Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
pedersen.test.cpp
Go to the documentation of this file.
1#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp"
2#include "barretenberg/circuit_checker/circuit_checker.hpp"
3#include "barretenberg/common/test.hpp"
4#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"
5#include "barretenberg/numeric/random/engine.hpp"
6#include "barretenberg/stdlib/primitives/curves/bn254.hpp"
7#include "barretenberg/stdlib_circuit_builders/plookup_tables/fixed_base/fixed_base.hpp"
8#include "pedersen.hpp"
9
10using namespace bb;
11namespace {
12auto& engine = numeric::get_debug_randomness();
13}
14
15template <typename Builder> class StdlibPedersen : public testing::Test {
16 using _curve = stdlib::bn254<Builder>;
17
18 using byte_array_ct = typename _curve::byte_array_ct;
19 using fr_ct = typename _curve::ScalarField;
20 using witness_ct = typename _curve::witness_ct;
21 using public_witness_ct = typename _curve::public_witness_ct;
22 using pedersen_hash = typename stdlib::pedersen_hash<Builder>;
23
24 public:
25 static void test_pedersen()
26 {
27
28 Builder builder;
29
30 fr left_in = fr::random_element();
31 fr right_in = fr::random_element();
32
33 // ensure left has skew 1, right has skew 0
34 if ((left_in.from_montgomery_form().data[0] & 1) == 1) {
35 left_in += fr::one();
36 }
37 if ((right_in.from_montgomery_form().data[0] & 1) == 0) {
38 right_in += fr::one();
39 }
40
41 fr_ct left = public_witness_ct(&builder, left_in);
42 fr_ct right = witness_ct(&builder, right_in);
43
44 builder.fix_witness(left.witness_index, left.get_value());
45 builder.fix_witness(right.witness_index, right.get_value());
46
47 fr_ct out = pedersen_hash::hash({ left, right });
48
49 info("num gates = ", builder.get_estimated_num_finalized_gates());
50
51 bool result = CircuitChecker::check(builder);
52 EXPECT_EQ(result, true);
53
54 fr hash_native = crypto::pedersen_hash::hash({ left.get_value(), right.get_value() });
55 EXPECT_EQ(out.get_value(), hash_native);
56 }
57
58 static void test_pedersen_edge_cases()
59 {
60 Builder builder;
61
62 fr zero_fr = fr::zero();
63 fr one_fr = fr::one();
64 fr r_minus_one_fr = fr::modulus - 1;
65 fr r_minus_two_fr = fr::modulus - 2;
66 fr r_fr = fr::modulus;
67
68 fr_ct zero = witness_ct(&builder, zero_fr);
69 fr_ct one = witness_ct(&builder, one_fr);
70 fr_ct r_minus_one = witness_ct(&builder, r_minus_one_fr);
71 fr_ct r_minus_two = witness_ct(&builder, r_minus_two_fr);
72 fr_ct r = witness_ct(&builder, r_fr);
73
74 fr_ct out_1_with_zero = pedersen_hash::hash({ zero, one });
75 fr_ct out_1_with_r = pedersen_hash::hash({ r, one });
76 fr_ct out_2 = pedersen_hash::hash({ r_minus_one, r_minus_two });
77 fr_ct out_with_zero = pedersen_hash::hash({ out_1_with_zero, out_2 });
78 fr_ct out_with_r = pedersen_hash::hash({ out_1_with_r, out_2 });
79
80 info("num gates = ", builder.get_estimated_num_finalized_gates());
81
82 bool result = CircuitChecker::check(builder);
83 EXPECT_EQ(result, true);
84
85 EXPECT_EQ(bool(out_1_with_zero.get_value() == out_1_with_r.get_value()), true);
86
87 fr hash_native_1_with_zero = crypto::pedersen_hash::hash({ zero.get_value(), one.get_value() });
88 fr hash_native_1_with_r = crypto::pedersen_hash::hash({ r.get_value(), one.get_value() });
89 fr hash_native_2 = crypto::pedersen_hash::hash({ r_minus_one.get_value(), r_minus_two.get_value() });
90 fr hash_native_with_zero = crypto::pedersen_hash::hash({ out_1_with_zero.get_value(), out_2.get_value() });
91 fr hash_native_with_r = crypto::pedersen_hash::hash({ out_1_with_r.get_value(), out_2.get_value() });
92
93 EXPECT_EQ(out_1_with_zero.get_value(), hash_native_1_with_zero);
94 EXPECT_EQ(out_1_with_r.get_value(), hash_native_1_with_r);
95 EXPECT_EQ(out_2.get_value(), hash_native_2);
96 EXPECT_EQ(out_with_zero.get_value(), hash_native_with_zero);
97 EXPECT_EQ(out_with_r.get_value(), hash_native_with_r);
98 EXPECT_EQ(hash_native_with_zero, hash_native_with_r);
99 }
100
101 static void test_pedersen_large()
102 {
103 Builder builder;
104
105 fr left_in = fr::random_element();
106 fr right_in = fr::random_element();
107 // ensure left has skew 1, right has skew 0
108 if ((left_in.from_montgomery_form().data[0] & 1) == 1) {
109 left_in += fr::one();
110 }
111 if ((right_in.from_montgomery_form().data[0] & 1) == 0) {
112 right_in += fr::one();
113 }
114 fr_ct left = witness_ct(&builder, left_in);
115 fr_ct right = witness_ct(&builder, right_in);
116
117 for (size_t i = 0; i < 256; ++i) {
118 left = pedersen_hash::hash({ left, right });
119 }
120
121 builder.set_public_input(left.witness_index);
122
123 info("num gates = ", builder.get_estimated_num_finalized_gates());
124
125 bool result = CircuitChecker::check(builder);
126 EXPECT_EQ(result, true);
127 }
128
129 static void test_hash_byte_array()
130 {
131 const size_t num_input_bytes = 351;
132
133 Builder builder;
134
135 std::vector<uint8_t> input;
136 input.reserve(num_input_bytes);
137 for (size_t i = 0; i < num_input_bytes; ++i) {
138 input.push_back(engine.get_random_uint8());
139 }
140
141 fr expected = crypto::pedersen_hash::hash_buffer(input);
142
143 byte_array_ct circuit_input(&builder, input);
144 auto result = pedersen_hash::hash_buffer(circuit_input);
145
146 EXPECT_EQ(result.get_value(), expected);
147
148 info("num gates = ", builder.get_estimated_num_finalized_gates());
149
150 bool proof_result = CircuitChecker::check(builder);
151 EXPECT_EQ(proof_result, true);
152 }
153
154 static void test_multi_hash()
155 {
156 Builder builder;
157
158 for (size_t i = 0; i < 7; ++i) {
159 std::vector<fr> inputs;
160 inputs.push_back(bb::fr::random_element());
161 inputs.push_back(bb::fr::random_element());
162 inputs.push_back(bb::fr::random_element());
163 inputs.push_back(bb::fr::random_element());
164
165 if (i == 1) {
166 inputs[0] = fr(0);
167 }
168 if (i == 2) {
169 inputs[1] = fr(0);
170 inputs[2] = fr(0);
171 }
172 if (i == 3) {
173 inputs[3] = fr(0);
174 }
175 if (i == 4) {
176 inputs[0] = fr(0);
177 inputs[3] = fr(0);
178 }
179 if (i == 5) {
180 inputs[0] = fr(0);
181 inputs[1] = fr(0);
182 inputs[2] = fr(0);
183 inputs[3] = fr(0);
184 }
185 if (i == 6) {
186 inputs[1] = fr(1);
187 }
188 std::vector<fr_ct> witnesses;
189 for (auto input : inputs) {
190 witnesses.push_back(witness_ct(&builder, input));
191 }
192
193 fr expected = crypto::pedersen_hash::hash(inputs);
194
195 fr_ct result = pedersen_hash::hash(witnesses);
196 EXPECT_EQ(result.get_value(), expected);
197 }
198
199 info("num gates = ", builder.get_estimated_num_finalized_gates());
200
201 bool proof_result = CircuitChecker::check(builder);
202 EXPECT_EQ(proof_result, true);
203 }
204
205 static void test_hash_eight()
206 {
207 Builder builder;
208
209 std::vector<grumpkin::fq> inputs;
210 inputs.reserve(8);
211 std::vector<stdlib::field_t<Builder>> witness_inputs;
212
213 for (size_t i = 0; i < 8; ++i) {
214 inputs.emplace_back(bb::fr::random_element());
215 witness_inputs.emplace_back(witness_ct(&builder, inputs[i]));
216 }
217
218 constexpr size_t hash_idx = 10;
219 grumpkin::fq expected = crypto::pedersen_hash::hash(inputs, hash_idx);
220 auto result = pedersen_hash::hash(witness_inputs, hash_idx);
221
222 EXPECT_EQ(result.get_value(), expected);
223 }
224
225 static void test_hash_constants()
226 {
227 Builder builder;
228
229 std::vector<fr> inputs;
230 std::vector<stdlib::field_t<Builder>> witness_inputs;
231
232 for (size_t i = 0; i < 8; ++i) {
233 inputs.push_back(bb::fr::random_element());
234 if (i % 2 == 1) {
235 witness_inputs.push_back(witness_ct(&builder, inputs[i]));
236 } else {
237 witness_inputs.push_back(fr_ct(&builder, inputs[i]));
238 }
239 }
240
241 fr expected = crypto::pedersen_hash::hash(inputs);
242 auto result = pedersen_hash::hash(witness_inputs);
243
244 EXPECT_EQ(result.get_value(), expected);
245 }
246};
247
248using CircuitTypes = testing::Types<bb::UltraCircuitBuilder>;
249
250TYPED_TEST_SUITE(StdlibPedersen, CircuitTypes);
251
252TYPED_TEST(StdlibPedersen, TestHash)
253{
254 using Builder = TypeParam;
255 using field_ct = stdlib::field_t<Builder>;
256 using witness_ct = stdlib::witness_t<Builder>;
257 auto builder = Builder();
258
259 const size_t num_inputs = 10;
260
261 std::vector<field_ct> inputs;
262 std::vector<fr> inputs_native;
263
264 for (size_t i = 0; i < num_inputs; ++i) {
265 const auto element = fr::random_element(&engine);
266 inputs_native.emplace_back(element);
267 inputs.emplace_back(field_ct(witness_ct(&builder, element)));
268 }
269
270 auto result = stdlib::pedersen_hash<Builder>::hash(inputs);
271 auto expected = crypto::pedersen_hash::hash(inputs_native);
272
273 EXPECT_EQ(result.get_value(), expected);
274
275 bool proof_result = CircuitChecker::check(builder);
276 EXPECT_EQ(proof_result, true);
277}
278
279TYPED_TEST(StdlibPedersen, Small)
280{
281 TestFixture::test_pedersen();
282};
283
284TYPED_TEST(StdlibPedersen, EdgeCases)
285{
286 TestFixture::test_pedersen_edge_cases();
287};
288
289HEAVY_TYPED_TEST(StdlibPedersen, Large)
290{
291 TestFixture::test_pedersen_large();
292};
293
294TYPED_TEST(StdlibPedersen, HashByteArray)
295{
296 TestFixture::test_hash_byte_array();
297};
298
299TYPED_TEST(StdlibPedersen, MultiHash)
300{
301 TestFixture::test_multi_hash();
302};
303
304TYPED_TEST(StdlibPedersen, HashEight)
305{
306 TestFixture::test_hash_eight();
307};
308
309TYPED_TEST(StdlibPedersen, HashConstants)
310{
311 TestFixture::test_hash_constants();
312};
circuit_checker.hpp
StdlibPedersen::test_pedersen_edge_cases
static void test_pedersen_edge_cases()
Definition pedersen.test.cpp:58
StdlibPedersen::witness_ct
typename _curve::witness_ct witness_ct
Definition pedersen.test.cpp:19
StdlibPedersen::test_hash_eight
static void test_hash_eight()
Definition pedersen.test.cpp:205
StdlibPedersen::test_hash_constants
static void test_hash_constants()
Definition pedersen.test.cpp:225
StdlibPedersen::fr_ct
typename _curve::ScalarField fr_ct
Definition pedersen.test.cpp:18
StdlibPedersen::test_hash_byte_array
static void test_hash_byte_array()
Definition pedersen.test.cpp:129
StdlibPedersen::test_pedersen_large
static void test_pedersen_large()
Definition pedersen.test.cpp:101
StdlibPedersen::public_witness_ct
typename _curve::public_witness_ct public_witness_ct
Definition pedersen.test.cpp:20
StdlibPedersen::pedersen_hash
typename stdlib::pedersen_hash< Builder > pedersen_hash
Definition pedersen.test.cpp:22
StdlibPedersen::test_multi_hash
static void test_multi_hash()
Definition pedersen.test.cpp:154
StdlibPedersen::byte_array_ct
typename _curve::byte_array_ct byte_array_ct
Definition pedersen.test.cpp:18
StdlibPedersen::test_pedersen
static void test_pedersen()
Definition pedersen.test.cpp:25
bb::TranslatorCircuitChecker::check
static bool check(const Builder &circuit)
Check the witness satisifies the circuit.
Definition translator_circuit_checker.cpp:20
bb::crypto::pedersen_hash_base::hash_buffer
static Fq hash_buffer(const std::vector< uint8_t > &input, GeneratorContext context={})
Given an arbitrary length of bytes, convert them to fields and hash the result using the default gene...
Definition pedersen.cpp:88
bb::crypto::pedersen_hash_base::hash
static Fq hash(const std::vector< Fq > &inputs, GeneratorContext context={})
Given a vector of fields, generate a pedersen hash using generators from context.
Definition pedersen.cpp:78
bb::numeric::RNG::get_random_uint8
virtual uint8_t get_random_uint8()=0
bb::stdlib::field_t< Builder >
bb::stdlib::field_t::get_value
bb::fr get_value() const
Given a := *this, compute its value given by a.v * a.mul + a.add.
Definition field.cpp:827
bb::stdlib::field_t::witness_index
uint32_t witness_index
Definition field.hpp:132
bb::stdlib::pedersen_hash
stdlib class that evaluates in-circuit pedersen hashes, consistent with behavior in crypto::pedersen_...
Definition pedersen.hpp:23
bb::stdlib::pedersen_hash::hash
static field_ct hash(const std::vector< field_ct > &in, GeneratorContext context={})
Definition pedersen.cpp:15
bb::stdlib::witness_t
Definition witness.hpp:16
info
void info(Args... args)
Definition log.hpp:70
builder
AluTraceBuilder builder
Definition alu.test.cpp:123
pedersen.hpp
Builder
ECCVMCircuitBuilder Builder
Definition eccvm.bench.cpp:11
engine
numeric::RNG & engine
Definition eccvm_transcript.test.cpp:282
fixed_base.hpp
witness_ct
bn254::witness_ct witness_ct
Definition graph_description_bigfield.test.cpp:31
field_ct
stdlib::field_t< Builder > field_ct
Definition graph_description_blake2s.test.cpp:12
bb::numeric::get_debug_randomness
RNG & get_debug_randomness(bool reset, std::uint_fast64_t seed)
Definition engine.cpp:190
bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6
bb::TYPED_TEST_SUITE
TYPED_TEST_SUITE(ShpleminiTest, TestSettings)
bb::fr
field< Bn254FrParams > fr
Definition fr.hpp:174
bb::TYPED_TEST
TYPED_TEST(ShpleminiTest, CorrectnessOfMultivariateClaimBatching)
Definition shplemini.test.cpp:47
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
CircuitTypes
testing::Types< bb::UltraCircuitBuilder > CircuitTypes
Definition pedersen.test.cpp:83
bb::field< Bn254FrParams >::one
static constexpr field one()
Definition field_declarations.hpp:242
bb::field< Bn254FrParams >::modulus
static constexpr uint256_t modulus
Definition field_declarations.hpp:197
bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:665
bb::field::from_montgomery_form
BB_INLINE constexpr field from_montgomery_form() const noexcept
Definition field_impl.hpp:301
bb::field< Bn254FrParams >::zero
static constexpr field zero()
Definition field_declarations.hpp:240
bb::stdlib::bn254::ScalarField
field_t< CircuitBuilder > ScalarField
Definition bn254.hpp:33
bb::stdlib::bn254::byte_array_ct
byte_array< CircuitBuilder > byte_array_ct
Definition bn254.hpp:43
bb::stdlib::bn254::public_witness_ct
public_witness_t< CircuitBuilder > public_witness_ct
Definition bn254.hpp:42
bb::stdlib::bn254::witness_ct
witness_t< CircuitBuilder > witness_ct
Definition bn254.hpp:41
HEAVY_TYPED_TEST
#define HEAVY_TYPED_TEST(x, y)
Definition test.hpp:11