chore!: remove hash_to_field_128_security black box function

acvm-repo/acir/src/circuit/black_box_functions.rs

@@ -33,12 +33,6 @@ pub enum BlackBoxFunc {
     PedersenCommitment,
     /// Calculates a Pedersen hash to the inputs.
     PedersenHash,
-    /// Hashes a set of inputs and applies the field modulus to the result
-    /// to return a value which can be represented as a [`FieldElement`][acir_field::FieldElement]
-    ///
-    /// This is implemented using the `Blake2s` hash function.
-    /// The "128" in the name specifies that this function should have 128 bits of security.
-    HashToField128Security,
     /// Verifies a ECDSA signature over the secp256k1 curve.
     EcdsaSecp256k1,
     /// Verifies a ECDSA signature over the secp256r1 curve.
@@ -66,7 +60,6 @@ impl BlackBoxFunc {
             BlackBoxFunc::Blake2s => "blake2s",
             BlackBoxFunc::PedersenCommitment => "pedersen",
             BlackBoxFunc::PedersenHash => "pedersen_hash",
-            BlackBoxFunc::HashToField128Security => "hash_to_field_128_security",
             BlackBoxFunc::EcdsaSecp256k1 => "ecdsa_secp256k1",
             BlackBoxFunc::FixedBaseScalarMul => "fixed_base_scalar_mul",
             BlackBoxFunc::AND => "and",
@@ -84,7 +77,6 @@ impl BlackBoxFunc {
             "blake2s" => Some(BlackBoxFunc::Blake2s),
             "pedersen" => Some(BlackBoxFunc::PedersenCommitment),
             "pedersen_hash" => Some(BlackBoxFunc::PedersenHash),
-            "hash_to_field_128_security" => Some(BlackBoxFunc::HashToField128Security),
             "ecdsa_secp256k1" => Some(BlackBoxFunc::EcdsaSecp256k1),
             "ecdsa_secp256r1" => Some(BlackBoxFunc::EcdsaSecp256r1),
             "fixed_base_scalar_mul" => Some(BlackBoxFunc::FixedBaseScalarMul),

acvm-repo/acir/src/circuit/opcodes/black_box_function_call.rs

@@ -56,12 +56,6 @@ pub enum BlackBoxFuncCall {
         domain_separator: u32,
         output: Witness,
     },
-    // 128 here specifies that this function
-    // should have 128 bits of security
-    HashToField128Security {
-        inputs: Vec<FunctionInput>,
-        output: Witness,
-    },
     EcdsaSecp256k1 {
         public_key_x: Vec<FunctionInput>,
         public_key_y: Vec<FunctionInput>,
@@ -130,7 +124,6 @@ impl BlackBoxFuncCall {
             BlackBoxFuncCall::SchnorrVerify { .. } => BlackBoxFunc::SchnorrVerify,
             BlackBoxFuncCall::PedersenCommitment { .. } => BlackBoxFunc::PedersenCommitment,
             BlackBoxFuncCall::PedersenHash { .. } => BlackBoxFunc::PedersenHash,
-            BlackBoxFuncCall::HashToField128Security { .. } => BlackBoxFunc::HashToField128Security,
             BlackBoxFuncCall::EcdsaSecp256k1 { .. } => BlackBoxFunc::EcdsaSecp256k1,
             BlackBoxFuncCall::EcdsaSecp256r1 { .. } => BlackBoxFunc::EcdsaSecp256r1,
             BlackBoxFuncCall::FixedBaseScalarMul { .. } => BlackBoxFunc::FixedBaseScalarMul,
@@ -150,8 +143,7 @@ impl BlackBoxFuncCall {
             | BlackBoxFuncCall::Blake2s { inputs, .. }
             | BlackBoxFuncCall::Keccak256 { inputs, .. }
             | BlackBoxFuncCall::PedersenCommitment { inputs, .. }
-            | BlackBoxFuncCall::PedersenHash { inputs, .. }
-            | BlackBoxFuncCall::HashToField128Security { inputs, .. } => inputs.to_vec(),
+            | BlackBoxFuncCall::PedersenHash { inputs, .. } => inputs.to_vec(),
             BlackBoxFuncCall::AND { lhs, rhs, .. } | BlackBoxFuncCall::XOR { lhs, rhs, .. } => {
                 vec![*lhs, *rhs]
             }
@@ -244,7 +236,6 @@ impl BlackBoxFuncCall {
             } => outputs.to_vec(),
             BlackBoxFuncCall::AND { output, .. }
             | BlackBoxFuncCall::XOR { output, .. }
-            | BlackBoxFuncCall::HashToField128Security { output, .. }
             | BlackBoxFuncCall::SchnorrVerify { output, .. }
             | BlackBoxFuncCall::EcdsaSecp256k1 { output, .. }
             | BlackBoxFuncCall::PedersenHash { output, .. }

acvm-repo/acvm/src/compiler/transformers/fallback.rs

@@ -129,16 +129,6 @@ impl FallbackTransformer {
                 )
             }
             #[cfg(feature = "unstable-fallbacks")]
-            BlackBoxFuncCall::HashToField128Security { inputs, output } => {
-                let hash_to_field_inputs =
-                    inputs.iter().map(|input| (input.witness.into(), input.num_bits)).collect();
-                stdlib::blackbox_fallbacks::hash_to_field(
-                    hash_to_field_inputs,
-                    *output,
-                    current_witness_idx,
-                )
-            }
-            #[cfg(feature = "unstable-fallbacks")]
             BlackBoxFuncCall::Keccak256 { inputs, outputs } => {
                 let keccak_inputs =
                     inputs.iter().map(|input| (input.witness.into(), input.num_bits)).collect();

acvm-repo/acvm/src/compiler/transformers/mod.rs

@@ -137,11 +137,8 @@ pub(super) fn transform_internal(
                         transformer.mark_solvable(outputs.0);
                         transformer.mark_solvable(outputs.1);
                     }
-                    acir::circuit::opcodes::BlackBoxFuncCall::HashToField128Security {
-                        output,
-                        ..
-                    }
-                    | acir::circuit::opcodes::BlackBoxFuncCall::EcdsaSecp256k1 { output, .. }
+
+                    acir::circuit::opcodes::BlackBoxFuncCall::EcdsaSecp256k1 { output, .. }
                     | acir::circuit::opcodes::BlackBoxFuncCall::EcdsaSecp256r1 { output, .. }
                     | acir::circuit::opcodes::BlackBoxFuncCall::SchnorrVerify { output, .. }
                     | acir::circuit::opcodes::BlackBoxFuncCall::PedersenHash { output, .. } => {

acvm-repo/acvm/src/pwg/blackbox/hash.rs

@@ -3,26 +3,11 @@ use acir::{
     native_types::{Witness, WitnessMap},
     BlackBoxFunc, FieldElement,
 };
-use acvm_blackbox_solver::{hash_to_field_128_security, BlackBoxResolutionError};
+use acvm_blackbox_solver::BlackBoxResolutionError;
 
 use crate::pwg::{insert_value, witness_to_value};
 use crate::OpcodeResolutionError;
 
-/// Attempts to solve a `HashToField128Security` opcode
-/// If successful, `initial_witness` will be mutated to contain the new witness assignment.
-pub(super) fn solve_hash_to_field(
-    initial_witness: &mut WitnessMap,
-    inputs: &[FunctionInput],
-    output: &Witness,
-) -> Result<(), OpcodeResolutionError> {
-    let message_input = get_hash_input(initial_witness, inputs, None)?;
-    let field = hash_to_field_128_security(&message_input)?;
-
-    insert_value(output, field, initial_witness)?;
-
-    Ok(())
-}
-
 /// Attempts to solve a 256 bit hash function opcode.
 /// If successful, `initial_witness` will be mutated to contain the new witness assignment.
 pub(super) fn solve_generic_256_hash_opcode(

acvm-repo/acvm/src/pwg/blackbox/mod.rs

@@ -19,7 +19,7 @@ mod signature;
 
 use fixed_base_scalar_mul::fixed_base_scalar_mul;
 // Hash functions should eventually be exposed for external consumers.
-use hash::{solve_generic_256_hash_opcode, solve_hash_to_field};
+use hash::solve_generic_256_hash_opcode;
 use logic::{and, xor};
 use pedersen::pedersen;
 use range::solve_range_opcode;
@@ -101,9 +101,6 @@ pub(crate) fn solve(
                 bb_func.get_black_box_func(),
             )
         }
-        BlackBoxFuncCall::HashToField128Security { inputs, output } => {
-            solve_hash_to_field(initial_witness, inputs, output)
-        }
         BlackBoxFuncCall::SchnorrVerify {
             public_key_x,
             public_key_y,

acvm-repo/acvm/tests/stdlib.rs

@@ -14,7 +14,7 @@ use acvm::{
     pwg::{ACVMStatus, ACVM},
     Language,
 };
-use acvm_blackbox_solver::{blake2s, hash_to_field_128_security, keccak256, sha256};
+use acvm_blackbox_solver::{blake2s, keccak256, sha256};
 use paste::paste;
 use proptest::prelude::*;
 use std::collections::{BTreeMap, BTreeSet};
@@ -298,57 +298,3 @@ macro_rules! test_hashes {
         }
     };
 }
-
-fn does_not_support_hash_to_field(opcode: &Opcode) -> bool {
-    !matches!(opcode, Opcode::BlackBoxFuncCall(BlackBoxFuncCall::HashToField128Security { .. }))
-}
-
-proptest! {
-    #![proptest_config(ProptestConfig::with_cases(3))]
-    #[test]
-    fn test_hash_to_field(input_values in proptest::collection::vec(0..u8::MAX, 1..50)) {
-        let mut opcodes = Vec::new();
-        let mut witness_assignments = BTreeMap::new();
-        let mut input_witnesses: Vec<FunctionInput> = Vec::new();
-
-        // prepare test data
-        let mut counter = 0;
-        let output = hash_to_field_128_security(&input_values).unwrap();
-        for inp_v in input_values {
-            counter += 1;
-            let function_input = FunctionInput { witness: Witness(counter), num_bits: 8 };
-            input_witnesses.push(function_input);
-            witness_assignments.insert(Witness(counter), FieldElement::from(inp_v as u128));
-        }
-
-        counter += 1;
-        let correct_result_witnesses: Witness = Witness(counter);
-        witness_assignments.insert(Witness(counter), output);
-
-        counter += 1;
-        let output_witness: Witness = Witness(counter);
-
-        let blackbox = Opcode::BlackBoxFuncCall(BlackBoxFuncCall::HashToField128Security { inputs: input_witnesses, output: output_witness });
-        opcodes.push(blackbox);
-
-        // constrain the output to be the same as the hasher
-        let mut output_constraint = Expression::from(correct_result_witnesses);
-        output_constraint.push_addition_term(-FieldElement::one(), output_witness);
-        opcodes.push(Opcode::Arithmetic(output_constraint));
-
-        // compile circuit
-        let circuit = Circuit {
-            current_witness_index: witness_assignments.len() as u32 + 1,
-            opcodes,
-            private_parameters: BTreeSet::new(), // This is not correct but is unused in this test.
-            ..Circuit::default()
-        };
-        let circuit = compile(circuit, Language::PLONKCSat{ width: 3 }, does_not_support_hash_to_field).unwrap().0;
-
-        // solve witnesses
-        let mut acvm = ACVM::new(&StubbedBackend, &circuit.opcodes, witness_assignments.into());
-        let solver_status = acvm.solve();
-
-        prop_assert_eq!(solver_status, ACVMStatus::Solved, "should be fully solved");
-    }
-}

acvm-repo/acvm_js/src/black_box_solvers.rs

@@ -40,21 +40,6 @@ pub fn keccak256(inputs: &[u8]) -> Vec<u8> {
     acvm::blackbox_solver::keccak256(inputs).unwrap().into()
 }
 
-/// Calculates the Blake2s256 hash of the input bytes and represents these as a single field element.
-// #[wasm_bindgen]
-// pub fn hash_to_field_128_security(inputs: Vec<JsString>) -> JsString {
-//     let input_bytes: Vec<u8> = inputs
-//         .into_iter()
-//         .flat_map(|field_string| {
-//             let field_element = js_value_to_field_element(field_string.into()).unwrap();
-//             witness_assignment.fetch_nearest_bytes(FieldElement::max_num_bits());
-//         })
-//         .collect();
-//     field_element_to_js_string(
-//         &acvm::blackbox_solver::hash_to_field_128_security(&input_bytes).unwrap(),
-//     )
-// }
-
 /// Verifies a ECDSA signature over the secp256k1 curve.
 #[wasm_bindgen]
 pub fn ecdsa_secp256k1_verify(

acvm-repo/blackbox_solver/src/lib.rs

@@ -66,11 +66,6 @@ pub fn keccak256(inputs: &[u8]) -> Result<[u8; 32], BlackBoxResolutionError> {
         .map_err(|err| BlackBoxResolutionError::Failed(BlackBoxFunc::Keccak256, err))
 }
 
-pub fn hash_to_field_128_security(inputs: &[u8]) -> Result<FieldElement, BlackBoxResolutionError> {
-    generic_hash_to_field::<Blake2s256>(inputs)
-        .map_err(|err| BlackBoxResolutionError::Failed(BlackBoxFunc::HashToField128Security, err))
-}
-
 pub fn ecdsa_secp256k1_verify(
     hashed_msg: &[u8],
     public_key_x: &[u8; 32],
@@ -97,14 +92,6 @@ fn generic_hash_256<D: Digest>(message: &[u8]) -> Result<[u8; 32], String> {
     Ok(output_bytes)
 }
 
-/// Does a generic hash of the entire inputs converting the resulting hash into a single output field.
-fn generic_hash_to_field<D: Digest>(message: &[u8]) -> Result<FieldElement, String> {
-    let output_bytes: [u8; 32] =
-        D::digest(message).as_slice().try_into().map_err(|_| "digest should be 256 bits")?;
-
-    Ok(FieldElement::from_be_bytes_reduce(&output_bytes))
-}
-
 fn verify_secp256k1_ecdsa_signature(
     hashed_msg: &[u8],
     public_key_x_bytes: &[u8; 32],

acvm-repo/brillig/src/black_box.rs

@@ -11,12 +11,6 @@ pub enum BlackBoxOp {
     Blake2s { message: HeapVector, output: HeapArray },
     /// Calculates the Keccak256 hash of the inputs.
     Keccak256 { message: HeapVector, output: HeapArray },
-    /// Hashes a set of inputs and applies the field modulus to the result
-    /// to return a value which can be represented as a [`FieldElement`][acir_field::FieldElement]
-    ///
-    /// This is implemented using the `Blake2s` hash function.
-    /// The "128" in the name specifies that this function should have 128 bits of security.
-    HashToField128Security { message: HeapVector, output: RegisterIndex },
     /// Verifies a ECDSA signature over the secp256k1 curve.
     EcdsaSecp256k1 {
         hashed_msg: HeapVector,

acvm-repo/brillig_vm/src/black_box.rs

@@ -1,8 +1,8 @@
 use acir::brillig::{BlackBoxOp, HeapArray, HeapVector, Value};
 use acir::{BlackBoxFunc, FieldElement};
 use acvm_blackbox_solver::{
-    blake2s, ecdsa_secp256k1_verify, ecdsa_secp256r1_verify, hash_to_field_128_security, keccak256,
-    sha256, BlackBoxFunctionSolver, BlackBoxResolutionError,
+    blake2s, ecdsa_secp256k1_verify, ecdsa_secp256r1_verify, keccak256, sha256,
+    BlackBoxFunctionSolver, BlackBoxResolutionError,
 };
 
 use crate::{Memory, Registers};
@@ -64,13 +64,6 @@ pub(crate) fn evaluate_black_box<Solver: BlackBoxFunctionSolver>(
             memory.write_slice(registers.get(output.pointer).to_usize(), &to_value_vec(&bytes));
             Ok(())
         }
-        BlackBoxOp::HashToField128Security { message, output } => {
-            let field = hash_to_field_128_security(&to_u8_vec(read_heap_vector(
-                memory, registers, message,
-            )))?;
-            registers.set(*output, field.into());
-            Ok(())
-        }
         BlackBoxOp::EcdsaSecp256k1 {
             hashed_msg,
             public_key_x,

compiler/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs

@@ -58,19 +58,6 @@ pub(crate) fn convert_black_box_call(
                 unreachable!("ICE: Keccak256 expects message, message size and result array")
             }
         }
-        BlackBoxFunc::HashToField128Security => {
-            if let ([message], [BrilligVariable::Simple(result_register)]) =
-                (function_arguments, function_results)
-            {
-                let message_vector = convert_array_or_vector(brillig_context, message, bb_func);
-                brillig_context.black_box_op_instruction(BlackBoxOp::HashToField128Security {
-                    message: message_vector.to_heap_vector(),
-                    output: *result_register,
-                });
-            } else {
-                unreachable!("ICE: HashToField128Security expects one array argument and one register result")
-            }
-        }
         BlackBoxFunc::EcdsaSecp256k1 => {
             if let (
                 [BrilligVariable::BrilligArray(public_key_x), BrilligVariable::BrilligArray(public_key_y), BrilligVariable::BrilligArray(signature), message],

compiler/noirc_evaluator/src/brillig/brillig_ir/debug_show.rs

@@ -353,14 +353,7 @@ impl DebugShow {
             BlackBoxOp::Blake2s { message, output } => {
                 debug_println!(self.enable_debug_trace, "  BLAKE2S {} -> {}", message, output);
             }
-            BlackBoxOp::HashToField128Security { message, output } => {
-                debug_println!(
-                    self.enable_debug_trace,
-                    "  HASH_TO_FIELD_128_SECURITY {} -> {}",
-                    message,
-                    output
-                );
-            }
+
             BlackBoxOp::EcdsaSecp256k1 {
                 hashed_msg,
                 public_key_x,

compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/generated_acir.rs

@@ -155,10 +155,6 @@ impl GeneratedAcir {
             BlackBoxFunc::Blake2s => {
                 BlackBoxFuncCall::Blake2s { inputs: inputs[0].clone(), outputs }
             }
-            BlackBoxFunc::HashToField128Security => BlackBoxFuncCall::HashToField128Security {
-                inputs: inputs[0].clone(),
-                output: outputs[0],
-            },
             BlackBoxFunc::SchnorrVerify => {
                 BlackBoxFuncCall::SchnorrVerify {
                     public_key_x: inputs[0][0],
@@ -574,8 +570,7 @@ fn black_box_func_expected_input_size(name: BlackBoxFunc) -> Option<usize> {
         | BlackBoxFunc::SHA256
         | BlackBoxFunc::Blake2s
         | BlackBoxFunc::PedersenCommitment
-        | BlackBoxFunc::PedersenHash
-        | BlackBoxFunc::HashToField128Security => None,
+        | BlackBoxFunc::PedersenHash => None,
 
         // Can only apply a range constraint to one
         // witness at a time.
@@ -603,8 +598,6 @@ fn black_box_expected_output_size(name: BlackBoxFunc) -> Option<usize> {
         BlackBoxFunc::AND | BlackBoxFunc::XOR => Some(1),
         // 32 byte hash algorithms
         BlackBoxFunc::Keccak256 | BlackBoxFunc::SHA256 | BlackBoxFunc::Blake2s => Some(32),
-        // Hash to field returns a field element
-        BlackBoxFunc::HashToField128Security => Some(1),
         // Pedersen commitment returns a point
         BlackBoxFunc::PedersenCommitment => Some(2),
         // Pedersen hash returns a field

compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs

@@ -393,18 +393,6 @@ fn simplify_black_box_func(
                 _ => SimplifyResult::None,
             }
         }
-        BlackBoxFunc::HashToField128Security => match dfg.get_array_constant(arguments[0]) {
-            Some((input, _)) if array_is_constant(dfg, &input) => {
-                let input_bytes: Vec<u8> = to_u8_vec(dfg, input);
-
-                let field = acvm::blackbox_solver::hash_to_field_128_security(&input_bytes)
-                    .expect("Rust solvable black box function should not fail");
-
-                let field_constant = dfg.make_constant(field, Type::field());
-                SimplifyResult::SimplifiedTo(field_constant)
-            }
-            _ => SimplifyResult::None,
-        },
 
         BlackBoxFunc::EcdsaSecp256k1 => {
             simplify_signature(dfg, arguments, acvm::blackbox_solver::ecdsa_secp256k1_verify)

docs/docs/standard_library/cryptographic_primitives/00_hashes.mdx

@@ -162,6 +162,4 @@ fn hash_to_field<N>(_input : [Field; N]) -> Field {}
 ```
 
 Calculates the `blake2s` hash of the inputs and returns the hash modulo the field modulus to return
-a value which can be represented as a `Field`.
-
-<BlackBoxInfo />
+a value which can be represented as a `Field`.