Barretenberg: src/barretenberg/solidity_helpers/circuits/ecdsa_circuit.hpp Source File

#pragma once

#include "barretenberg/crypto/ecdsa/ecdsa.hpp"

#include "barretenberg/crypto/hashers/hashers.hpp"

#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"

#include "barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp"

#include "barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp"

#include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp"

#include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp"

#include "barretenberg/stdlib/primitives/bool/bool.hpp"

#include "barretenberg/stdlib/primitives/curves/secp256k1.hpp"

#include "barretenberg/stdlib/primitives/field/field.hpp"

#include "barretenberg/stdlib/primitives/witness/witness.hpp"


namespace bb {


class EcdsaCircuit {

  public:

    using Builder = bb::UltraCircuitBuilder;

    using field_ct = stdlib::field_t<Builder>;

    using bool_ct = stdlib::bool_t<Builder>;

    using public_witness_ct = stdlib::public_witness_t<Builder>;

    using byte_array_ct = stdlib::byte_array<Builder>;

    using curve = stdlib::secp256k1<Builder>;


    static constexpr size_t NUM_PUBLIC_INPUTS = 6;


    static Builder generate(uint256_t public_inputs[])

    {

        Builder builder;


        // IN CIRCUIT

        // Create an input buffer the same size as our inputs

        typename curve::byte_array_ct input_buffer(&builder, NUM_PUBLIC_INPUTS);

        for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) {

            input_buffer[i] = public_witness_ct(&builder, public_inputs[i]);

        }


        // This is the message that we would like to confirm

        std::string message_string(NUM_PUBLIC_INPUTS, '\0');

        for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) {

            message_string[i] = static_cast<char>(static_cast<uint8_t>(public_inputs[i]));

        }

        auto message = typename curve::byte_array_ct(&builder, message_string);


        // Assert that the public inputs buffer matches the message we want

        for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) {

            input_buffer[i].assert_equal(message[i]);

        }


        // UNCONSTRAINED: create a random keypair to sign with

        crypto::ecdsa_key_pair<typename curve::fr, typename curve::g1> account;

        account.private_key = curve::fr::random_element();

        account.public_key = curve::g1::one * account.private_key;


        // UNCONSTRAINED: create a sig

        crypto::ecdsa_signature signature = crypto::

            ecdsa_construct_signature<crypto::Sha256Hasher, typename curve::fq, typename curve::fr, typename curve::g1>(

                message_string, account);


        // UNCONSTRAINED: verify the created signature

        bool dry_run = crypto::

            ecdsa_verify_signature<crypto::Sha256Hasher, typename curve::fq, typename curve::fr, typename curve::g1>(

                message_string, account.public_key, signature);

        if (!dry_run) {

            throw_or_abort("[non circuit]: Sig verification failed");

        }


        // IN CIRCUIT: create a witness with the pub key in our circuit

        typename curve::g1_bigfr_ct public_key = curve::g1_bigfr_ct::from_witness(&builder, account.public_key);


        std::vector<uint8_t> rr(signature.r.begin(), signature.r.end());

        std::vector<uint8_t> ss(signature.s.begin(), signature.s.end());


        // IN CIRCUIT: create a witness with the sig in our circuit

        stdlib::ecdsa_signature<Builder> sig{ typename curve::byte_array_ct(&builder, rr),

                                              typename curve::byte_array_ct(&builder, ss) };


        stdlib::byte_array<Builder> hashed_message =

            static_cast<stdlib::byte_array<Builder>>(stdlib::SHA256<Builder>::hash(input_buffer));


        // IN CIRCUIT: verify the signature

        typename curve::bool_ct signature_result = stdlib::ecdsa_verify_signature<Builder,

                                                                                  curve,

                                                                                  typename curve::fq_ct,

                                                                                  typename curve::bigfr_ct,

                                                                                  typename curve::g1_bigfr_ct>(

            // hashed_message, public_key, sig);

            hashed_message,

            public_key,

            sig);


        // Assert the signature is true

        signature_result.assert_equal(bool_ct(true));


        return builder;

    }


};


} // namespace bb

bigfield.hpp

biggroup.hpp

bb::EcdsaCircuit
Definition ecdsa_circuit.hpp:16

bb::EcdsaCircuit::NUM_PUBLIC_INPUTS
static constexpr size_t NUM_PUBLIC_INPUTS
Definition ecdsa_circuit.hpp:25

bb::EcdsaCircuit::bool_ct
stdlib::bool_t< Builder > bool_ct
Definition ecdsa_circuit.hpp:20

bb::EcdsaCircuit::Builder
bb::UltraCircuitBuilder Builder
Definition ecdsa_circuit.hpp:18

bb::EcdsaCircuit::public_witness_ct
stdlib::public_witness_t< Builder > public_witness_ct
Definition ecdsa_circuit.hpp:21

bb::EcdsaCircuit::curve
stdlib::secp256k1< Builder > curve
Definition ecdsa_circuit.hpp:23

bb::EcdsaCircuit::generate
static Builder generate(uint256_t public_inputs[])
Definition ecdsa_circuit.hpp:27

bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:42

bb::group::one
static constexpr element one
Definition group.hpp:46

bb::numeric::uint256_t
Definition uint256.hpp:32

bb::stdlib::SHA256::hash
static byte_array< Builder > hash(const byte_array_ct &input)
Definition sha256.cpp:308

bb::stdlib::bool_t
Implements boolean logic in-circuit.
Definition bool.hpp:59

bb::stdlib::byte_array
Represents a dynamic array of bytes in-circuit.
Definition byte_array.hpp:28

bb::stdlib::field_t< Builder >

bb::stdlib::public_witness_t
Definition witness.hpp:59

builder
AluTraceBuilder builder
Definition alu.test.cpp:123

ecdsa.hpp

grumpkin.hpp

hashers.hpp

bb::stdlib::ecdsa_verify_signature
bool_t< Builder > ecdsa_verify_signature(const stdlib::byte_array< Builder > &hashed_message, const G1 &public_key, const ecdsa_signature< Builder > &sig)
Verify ECDSA signature. Returns bool_t(true/false) depending on whether the signature is valid or not...
Definition ecdsa_impl.hpp:128

bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6

bb::UltraCircuitBuilder
UltraCircuitBuilder_< UltraExecutionTraceBlocks > UltraCircuitBuilder
Definition circuit_builders_fwd.hpp:24

ecdsa.hpp

ecdsa_impl.hpp

bool.hpp

secp256k1.hpp

field.hpp

bb::crypto::ecdsa_key_pair
Definition ecdsa.hpp:18

bb::crypto::ecdsa_key_pair::public_key
G1::affine_element public_key
Definition ecdsa.hpp:20

bb::crypto::ecdsa_key_pair::private_key
Fr private_key
Definition ecdsa.hpp:19

bb::crypto::ecdsa_signature
Definition ecdsa.hpp:25

bb::crypto::ecdsa_signature::r
std::array< uint8_t, 32 > r
Definition ecdsa.hpp:26

bb::crypto::ecdsa_signature::s
std::array< uint8_t, 32 > s
Definition ecdsa.hpp:27

bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:665

bb::stdlib::ecdsa_signature
Definition ecdsa.hpp:14

bb::stdlib::secp256k1
Definition secp256k1.hpp:17

bb::stdlib::secp256k1::byte_array_ct
byte_array< Builder > byte_array_ct
Definition secp256k1.hpp:28

bb::stdlib::secp256k1::fq_ct
bigfield< Builder, typename ::bb::secp256k1::FqParams > fq_ct
Definition secp256k1.hpp:31

bb::stdlib::secp256k1::g1_bigfr_ct
element< Builder, fq_ct, bigfr_ct, g1 > g1_bigfr_ct
Definition secp256k1.hpp:34

bb::stdlib::secp256k1::bigfr_ct
bigfield< Builder, typename ::bb::secp256k1::FrParams > bigfr_ct
Definition secp256k1.hpp:32

throw_or_abort
void throw_or_abort(std::string const &err)
Definition throw_or_abort.hpp:6

witness.hpp