Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
Namespaces | Classes | Typedefs | Enumerations | Functions | Variables
bb::crypto Namespace Reference

Namespaces

namespace  merkle_tree
 

Classes

struct  blake2s_state__
 
struct  Blake2sHasher
 
struct  ecdsa_key_pair
 
struct  ecdsa_signature
 
class  FieldSponge
 Implements a cryptographic sponge over prime fields. Implements the sponge specification from the Community Cryptographic Specification Project see https://github.com/C2SP/C2SP/blob/792c1254124f625d459bfe34417e8f6bdd02eb28/poseidon-sponge.md (Note: this spec was not accepted into the C2SP repo, we might want to reference something else!) More...
 
class  generator_data
 class that stores precomputed generators used for Pedersen commitments and Pedersen hashes More...
 
struct  GeneratorContext
 
struct  KeccakHasher
 
class  pedersen_commitment_base
 Performs pedersen commitments! More...
 
class  pedersen_hash_base
 Performs pedersen hashes! More...
 
class  Poseidon2
 
struct  Poseidon2Bn254ScalarFieldParams
 
class  Poseidon2Permutation
 Applies the Poseidon2 permutation function from https://eprint.iacr.org/2023/323 . This algorithm was implemented using https://github.com/HorizenLabs/poseidon2 as a reference. More...
 
struct  schnorr_key_pair
 
class  schnorr_multisig
 Implements the SpeedyMuSig protocol; a secure 2-round interactive multisignature scheme whose signature outputs can be verified by a regular Schnorr verification algorithm. More...
 
struct  schnorr_signature
 
struct  SchnorrProofOfPossession
 A proof of possession is a Schnorr proof of knowledge of a secret key corresponding to a given public key. More...
 
struct  Sha256Hasher
 

Typedefs

typedef struct bb::crypto::blake2s_state__ blake2s_state
 
typedef struct blake2s_param__ blake2s_param
 
using pedersen_commitment = pedersen_commitment_base< curve::Grumpkin >
 
using pedersen_hash = pedersen_hash_base< curve::Grumpkin >
 
using Sha256Hash = std::array< uint8_t, 32 >
 

Enumerations

enum  blake2s_constant {
  BLAKE2S_BLOCKBYTES = 64 , BLAKE2S_OUTBYTES = 32 , BLAKE2S_KEYBYTES = 32 , BLAKE2S_SALTBYTES = 8 ,
  BLAKE2S_PERSONALBYTES = 8
}
 
enum  { BLAKE2_DUMMY_1 = 1 / (sizeof(blake2s_param) == BLAKE2S_OUTBYTES) }
 

Functions

void aes128_expand_key (const uint8_t *key, uint8_t *round_key)
 
void aes128_inverse_cipher (uint8_t *input, const uint8_t *round_key)
 
void aes128_cipher (uint8_t *state, const uint8_t *round_key)
 
void aes128_encrypt_buffer_cbc (uint8_t *buffer, uint8_t *iv, const uint8_t *key, const size_t length)
 
void aes128_decrypt_buffer_cbc (uint8_t *buffer, uint8_t *iv, const uint8_t *key, const size_t length)
 
int blake2s_init_param (blake2s_state *S, const blake2s_param *P)
 
int blake2s_init (blake2s_state *S, size_t outlen)
 
int blake2s_update (blake2s_state *S, const void *pin, size_t inlen)
 
int blake2s_final (blake2s_state *S, void *out, size_t outlen)
 
std::array< uint8_t, BLAKE2S_OUTBYTESblake2s (std::vector< uint8_t > const &input)
 
 BLAKE2_PACKED (struct blake2s_param__ { uint8_t digest_length;uint8_t key_length;uint8_t fanout;uint8_t depth;uint32_t leaf_length;uint32_t node_offset;uint16_t xof_length;uint8_t node_depth;uint8_t inner_length;uint8_t salt[BLAKE2S_SALTBYTES];uint8_t personal[BLAKE2S_PERSONALBYTES];})
 
int blake2s_init_key (blake2s_state *S, size_t outlen, const void *key, size_t keylen)
 
template<typename Hash , typename Fq , typename Fr , typename G1 >
ecdsa_signature ecdsa_construct_signature (const std::string &message, const ecdsa_key_pair< Fr, G1 > &account)
 
template<typename Hash , typename Fq , typename Fr , typename G1 >
G1::affine_element ecdsa_recover_public_key (const std::string &message, const ecdsa_signature &sig)
 
template<typename Hash , typename Fq , typename Fr , typename G1 >
bool ecdsa_verify_signature (const std::string &message, const typename G1::affine_element &public_key, const ecdsa_signature &signature)
 
bool operator== (ecdsa_signature const &lhs, ecdsa_signature const &rhs)
 
std::ostream & operator<< (std::ostream &os, ecdsa_signature const &sig)
 
 TEST (GeneratorContext, DeriveDefaultGenerators)
 
template<typename Hash , typename MessageContainer , typename KeyContainer >
std::array< uint8_t, Hash::OUTPUT_SIZE > hmac (const MessageContainer &message, const KeyContainer &key)
 Compute an HMAC given a secret key and a message.
 
template<typename Hash , typename Fr , typename MessageContainer , typename KeyContainer >
requires (Hash::OUTPUT_SIZE == 32)
Fr get_unbiased_field_from_hmac (const MessageContainer &message, const KeyContainer &key)
 Takes a size-HASH_OUTPUT buffer from HMAC and converts into a field element.
 
 TEST (Pedersen, Commitment)
 
 TEST (Pedersen, CommitmentWithZero)
 
 TEST (Pedersen, CommitmentProf)
 
 TEST (Pedersen, GeneratorPrinter)
 
 TEST (Pedersen, DeriveLengthGenerator)
 
 TEST (Pedersen, Hash)
 
 TEST (Pedersen, HashWithIndex)
 
template<typename B , typename G1 , typename Hash >
void read (B &it, SchnorrProofOfPossession< G1, Hash > &proof_of_possession)
 
template<typename B , typename G1 , typename Hash >
void write (B &buf, SchnorrProofOfPossession< G1, Hash > const &proof_of_possession)
 
template<typename Hash , typename Fq , typename Fr , typename G1 >
bool schnorr_verify_signature (const std::string &message, const typename G1::affine_element &public_key, const schnorr_signature &sig)
 
template<typename Hash , typename Fq , typename Fr , typename G1 >
schnorr_signature schnorr_construct_signature (const std::string &message, const schnorr_key_pair< Fr, G1 > &account)
 
bool operator== (schnorr_signature const &lhs, schnorr_signature const &rhs)
 
std::ostream & operator<< (std::ostream &os, schnorr_signature const &sig)
 
template<typename B >
void read (B &it, schnorr_key_pair< grumpkin::fr, grumpkin::g1 > &keypair)
 
template<typename B >
void write (B &buf, schnorr_key_pair< grumpkin::fr, grumpkin::g1 > const &keypair)
 
void prepare_constants (std::array< uint32_t, 8 > &input)
 
std::array< uint32_t, 8 > sha256_block (const std::array< uint32_t, 8 > &h_init, const std::array< uint32_t, 16 > &input)
 
Sha256Hash sha256_block (const std::vector< uint8_t > &input)
 
template<typename ByteContainer >
Sha256Hash sha256 (const ByteContainer &input)
 
template Sha256Hash sha256< std::vector< uint8_t > > (const std::vector< uint8_t > &input)
 
template Sha256Hash sha256< std::array< uint8_t, 32 > > (const std::array< uint8_t, 32 > &input)
 
template Sha256Hash sha256< std::string > (const std::string &input)
 
template Sha256Hash sha256< std::span< uint8_t > > (const std::span< uint8_t > &input)
 
template<typename T >
Sha256Hash sha256 (const T &input)
 
bb::fr sha256_to_field (std::vector< uint8_t > const &input)
 
bool operator== (Sha256Hash const &lhs, std::vector< uint8_t > const &rhs)
 

Variables

constexpr uint64_t aes128_sparse_base = 9
 

Detailed Description

AES-128 Cipher

Implements AES-128 block cipher, and buffer encryption using cbc cipher chaining

Based off of tiny-AES by @kokke : https://github.com/kokke/tiny-AES-c

Typedef Documentation

◆ blake2s_param

typedef struct blake2s_param__ bb::crypto::blake2s_param

Definition at line 69 of file blake2s.hpp.

◆ blake2s_state

typedef struct bb::crypto::blake2s_state__ bb::crypto::blake2s_state

◆ pedersen_commitment

using bb::crypto::pedersen_commitment = typedef pedersen_commitment_base<curve::Grumpkin>

Definition at line 39 of file pedersen.hpp.

◆ pedersen_hash

using bb::crypto::pedersen_hash = typedef pedersen_hash_base<curve::Grumpkin>

Definition at line 47 of file pedersen.hpp.

◆ Sha256Hash

using bb::crypto::Sha256Hash = typedef std::array<uint8_t, 32>

Definition at line 18 of file sha256.hpp.

Enumeration Type Documentation

◆ anonymous enum

anonymous enum
Enumerator
BLAKE2_DUMMY_1 

Definition at line 72 of file blake2s.hpp.

◆ blake2s_constant

enum bb::crypto::blake2s_constant
Enumerator
BLAKE2S_BLOCKBYTES 
BLAKE2S_OUTBYTES 
BLAKE2S_KEYBYTES 
BLAKE2S_SALTBYTES 
BLAKE2S_PERSONALBYTES 

Definition at line 36 of file blake2s.hpp.

Function Documentation

◆ aes128_cipher()

void bb::crypto::aes128_cipher ( uint8_t *  state,
const uint8_t *  round_key 
)

Definition at line 217 of file aes128.cpp.

◆ aes128_decrypt_buffer_cbc()

void bb::crypto::aes128_decrypt_buffer_cbc ( uint8_t *  buffer,
uint8_t *  iv,
const uint8_t *  key,
const size_t  length 
)

Definition at line 253 of file aes128.cpp.

◆ aes128_encrypt_buffer_cbc()

void bb::crypto::aes128_encrypt_buffer_cbc ( uint8_t *  buffer,
uint8_t *  iv,
const uint8_t *  key,
const size_t  length 
)

Definition at line 233 of file aes128.cpp.

◆ aes128_expand_key()

void bb::crypto::aes128_expand_key ( const uint8_t *  key,
uint8_t *  round_key 
)

Definition at line 160 of file aes128.cpp.

◆ aes128_inverse_cipher()

void bb::crypto::aes128_inverse_cipher ( uint8_t *  input,
const uint8_t *  round_key 
)

Definition at line 201 of file aes128.cpp.

◆ BLAKE2_PACKED()

bb::crypto::BLAKE2_PACKED ( struct blake2s_param__ { uint8_t digest_length;uint8_t key_length;uint8_t fanout;uint8_t depth;uint32_t leaf_length;uint32_t node_offset;uint16_t xof_length;uint8_t node_depth;uint8_t inner_length;uint8_t salt[BLAKE2S_SALTBYTES];uint8_t personal[BLAKE2S_PERSONALBYTES];}  )

◆ blake2s()

std::array< uint8_t, BLAKE2S_OUTBYTES > bb::crypto::blake2s ( std::vector< uint8_t > const &  input)

Definition at line 232 of file blake2s.cpp.

◆ blake2s_final()

int bb::crypto::blake2s_final ( blake2s_state S,
void *  out,
size_t  outlen 
)

Definition at line 208 of file blake2s.cpp.

◆ blake2s_init()

int bb::crypto::blake2s_init ( blake2s_state S,
size_t  outlen 
)

Definition at line 93 of file blake2s.cpp.

◆ blake2s_init_key()

int bb::crypto::blake2s_init_key ( blake2s_state S,
size_t  outlen,
const void *  key,
size_t  keylen 
)

◆ blake2s_init_param()

int bb::crypto::blake2s_init_param ( blake2s_state S,
const blake2s_param P 
)

Definition at line 77 of file blake2s.cpp.

◆ blake2s_update()

int bb::crypto::blake2s_update ( blake2s_state S,
const void *  pin,
size_t  inlen 
)

Definition at line 182 of file blake2s.cpp.

◆ ecdsa_construct_signature()

template<typename Hash , typename Fq , typename Fr , typename G1 >
ecdsa_signature bb::crypto::ecdsa_construct_signature ( const std::string &  message,
const ecdsa_key_pair< Fr, G1 > &  account 
)

Definition at line 16 of file ecdsa_impl.hpp.

◆ ecdsa_recover_public_key()

template<typename Hash , typename Fq , typename Fr , typename G1 >
G1::affine_element bb::crypto::ecdsa_recover_public_key ( const std::string &  message,
const ecdsa_signature sig 
)

Definition at line 61 of file ecdsa_impl.hpp.

◆ ecdsa_verify_signature()

template<typename Hash , typename Fq , typename Fr , typename G1 >
bool bb::crypto::ecdsa_verify_signature ( const std::string &  message,
const typename G1::affine_element &  public_key,
const ecdsa_signature signature 
)

Definition at line 133 of file ecdsa_impl.hpp.

◆ get_unbiased_field_from_hmac()

template<typename Hash , typename Fr , typename MessageContainer , typename KeyContainer >
requires (Hash::OUTPUT_SIZE == 32)
Fr bb::crypto::get_unbiased_field_from_hmac ( const MessageContainer &  message,
const KeyContainer &  key 
)

Takes a size-HASH_OUTPUT buffer from HMAC and converts into a field element.

We assume HASH_OUTPUT = 32. Reducing HMAC(key, message) modulo r would result in an unacceptable bias. We hash input with 0 and 1 to produce 64 bytes of input data. This is then converted into a uin512_t, which is taken modulo Fr::modulus to produce our field element, where the statistical bias is negligble in the security parameter.

Template Parameters
Hashthe hash function we're using
Frfield type
MessageContainera byte container (std::vector<uint8_t>, std::array<uint8_t, ...>, std::string)
KeyContainera byte container
Parameters
messagethe input buffer
keykey used to derive
Returns
Fr output field element as uint512_t( H(10...0 || HMAC(k,m)) || H(00...0 || HMAC(k,m)) ) % r

Definition at line 102 of file hmac.hpp.

◆ hmac()

template<typename Hash , typename MessageContainer , typename KeyContainer >
std::array< uint8_t, Hash::OUTPUT_SIZE > bb::crypto::hmac ( const MessageContainer &  message,
const KeyContainer &  key 
)

Compute an HMAC given a secret key and a message.

Template Parameters
Hashhasher being used
MessageContainera byte container (std::vector<uint8_t>, std::array<uint8_t, ...>, std::string)
KeyContainera byte container
Parameters
messagethe message!
keythe key!
Returns
std::array<uint8_t, Hash::OUTPUT_SIZE> the HMAC output!

Definition at line 29 of file hmac.hpp.

◆ operator<<() [1/2]

std::ostream & bb::crypto::operator<< ( std::ostream &  os,
ecdsa_signature const &  sig 
)
inline

Definition at line 50 of file ecdsa.hpp.

◆ operator<<() [2/2]

std::ostream & bb::crypto::operator<< ( std::ostream &  os,
schnorr_signature const &  sig 
)
inline

Definition at line 56 of file schnorr.hpp.

◆ operator==() [1/3]

bool bb::crypto::operator== ( ecdsa_signature const &  lhs,
ecdsa_signature const &  rhs 
)
inline

Definition at line 45 of file ecdsa.hpp.

◆ operator==() [2/3]

bool bb::crypto::operator== ( schnorr_signature const &  lhs,
schnorr_signature const &  rhs 
)
inline

Definition at line 51 of file schnorr.hpp.

◆ operator==() [3/3]

bool bb::crypto::operator== ( Sha256Hash const &  lhs,
std::vector< uint8_t > const &  rhs 
)
inline

Definition at line 30 of file sha256.hpp.

◆ prepare_constants()

void bb::crypto::prepare_constants ( std::array< uint32_t, 8 > &  input)

Definition at line 36 of file sha256.cpp.

◆ read() [1/2]

template<typename B >
void bb::crypto::read ( B &  it,
schnorr_key_pair< grumpkin::fr, grumpkin::g1 > &  keypair 
)
inline

Definition at line 62 of file schnorr.hpp.

◆ read() [2/2]

template<typename B , typename G1 , typename Hash >
void bb::crypto::read ( B &  it,
SchnorrProofOfPossession< G1, Hash > &  proof_of_possession 
)
inline

Definition at line 130 of file proof_of_possession.hpp.

◆ schnorr_construct_signature()

template<typename Hash , typename Fq , typename Fr , typename G1 >
schnorr_signature bb::crypto::schnorr_construct_signature ( const std::string &  message,
const schnorr_key_pair< Fr, G1 > &  account 
)

◆ schnorr_verify_signature()

template<typename Hash , typename Fq , typename Fr , typename G1 >
bool bb::crypto::schnorr_verify_signature ( const std::string &  message,
const typename G1::affine_element &  public_key,
const schnorr_signature sig 
)

◆ sha256() [1/2]

template<typename ByteContainer >
Sha256Hash bb::crypto::sha256 ( const ByteContainer &  input)

Definition at line 142 of file sha256.cpp.

◆ sha256() [2/2]

template<typename T >
Sha256Hash bb::crypto::sha256 ( const T &  input)

◆ sha256< std::array< uint8_t, 32 > >()

template Sha256Hash bb::crypto::sha256< std::array< uint8_t, 32 > > ( const std::array< uint8_t, 32 > &  input)

◆ sha256< std::span< uint8_t > >()

template Sha256Hash bb::crypto::sha256< std::span< uint8_t > > ( const std::span< uint8_t > &  input)

◆ sha256< std::string >()

template Sha256Hash bb::crypto::sha256< std::string > ( const std::string &  input)

◆ sha256< std::vector< uint8_t > >()

template Sha256Hash bb::crypto::sha256< std::vector< uint8_t > > ( const std::vector< uint8_t > &  input)

◆ sha256_block() [1/2]

std::array< uint32_t, 8 > bb::crypto::sha256_block ( const std::array< uint32_t, 8 > &  h_init,
const std::array< uint32_t, 16 > &  input 
)

Fill first 16 words with the message schedule

Extend the input data into the remaining 48 words

Initialize round variables with previous block output

Apply SHA-256 compression function to the message schedule

Add into previous block output and return

Definition at line 48 of file sha256.cpp.

◆ sha256_block() [2/2]

Sha256Hash bb::crypto::sha256_block ( const std::vector< uint8_t > &  input)

Definition at line 116 of file sha256.cpp.

◆ sha256_to_field()

bb::fr bb::crypto::sha256_to_field ( std::vector< uint8_t > const &  input)
inline

Definition at line 24 of file sha256.hpp.

◆ TEST() [1/8]

bb::crypto::TEST ( GeneratorContext  ,
DeriveDefaultGenerators   
)

Definition at line 9 of file generator_data.test.cpp.

◆ TEST() [2/8]

bb::crypto::TEST ( Pedersen  ,
Commitment   
)

Definition at line 10 of file pedersen.test.cpp.

◆ TEST() [3/8]

bb::crypto::TEST ( Pedersen  ,
CommitmentProf   
)

Definition at line 31 of file pedersen.test.cpp.

◆ TEST() [4/8]

bb::crypto::TEST ( Pedersen  ,
CommitmentWithZero   
)

Definition at line 20 of file pedersen.test.cpp.

◆ TEST() [5/8]

bb::crypto::TEST ( Pedersen  ,
DeriveLengthGenerator   
)

Definition at line 11 of file pedersen.test.cpp.

◆ TEST() [6/8]

bb::crypto::TEST ( Pedersen  ,
GeneratorPrinter   
)

Definition at line 44 of file pedersen.test.cpp.

◆ TEST() [7/8]

bb::crypto::TEST ( Pedersen  ,
Hash   
)

Definition at line 21 of file pedersen.test.cpp.

◆ TEST() [8/8]

bb::crypto::TEST ( Pedersen  ,
HashWithIndex   
)

Definition at line 28 of file pedersen.test.cpp.

◆ write() [1/2]

template<typename B >
void bb::crypto::write ( B &  buf,
schnorr_key_pair< grumpkin::fr, grumpkin::g1 > const &  keypair 
)
inline

Definition at line 68 of file schnorr.hpp.

◆ write() [2/2]

template<typename B , typename G1 , typename Hash >
void bb::crypto::write ( B &  buf,
SchnorrProofOfPossession< G1, Hash > const &  proof_of_possession 
)
inline

Definition at line 137 of file proof_of_possession.hpp.

Variable Documentation

◆ aes128_sparse_base

constexpr uint64_t bb::crypto::aes128_sparse_base = 9
constexpr

Definition at line 33 of file aes128.hpp.