pedersen_commitment; typedef stdlib::group group_ct; typedef stdlib::bn254 bn254; typedef stdlib::secp256k1 secp256k1_ct; diff --git a/cpp/src/barretenberg/transcript/CMakeLists.txt b/cpp/src/barretenberg/transcript/CMakeLists.txt index 2142c04ef7..6a00821c3c 100644 --- a/cpp/src/barretenberg/transcript/CMakeLists.txt +++ b/cpp/src/barretenberg/transcript/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(transcript crypto_pedersen crypto_blake3s) \ No newline at end of file +barretenberg_module(transcript crypto_pedersen_commitment crypto_blake3s) \ No newline at end of file diff --git a/cpp/src/barretenberg/transcript/transcript.cpp b/cpp/src/barretenberg/transcript/transcript.cpp index 2e5d5e9e02..0e7d1d1f1e 100644 --- a/cpp/src/barretenberg/transcript/transcript.cpp +++ b/cpp/src/barretenberg/transcript/transcript.cpp @@ -6,8 +6,8 @@ #include "barretenberg/common/net.hpp" #include "barretenberg/crypto/blake3s/blake3s.hpp" #include "barretenberg/crypto/keccak/keccak.hpp" -#include "barretenberg/crypto/pedersen/pedersen.hpp" -#include "barretenberg/crypto/pedersen/pedersen_lookup.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" +#include "barretenberg/crypto/pedersen_commitment/pedersen_lookup.hpp" #include #include #include @@ -213,12 +213,12 @@ void Transcript::apply_fiat_shamir(const std::string& challenge_name /*, const b break; } case HashType::PedersenBlake3s: { - std::vector compressed_buffer = to_buffer(crypto::pedersen::compress_native(buffer)); + std::vector compressed_buffer = to_buffer(crypto::pedersen_commitment::compress_native(buffer)); base_hash = Blake3sHasher::hash(compressed_buffer); break; } case HashType::PlookupPedersenBlake3s: { - std::vector compressed_buffer = crypto::pedersen::lookup::compress_native(buffer); + std::vector compressed_buffer = crypto::pedersen_commitment::lookup::compress_native(buffer); base_hash = Blake3sHasher::hash(compressed_buffer); break; }