Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
origin_tag.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#pragma once
16#include "barretenberg/common/assert.hpp"
17#include "barretenberg/common/throw_or_abort.hpp"
18#include "barretenberg/numeric/uint256/uint256.hpp"
19#include <cstddef>
20#include <ostream>
21
22// Currently disabled, because there are violations of the tag invariant in the codebase everywhere.
23// TODO(https://github.com/AztecProtocol/barretenberg/issues/1409): Re-enable this once the tag invariant is restored.
24#define DISABLE_FREE_WITNESS_CHECK
25#define DISABLE_DIFFERENT_TRANSCRIPT_CHECKS
26#define DISABLE_CHILD_TAG_CHECKS
27
28// Disable origin tags in release builds
29#ifdef NDEBUG
30#define AZTEC_NO_ORIGIN_TAGS
31#endif
32#define STANDARD_TESTING_TAGS /*Tags reused in tests*/ \
33 const size_t parent_id = 0; \
34 [[maybe_unused]] const auto clear_tag = OriginTag(); \
35 const auto submitted_value_origin_tag = OriginTag( \
36 parent_id, /*round_id=*/0, /*is_submitted=*/true); /*A tag describing a value submitted in the 0th round*/ \
37 const auto next_submitted_value_origin_tag = OriginTag( \
38 parent_id, /*round_id=*/1, /*is_submitted=*/true); /*A tag describing a value submitted in the 1st round*/ \
39 const auto challenge_origin_tag = OriginTag( \
40 parent_id, /*round_id=*/0, /*is_submitted=*/false); /*A tag describing a challenge derived in the 0th round*/ \
41 const auto next_challenge_tag = OriginTag( \
42 parent_id, /*round_id=*/1, /*is_submitted=*/false); /*A tag describing a challenge derived in the 1st round*/ \
43 const auto first_two_merged_tag = \
44 OriginTag(submitted_value_origin_tag, \
45 challenge_origin_tag); /*A tag describing a value constructed from values submitted by the prover in \
46 the 0th round and challenges from the same round */ \
47 const auto first_and_third_merged_tag = \
48 OriginTag(submitted_value_origin_tag, \
49 next_challenge_tag); /* A tag describing a value constructed from values submitted in the 0th round \
50 and challenges computed in the 1st round*/ \
51 const auto first_second_third_merged_tag = OriginTag( \
52 first_two_merged_tag, next_challenge_tag); /* A tag describing a value computed from values submitted in the \
53 0th round and challenges generated in the 0th and 1st round*/ \
54 const auto first_to_fourth_merged_tag = \
55 OriginTag(first_second_third_merged_tag, \
56 next_submitted_value_origin_tag); /* A tag describing a value computed from values submitted in the \
57 0th and 1st round and challenges generated in the 0th and 1st round*/ \
58 const auto instant_death_tag = []() { \
59 auto some_tag = OriginTag(); \
60 some_tag.poison(); \
61 return some_tag; \
62 }(); /* A tag that causes and abort on any arithmetic*/
63
64namespace bb {
65
66void check_child_tags(const uint256_t& tag_a, const uint256_t& tag_b);
67#ifndef AZTEC_NO_ORIGIN_TAGS
68struct OriginTag {
69
70 static constexpr size_t CONSTANT = static_cast<size_t>(-1);
71 static constexpr size_t FREE_WITNESS = static_cast<size_t>(-2);
72 // Parent tag is supposed to represent the index of a unique trancript object that generated the value. It uses
73 // a concrete index, not bits for now, since we never expect two different indices to be used in the same
74 // computation apart from equality assertion
75 // Parent tag is set to CONSTANT if the value is just a constant
76 // Parent tag is set to FREE_WITNESS if the value is a free witness (not a constant and not from the transcript)
77 size_t parent_tag = CONSTANT;
78
79 // Child tag specifies which submitted values and challenges have been used to generate this element
80 // The lower 128 bits represent using a submitted value from a corresponding round (the shift represents the
81 // round) The higher 128 bits represent using a challenge value from an corresponding round (the shift
82 // represents the round)
83 numeric::uint256_t child_tag = numeric::uint256_t(0);
84
85 // Instant death is used for poisoning values we should never use in arithmetic
86 bool instant_death = false;
87
88 // Default Origin Tag has everything set to zero and can't cause any issues
89 OriginTag() = default;
90 OriginTag(const OriginTag& other) = default;
91 OriginTag(OriginTag&& other) = default;
92 OriginTag& operator=(const OriginTag& other) = default;
93 OriginTag& operator=(OriginTag&& other) noexcept
94 {
95
96 parent_tag = other.parent_tag;
97 child_tag = other.child_tag;
98 instant_death = other.instant_death;
99 return *this;
100 }
108 OriginTag(size_t parent_index, size_t child_index, bool is_submitted = true)
109 : parent_tag(parent_index)
110 , child_tag((static_cast<uint256_t>(1) << (child_index + (is_submitted ? 0 : 128))))
111 {
112 BB_ASSERT_LT(child_index, 128U);
113 }
114
124 OriginTag(const OriginTag& tag_a, const OriginTag& tag_b);
125
135 template <class... T>
136 OriginTag(const OriginTag& tag, const T&... rest)
137 : parent_tag(tag.parent_tag)
138 , child_tag(tag.child_tag)
139 , instant_death(tag.instant_death)
140 {
141
142 OriginTag merged_tag = *this;
143 for (const auto& next_tag : { rest... }) {
144 merged_tag = OriginTag(merged_tag, next_tag);
145 }
146 *this = merged_tag;
147 }
148 ~OriginTag() = default;
149 bool operator==(const OriginTag& other) const;
150 void poison() { instant_death = true; }
151 void unpoison() { instant_death = false; }
152 bool is_poisoned() const { return instant_death; }
153 bool is_empty() const { return !instant_death && parent_tag == CONSTANT; };
154
155#ifndef DISABLE_FREE_WITNESS_CHECK
156 bool is_free_witness() const { return parent_tag == FREE_WITNESS; }
157 void set_free_witness()
158 {
159 parent_tag = FREE_WITNESS;
160 child_tag = 0;
161 }
162 void unset_free_witness()
163 {
164 parent_tag = CONSTANT;
165 child_tag = numeric::uint256_t(0);
166 }
167
168// The checks are disabled by disallowing to set the free witness tag, because if they are set, it's very hard to make
169// the logic of checks work
170#else
171 bool is_free_witness() const { return false; }
172 void set_free_witness() {}
173 void unset_free_witness() {}
174#endif
175};
176inline std::ostream& operator<<(std::ostream& os, OriginTag const& v)
177{
178 return os << "{ p_t: " << v.parent_tag << ", ch_t: " << v.child_tag << ", instadeath: " << v.instant_death << " }";
179}
180
181#else
182
183struct OriginTag {
184 OriginTag() = default;
185 OriginTag(const OriginTag& other) = default;
186 OriginTag(OriginTag&& other) = default;
187 OriginTag& operator=(const OriginTag& other) = default;
188 OriginTag& operator=(OriginTag&& other) = default;
189 ~OriginTag() = default;
190
191 OriginTag(size_t parent_index [[maybe_unused]],
192 size_t child_index [[maybe_unused]],
193 bool is_submitted [[maybe_unused]] = true)
194 {}
195
196 OriginTag(const OriginTag&, const OriginTag&) {}
197 template <class... T> OriginTag(const OriginTag&, const T&...) {}
198 bool operator==(const OriginTag& other) const;
199 void poison() {}
200 void unpoison() {}
201 static bool is_poisoned() { return false; }
202 static bool is_empty() { return true; };
203 bool is_free_witness() const { return false; }
204 void set_free_witness() {}
205 void unset_free_witness() {}
206};
207inline std::ostream& operator<<(std::ostream& os, OriginTag const&)
208{
209 return os << "{ Origin Tag tracking is disabled in release builds }";
210}
211#endif
212} // namespace bb
213template <typename T>
214concept usesTag = requires(T x, const bb::OriginTag& tag) { x.set_origin_tag(tag); };
BB_ASSERT_LT
#define BB_ASSERT_LT(left, right,...)
Definition assert.hpp:115
bb::numeric::uint256_t
Definition uint256.hpp:32
bb::numeric::operator<<
std::ostream & operator<<(std::ostream &os, uint256_t const &a)
Definition uint256.hpp:246
bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6
bb::check_child_tags
void check_child_tags(const uint256_t &tag_a, const uint256_t &tag_b)
Detect if two elements from the same transcript are performing a suspicious interaction.
Definition origin_tag.cpp:23
tuplet::tag
std::integral_constant< size_t, I > tag
Definition tuplet.hpp:258
bb::OriginTag::parent_tag
size_t parent_tag
Definition origin_tag.hpp:73
bb::OriginTag::unset_free_witness
void unset_free_witness()
Definition origin_tag.hpp:169
bb::OriginTag::OriginTag
OriginTag()=default
bb::OriginTag::is_poisoned
bool is_poisoned() const
Definition origin_tag.hpp:148
bb::OriginTag::child_tag
numeric::uint256_t child_tag
Definition origin_tag.hpp:79
bb::OriginTag::~OriginTag
~OriginTag()=default
bb::OriginTag::set_free_witness
void set_free_witness()
Definition origin_tag.hpp:168
bb::OriginTag::CONSTANT
static constexpr size_t CONSTANT
Definition origin_tag.hpp:66
bb::OriginTag::operator=
OriginTag & operator=(const OriginTag &other)=default
bb::OriginTag::FREE_WITNESS
static constexpr size_t FREE_WITNESS
Definition origin_tag.hpp:67
bb::OriginTag::is_empty
bool is_empty() const
Definition origin_tag.hpp:149
bb::OriginTag::is_free_witness
bool is_free_witness() const
Definition origin_tag.hpp:167
bb::OriginTag::operator==
bool operator==(const OriginTag &other) const
Definition origin_tag.cpp:37
throw_or_abort.hpp