Barretenberg: src/barretenberg/stdlib/hash/pfuzzer/poseidon2_pedersen.fuzzer.cpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#include "barretenberg/circuit_checker/circuit_checker.hpp"

#include "barretenberg/crypto/pedersen_hash/pedersen.hpp"

#include "barretenberg/crypto/poseidon2/poseidon2.hpp"

#include "barretenberg/ecc/fields/field.fuzzer.hpp"

#include "barretenberg/numeric/random/engine.hpp"

#include "barretenberg/numeric/uint256/uint256.hpp"

#include "barretenberg/stdlib/hash/pedersen/pedersen.hpp"

#include "barretenberg/stdlib/hash/poseidon2/poseidon2.hpp"

#include "barretenberg/stdlib/primitives/curves/bn254.hpp"

#include <cassert>

#include <cstdint>

#include <cstring>

#include <iostream>

#include <vector>


using namespace bb;

using Fr = fr;

using native_poseidon2 = crypto::Poseidon2<crypto::Poseidon2Bn254ScalarFieldParams>;

using native_pedersen = crypto::pedersen_hash;


// Input structure constants

static constexpr size_t SINGLE_CHUNK_SIZE = 129; // 1 byte for selection of element + 128 bytes for FieldVM data


std::vector<Fr> parse_input_and_generate_elements(const uint8_t* data, size_t size)

{

    std::vector<Fr> elements;


    // Need at least header size

    if (size < SINGLE_CHUNK_SIZE) {

        return elements;

    }


    // Parse header: first byte is number of elements (0-128)

    size_t num_elements = size / SINGLE_CHUNK_SIZE;


    // Create FieldVM instance for field element generation

    FieldVM<Fr> field_vm(false, 65536); // Disable debug, max 65536 steps


    // Disable heavy operations for better performance

    field_vm.settings.enable_inv = false;          // Disable inversion

    field_vm.settings.enable_sqrt = false;         // Disable square root

    field_vm.settings.enable_batch_invert = false; // Disable batch inversion

    field_vm.settings.enable_pow = false;          // Disable power operation

    field_vm.settings.enable_div = false;          // Disable division

    field_vm.settings.enable_div_assign = false;   // Disable division assignment


    // Run FieldVM with data after header (bytes 129+)

    size_t fieldvm_data_size = size - num_elements;

    if (fieldvm_data_size > 0) {

        field_vm.run(data, fieldvm_data_size);

    }


    // Extract elements based on indices in header

    elements.reserve(num_elements);

    for (size_t i = 0; i < num_elements; ++i) {

        uint8_t index_byte = data[fieldvm_data_size + i]; // Bytes 1-128 contain indices


        size_t field_index = index_byte % 32; // Wrap around if needed


        // Get element from FieldVM state

        Fr element = field_vm.field_internal_state[field_index];

        elements.emplace_back(element);

    }


    return elements;

}


template <typename Builder> bool test_poseidon2_circuit(const std::vector<Fr>& inputs)

{

    try {

        using field_ct = stdlib::field_t<Builder>;

        using witness_ct = stdlib::witness_t<Builder>;


        Builder builder;

        std::vector<field_ct> circuit_inputs;

        circuit_inputs.reserve(inputs.size());


        // Convert native field elements to circuit witnesses

        for (const auto& input : inputs) {

            circuit_inputs.emplace_back(field_ct(witness_ct(&builder, input)));

        }


        // Compute hash using circuit

        auto circuit_result = stdlib::poseidon2<Builder>::hash(builder, circuit_inputs);


        // Compute hash using native implementation

        auto native_result = native_poseidon2::hash(inputs);


        // Compare results

        if (circuit_result.get_value() != native_result) {

            std::cerr << "Poseidon2 circuit mismatch detected!" << std::endl;

            std::cerr << "Input length: " << inputs.size() << std::endl;

            std::cerr << "Circuit result: " << circuit_result.get_value() << std::endl;

            std::cerr << "Native result: " << native_result << std::endl;

            return false;

        }


        // Verify circuit correctness

        bool circuit_check = CircuitChecker::check(builder);

        if (!circuit_check) {

            std::cerr << "Poseidon2 circuit check failed!" << std::endl;

            std::cerr << "Input length: " << inputs.size() << std::endl;

            return false;

        }


        return true;


    } catch (const std::exception& e) {

        std::cerr << "Exception in Poseidon2 circuit test: " << e.what() << std::endl;

        std::cerr << "Input length: " << inputs.size() << std::endl;

        return false;

    }

}


template <typename Builder> bool test_pedersen_circuit(const std::vector<Fr>& inputs)

{

    try {

        using field_ct = stdlib::field_t<Builder>;

        using witness_ct = stdlib::witness_t<Builder>;


        Builder builder;

        std::vector<field_ct> circuit_inputs;

        circuit_inputs.reserve(inputs.size());


        // Convert native field elements to circuit witnesses

        for (const auto& input : inputs) {

            circuit_inputs.emplace_back(field_ct(witness_ct(&builder, input)));

        }


        // Compute hash using circuit

        auto circuit_result = stdlib::pedersen_hash<Builder>::hash(circuit_inputs);


        // Compute hash using native implementation

        auto native_result = native_pedersen::hash(inputs);


        // Compare results

        if (circuit_result.get_value() != native_result) {

            std::cerr << "Pedersen circuit mismatch detected!" << std::endl;

            std::cerr << "Input length: " << inputs.size() << std::endl;

            std::cerr << "Circuit result: " << circuit_result.get_value() << std::endl;

            std::cerr << "Native result: " << native_result << std::endl;

            return false;

        }


        // Verify circuit correctness

        bool circuit_check = CircuitChecker::check(builder);

        if (!circuit_check) {

            std::cerr << "Pedersen circuit check failed!" << std::endl;

            std::cerr << "Input length: " << inputs.size() << std::endl;

            return false;

        }


        return true;


    } catch (const std::exception& e) {

        std::cerr << "Exception in Pedersen circuit test: " << e.what() << std::endl;

        std::cerr << "Input length: " << inputs.size() << std::endl;

        return false;

    }

}


extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size)

{

    // Security check: Ensure minimum input size

    if (Size == 0) {

        return 0; // No input data

    }

    bool is_poseidon2 = Data[0] & 0x01;


    // Parse input structure and generate field elements using FieldVM

    auto field_elements = parse_input_and_generate_elements(Data + 1, Size - 1);


    // Security check: Ensure we have valid elements

    if (field_elements.empty()) {

        return 0; // No valid field elements generated

    }


    // Test with Ultra circuit builder only

    bool test_result = is_poseidon2 ? test_poseidon2_circuit<UltraCircuitBuilder>(field_elements)

                                    : test_pedersen_circuit<UltraCircuitBuilder>(field_elements);


    if (!test_result) {

        abort(); // Circuit test failed

    }


    return 0; // Success

}


circuit_checker.hpp

bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::TranslatorCircuitChecker::check
static bool check(const Builder &circuit)
Check the witness satisifies the circuit.
Definition translator_circuit_checker.cpp:20

bb::crypto::Poseidon2< crypto::Poseidon2Bn254ScalarFieldParams >

bb::crypto::Poseidon2::hash
static FF hash(const std::vector< FF > &input)
Hashes a vector of field elements.

bb::crypto::pedersen_hash_base
Performs pedersen hashes!
Definition pedersen.hpp:30

bb::crypto::pedersen_hash_base::hash
static Fq hash(const std::vector< Fq > &inputs, GeneratorContext context={})
Given a vector of fields, generate a pedersen hash using generators from context.
Definition pedersen.cpp:78

bb::stdlib::field_t< Builder >

bb::stdlib::pedersen_hash::hash
static field_ct hash(const std::vector< field_ct > &in, GeneratorContext context={})
Definition pedersen.cpp:15

bb::stdlib::witness_t
Definition witness.hpp:16

builder
AluTraceBuilder builder
Definition alu.test.cpp:123

data
const std::vector< FF > data
Definition data_copy.test.cpp:61

pedersen.hpp

poseidon2.hpp

field.fuzzer.hpp
Field arithmetic fuzzer for testing cryptographic field operations.

engine.hpp

witness_ct
bn254::witness_ct witness_ct
Definition graph_description_bigfield.test.cpp:31

field_ct
stdlib::field_t< Builder > field_ct
Definition graph_description_blake2s.test.cpp:12

bb::crypto::pedersen_hash
pedersen_hash_base< curve::Grumpkin > pedersen_hash
Definition pedersen.hpp:47

bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6

bb::fr
field< Bn254FrParams > fr
Definition fr.hpp:174

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

LLVMFuzzerTestOneInput
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
Main fuzzer entry point.
Definition poseidon2_pedersen.fuzzer.cpp:210

test_poseidon2_circuit
bool test_poseidon2_circuit(const std::vector< Fr > &inputs)
Test Poseidon2 circuit with specified builder type.
Definition poseidon2_pedersen.fuzzer.cpp:105

parse_input_and_generate_elements
std::vector< Fr > parse_input_and_generate_elements(const uint8_t *data, size_t size)
Parse input structure and generate field elements using FieldVM.
Definition poseidon2_pedersen.fuzzer.cpp:55

test_pedersen_circuit
bool test_pedersen_circuit(const std::vector< Fr > &inputs)
Test Pedersen circuit with specified builder type.
Definition poseidon2_pedersen.fuzzer.cpp:157

pedersen.hpp

poseidon2.hpp

bn254.hpp

bb::FieldVM
Virtual machine for field arithmetic operations.
Definition field.fuzzer.hpp:146

bb::FieldVM::run
size_t run(const unsigned char *Data, size_t Size, bool reset_steps=true)
Run the VM on input data.
Definition field.fuzzer.hpp:1197

bb::FieldVM::field_internal_state
std::array< Field, INTERNAL_STATE_SIZE > field_internal_state
Internal state array of field elements.
Definition field.fuzzer.hpp:174

bb::FieldVM::settings
VMSettings settings
VM settings controlling which operations are enabled.
Definition field.fuzzer.hpp:191

bb::VMSettings::enable_inv
bool enable_inv
Enable INV operations.
Definition field.fuzzer.hpp:49

bb::VMSettings::enable_batch_invert
bool enable_batch_invert
Enable BATCH_INVERT operations.
Definition field.fuzzer.hpp:62

bb::VMSettings::enable_div
bool enable_div
Enable DIV operations.
Definition field.fuzzer.hpp:47

bb::VMSettings::enable_div_assign
bool enable_div_assign
Enable DIV_ASSIGN operations.
Definition field.fuzzer.hpp:48

bb::VMSettings::enable_sqrt
bool enable_sqrt
Enable SQRT operations.
Definition field.fuzzer.hpp:54

bb::VMSettings::enable_pow
bool enable_pow
Enable POW operations.
Definition field.fuzzer.hpp:53

bb::field< Bn254FrParams >

uint256.hpp