Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
sha256.test.cpp
Go to the documentation of this file.
1#include "barretenberg/crypto/sha256/sha256.hpp"
2#include "barretenberg/circuit_checker/circuit_checker.hpp"
3#include "barretenberg/common/test.hpp"
4#include "barretenberg/stdlib_circuit_builders/plookup_tables/plookup_tables.hpp"
5#include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp"
6#include "sha256.hpp"
7
8#include "barretenberg/numeric/bitop/rotate.hpp"
9#include "barretenberg/numeric/bitop/sparse_form.hpp"
10#include "barretenberg/numeric/random/engine.hpp"
11
12using namespace bb;
13using namespace bb::stdlib;
14
15namespace {
16auto& engine = numeric::get_debug_randomness();
17}
18using Builder = UltraCircuitBuilder;
19
20using byte_array_ct = byte_array<Builder>;
21using field_ct = field_t<Builder>;
22using witness_ct = witness_t<Builder>;
23
29std::vector<field_ct> pack_bytes_into_field_elements(const byte_array_ct& input, size_t num_bytes_in_chunk = 4)
30{
31 std::vector<field_t<Builder>> result;
32 const size_t byte_len = input.size();
33
34 for (size_t i = 0; i < byte_len; i += num_bytes_in_chunk) {
35 byte_array_ct chunk = input.slice(i, std::min(num_bytes_in_chunk, byte_len - i));
36 result.emplace_back(static_cast<field_ct>(chunk));
37 }
38
39 return result;
40}
41constexpr uint64_t ror(uint64_t val, uint64_t shift)
42{
43 return (val >> (shift & 31U)) | (val << (32U - (shift & 31U)));
44}
45
46std::array<uint64_t, 64> extend_witness(std::array<uint64_t, 16>& in)
47{
48 std::array<uint64_t, 64> w;
49
50 for (size_t i = 0; i < 16; ++i) {
51 w[i] = in[i];
52 }
53
54 for (size_t i = 16; i < 64; ++i) {
55 uint64_t left = w[i - 15];
56 uint64_t right = w[i - 2];
57
58 uint64_t left_rot7 = numeric::rotate32((uint32_t)left, 7);
59 uint64_t left_rot18 = numeric::rotate32((uint32_t)left, 18);
60 uint64_t left_sh3 = left >> 3;
61
62 uint64_t right_rot17 = numeric::rotate32((uint32_t)right, 17);
63 uint64_t right_rot19 = numeric::rotate32((uint32_t)right, 19);
64 uint64_t right_sh10 = right >> 10;
65
66 uint64_t s0 = left_rot7 ^ left_rot18 ^ left_sh3;
67 uint64_t s1 = right_rot17 ^ right_rot19 ^ right_sh10;
68
69 w[i] = w[i - 16] + w[i - 7] + s0 + s1;
70 }
71 return w;
72}
73std::array<uint64_t, 8> inner_block(std::array<uint64_t, 64>& w)
74{
75 constexpr uint32_t init_constants[8]{ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
76 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 };
77
78 constexpr uint32_t round_constants[64]{
79 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
80 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
81 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
82 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
83 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
84 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
85 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
86 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
87 };
88 uint32_t a = init_constants[0];
89 uint32_t b = init_constants[1];
90 uint32_t c = init_constants[2];
91 uint32_t d = init_constants[3];
92 uint32_t e = init_constants[4];
93 uint32_t f = init_constants[5];
94 uint32_t g = init_constants[6];
95 uint32_t h = init_constants[7];
96 for (size_t i = 0; i < 64; ++i) {
97 uint32_t S1 = numeric::rotate32((uint32_t)e, 6U) ^ numeric::rotate32((uint32_t)e, 11U) ^
98 numeric::rotate32((uint32_t)e, 25U);
99 uint32_t ch = (e & f) ^ (~e & g); // === (e & f) ^ (~e & g), `+` op is cheaper
100 uint32_t temp1 = h + S1 + ch + round_constants[i] + (uint32_t)w[i];
101 uint32_t S0 = numeric::rotate32((uint32_t)a, 2U) ^ numeric::rotate32((uint32_t)a, 13U) ^
102 numeric::rotate32((uint32_t)a, 22U);
103 uint32_t maj = (a & b) ^ (a & c) ^ (b & c); // (a & (b + c - (T0 * 2))) + T0; // === (a & b) ^ (a & c) ^ (b & c)
104 uint32_t temp2 = S0 + maj;
105
106 h = g;
107 g = f;
108 f = e;
109 e = d + temp1;
110 d = c;
111 c = b;
112 b = a;
113 a = temp1 + temp2;
114 }
115
119 std::array<uint64_t, 8> output;
120 output[0] = (uint32_t)(a + init_constants[0]);
121 output[1] = (uint32_t)(b + init_constants[1]);
122 output[2] = (uint32_t)(c + init_constants[2]);
123 output[3] = (uint32_t)(d + init_constants[3]);
124 output[4] = (uint32_t)(e + init_constants[4]);
125 output[5] = (uint32_t)(f + init_constants[5]);
126 output[6] = (uint32_t)(g + init_constants[6]);
127 output[7] = (uint32_t)(h + init_constants[7]);
128 return output;
129}
130
131// TEST(stdlib_sha256_plookup, test_round)
132// {
133
134// auto builder = UltraPlonkBuilder();
135
136// std::array<uint64_t, 64> w_inputs;
137// std::array<stdlib::field_t<UltraCircuitBuilder>, 64> w_elements;
138
139// for (size_t i = 0; i < 64; ++i) {
140// w_inputs[i] = engine.get_random_uint32();
141// w_elements[i] = stdlib::witness_t<bb::UltraCircuitBuilder>(&builder,
142// fr(w_inputs[i]));
143// }
144
145// const auto expected = inner_block(w_inputs);
146
147// const std::array<bb::stdlib::field_t<bb::UltraCircuitBuilder>, 8> result =
148// stdlib::sha256_inner_block(w_elements);
149// for (size_t i = 0; i < 8; ++i) {
150// EXPECT_EQ(uint256_t(result[i].get_value()).data[0] & 0xffffffffUL,
151// uint256_t(expected[i]).data[0] & 0xffffffffUL);
152// }
153// info("num gates = %zu\n", builder.get_estimated_num_finalized_gates());
154
155// auto prover = composer.create_prover();
156
157// auto verifier = composer.create_verifier();
158// plonk::proof proof = prover.construct_proof();
159// bool proof_result = CircuitChecker::check(builder);
160// EXPECT_EQ(proof_result, true);
161// }
162
163TEST(stdlib_sha256, test_plookup_55_bytes)
164{
165
166 // 55 bytes is the largest number of bytes that can be hashed in a single block,
167 // accounting for the single padding bit, and the 64 size bits required by the SHA-256 standard.
168 auto builder = UltraCircuitBuilder();
169 byte_array_ct input(&builder, "An 8 character password? Snow White and the 7 Dwarves..");
170
171 byte_array_ct output_bytes = stdlib::SHA256<UltraCircuitBuilder>::hash(input);
172
173 std::vector<field_ct> output = pack_bytes_into_field_elements(output_bytes);
174
175 EXPECT_EQ(uint256_t(output[0].get_value()), 0x51b2529fU);
176 EXPECT_EQ(uint256_t(output[1].get_value()), 0x872e839aU);
177 EXPECT_EQ(uint256_t(output[2].get_value()), 0xb686c3c2U);
178 EXPECT_EQ(uint256_t(output[3].get_value()), 0x483c872eU);
179 EXPECT_EQ(uint256_t(output[4].get_value()), 0x975bd672U);
180 EXPECT_EQ(uint256_t(output[5].get_value()), 0xbde22ab0U);
181 EXPECT_EQ(uint256_t(output[6].get_value()), 0x54a8fac7U);
182 EXPECT_EQ(uint256_t(output[7].get_value()), 0x93791fc7U);
183 info("num gates = ", builder.get_estimated_num_finalized_gates());
184
185 bool proof_result = CircuitChecker::check(builder);
186 EXPECT_EQ(proof_result, true);
187}
188
189TEST(stdlib_sha256, test_55_bytes)
190{
191 // 55 bytes is the largest number of bytes that can be hashed in a single block,
192 // accounting for the single padding bit, and the 64 size bits required by the SHA-256 standard.
193 auto builder = Builder();
194 byte_array_ct input(&builder, "An 8 character password? Snow White and the 7 Dwarves..");
195
196 byte_array_ct output_bytes = stdlib::SHA256<UltraCircuitBuilder>::hash(input);
197
198 std::vector<field_ct> output = pack_bytes_into_field_elements(output_bytes);
199
200 EXPECT_EQ(output[0].get_value(), fr(0x51b2529fULL));
201 EXPECT_EQ(output[1].get_value(), fr(0x872e839aULL));
202 EXPECT_EQ(output[2].get_value(), fr(0xb686c3c2ULL));
203 EXPECT_EQ(output[3].get_value(), fr(0x483c872eULL));
204 EXPECT_EQ(output[4].get_value(), fr(0x975bd672ULL));
205 EXPECT_EQ(output[5].get_value(), fr(0xbde22ab0ULL));
206 EXPECT_EQ(output[6].get_value(), fr(0x54a8fac7ULL));
207 EXPECT_EQ(output[7].get_value(), fr(0x93791fc7ULL));
208 info("num gates = ", builder.get_estimated_num_finalized_gates());
209
210 bool proof_result = CircuitChecker::check(builder);
211 EXPECT_EQ(proof_result, true);
212}
213
214TEST(stdlib_sha256, test_NIST_vector_one_byte_array)
215{
216
217 auto builder = UltraCircuitBuilder();
218
219 byte_array_ct input(&builder, "abc");
220 byte_array_ct output_bytes = stdlib::SHA256<UltraCircuitBuilder>::hash(input);
221 std::vector<field_ct> output = pack_bytes_into_field_elements(output_bytes);
222 EXPECT_EQ(uint256_t(output[0].get_value()).data[0], (uint64_t)0xBA7816BFU);
223 EXPECT_EQ(uint256_t(output[1].get_value()).data[0], (uint64_t)0x8F01CFEAU);
224 EXPECT_EQ(uint256_t(output[2].get_value()).data[0], (uint64_t)0x414140DEU);
225 EXPECT_EQ(uint256_t(output[3].get_value()).data[0], (uint64_t)0x5DAE2223U);
226 EXPECT_EQ(uint256_t(output[4].get_value()).data[0], (uint64_t)0xB00361A3U);
227 EXPECT_EQ(uint256_t(output[5].get_value()).data[0], (uint64_t)0x96177A9CU);
228 EXPECT_EQ(uint256_t(output[6].get_value()).data[0], (uint64_t)0xB410FF61U);
229 EXPECT_EQ(uint256_t(output[7].get_value()).data[0], (uint64_t)0xF20015ADU);
230 info("num gates = ", builder.get_estimated_num_finalized_gates());
231
232 bool proof_result = CircuitChecker::check(builder);
233 EXPECT_EQ(proof_result, true);
234}
235
236TEST(stdlib_sha256, test_NIST_vector_one)
237{
238
239 auto builder = UltraCircuitBuilder();
240
241 byte_array_ct input(&builder, "abc");
242
243 byte_array_ct output_bytes = stdlib::SHA256<UltraCircuitBuilder>::hash(input);
244
245 std::vector<field_ct> output = pack_bytes_into_field_elements(output_bytes);
246
247 EXPECT_EQ(output[0].get_value(), fr(0xBA7816BFULL));
248 EXPECT_EQ(output[1].get_value(), fr(0x8F01CFEAULL));
249 EXPECT_EQ(output[2].get_value(), fr(0x414140DEULL));
250 EXPECT_EQ(output[3].get_value(), fr(0x5DAE2223ULL));
251 EXPECT_EQ(output[4].get_value(), fr(0xB00361A3ULL));
252 EXPECT_EQ(output[5].get_value(), fr(0x96177A9CULL));
253 EXPECT_EQ(output[6].get_value(), fr(0xB410FF61ULL));
254 EXPECT_EQ(output[7].get_value(), fr(0xF20015ADULL));
255 info("num gates = ", builder.get_estimated_num_finalized_gates());
256
257 bool proof_result = CircuitChecker::check(builder);
258 EXPECT_EQ(proof_result, true);
259}
260
261TEST(stdlib_sha256, test_NIST_vector_two)
262{
263 auto builder = Builder();
264
265 byte_array_ct input(&builder, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq");
266
267 byte_array_ct output_bytes = stdlib::SHA256<UltraCircuitBuilder>::hash(input);
268
269 std::vector<field_ct> output = pack_bytes_into_field_elements(output_bytes);
270
271 EXPECT_EQ(output[0].get_value(), 0x248D6A61ULL);
272 EXPECT_EQ(output[1].get_value(), 0xD20638B8ULL);
273 EXPECT_EQ(output[2].get_value(), 0xE5C02693ULL);
274 EXPECT_EQ(output[3].get_value(), 0x0C3E6039ULL);
275 EXPECT_EQ(output[4].get_value(), 0xA33CE459ULL);
276 EXPECT_EQ(output[5].get_value(), 0x64FF2167ULL);
277 EXPECT_EQ(output[6].get_value(), 0xF6ECEDD4ULL);
278 EXPECT_EQ(output[7].get_value(), 0x19DB06C1ULL);
279 info("num gates = ", builder.get_estimated_num_finalized_gates());
280
281 bool proof_result = CircuitChecker::check(builder);
282 EXPECT_EQ(proof_result, true);
283}
284
285TEST(stdlib_sha256, test_NIST_vector_three)
286{
287 auto builder = Builder();
288
289 // one byte, 0xbd
290 byte_array_ct input(&builder, std::vector<uint8_t>{ 0xbd });
291
292 byte_array_ct output_bytes = stdlib::SHA256<UltraCircuitBuilder>::hash(input);
293
294 std::vector<field_ct> output = pack_bytes_into_field_elements(output_bytes);
295
296 EXPECT_EQ(output[0].get_value(), 0x68325720ULL);
297 EXPECT_EQ(output[1].get_value(), 0xaabd7c82ULL);
298 EXPECT_EQ(output[2].get_value(), 0xf30f554bULL);
299 EXPECT_EQ(output[3].get_value(), 0x313d0570ULL);
300 EXPECT_EQ(output[4].get_value(), 0xc95accbbULL);
301 EXPECT_EQ(output[5].get_value(), 0x7dc4b5aaULL);
302 EXPECT_EQ(output[6].get_value(), 0xe11204c0ULL);
303 EXPECT_EQ(output[7].get_value(), 0x8ffe732bULL);
304 info("num gates = ", builder.get_estimated_num_finalized_gates());
305
306 bool proof_result = CircuitChecker::check(builder);
307 EXPECT_EQ(proof_result, true);
308}
309
310TEST(stdlib_sha256, test_NIST_vector_four)
311{
312 auto builder = Builder();
313
314 // 4 bytes, 0xc98c8e55
315 byte_array_ct input(&builder, std::vector<uint8_t>{ 0xc9, 0x8c, 0x8e, 0x55 });
316
317 byte_array_ct output_bytes = stdlib::SHA256<UltraCircuitBuilder>::hash(input);
318
319 std::vector<field_ct> output = pack_bytes_into_field_elements(output_bytes);
320
321 EXPECT_EQ(output[0].get_value(), 0x7abc22c0ULL);
322 EXPECT_EQ(output[1].get_value(), 0xae5af26cULL);
323 EXPECT_EQ(output[2].get_value(), 0xe93dbb94ULL);
324 EXPECT_EQ(output[3].get_value(), 0x433a0e0bULL);
325 EXPECT_EQ(output[4].get_value(), 0x2e119d01ULL);
326 EXPECT_EQ(output[5].get_value(), 0x4f8e7f65ULL);
327 EXPECT_EQ(output[6].get_value(), 0xbd56c61cULL);
328 EXPECT_EQ(output[7].get_value(), 0xcccd9504ULL);
329
330 info("num gates = ", builder.get_estimated_num_finalized_gates());
331
332 bool proof_result = CircuitChecker::check(builder);
333 EXPECT_EQ(proof_result, true);
334}
335
336HEAVY_TEST(stdlib_sha256, test_NIST_vector_five)
337{
338
339 auto builder = UltraCircuitBuilder();
340
341 byte_array_ct input(
342 &builder,
343 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
344 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
345 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
346 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
347 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
348 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
349 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
350 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
351 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
352 "AAAAAAAAAA");
353
354 byte_array_ct output_bytes = stdlib::SHA256<UltraCircuitBuilder>::hash(input);
355
356 std::vector<field_ct> output = pack_bytes_into_field_elements(output_bytes);
357
358 EXPECT_EQ(output[0].get_value(), 0xc2e68682ULL);
359 EXPECT_EQ(output[1].get_value(), 0x3489ced2ULL);
360 EXPECT_EQ(output[2].get_value(), 0x017f6059ULL);
361 EXPECT_EQ(output[3].get_value(), 0xb8b23931ULL);
362 EXPECT_EQ(output[4].get_value(), 0x8b6364f6ULL);
363 EXPECT_EQ(output[5].get_value(), 0xdcd835d0ULL);
364 EXPECT_EQ(output[6].get_value(), 0xa519105aULL);
365 EXPECT_EQ(output[7].get_value(), 0x1eadd6e4ULL);
366
367 info("num gates = ", builder.get_estimated_num_finalized_gates());
368
369 bool proof_result = CircuitChecker::check(builder);
370 EXPECT_EQ(proof_result, true);
371}
372
373TEST(stdlib_sha256, test_input_len_multiple)
374{
375 auto builder = Builder();
376
377 std::vector<uint32_t> input_sizes = { 1, 7, 15, 16, 30, 32, 55, 64, 90, 128, 512, 700 };
378
379 for (auto& inp : input_sizes) {
380 auto input_buf = std::vector<uint8_t>(inp, 1);
381
382 byte_array_ct input(&builder, input_buf);
383 byte_array_ct output_bytes = stdlib::SHA256<UltraCircuitBuilder>::hash(input);
384
385 auto circuit_output = output_bytes.get_value();
386
387 auto expected = crypto::sha256(input_buf);
388
389 EXPECT_EQ(circuit_output, expected);
390 }
391}
392
393TEST(stdlib_sha256, test_input_str_len_multiple)
394{
395 auto builder = Builder();
396
397 std::vector<std::string> input_strings = {
398 "y", // 1
399 "rjvrbuh", // 7
400 "mrrozctemyvkntd", // 15
401 "wzazugetudtuezxa", // 16
402 "dbxldszbrgdmyvncpeifhnelmlulqo", // 30
403 "qdnsbdlamrivgzbktsyyijethtvuzzrk", // 32
404 "qhpqepdogwsiuyfwqgbqcikeywbgyjznoswitwddhytzkrkdjykvflg", // 55
405 "fmsityhwkevuctwwsosjyrznibbpfcawmkoatqaaojeahnldcnrwijqpwiuvdeyp", // 64
406 "utszdtjhsqjeakhczzusnntdrtxbljvhqdndaybosjgaufvnjxmnidcvvedgszbspaycosgwauyttmbdvqogakiktp", // 90
407 "enbgynwxnnymvqeqbojewmzwowfbpetrerntwtkgwnvtdopjssnddzxjnkqwicthufgpbwrmmhiwpyxlpskxgarmrtvketlvkmdvnsqgdftfhw"
408 "dvgmlfjrqoviqrhuon", // 128
409 "nngsypjgwnazpjdxovbqnevgrqxwzuljdqqiahpgwvvmgjdzfwjsjwwxcadhluzqxezlrznuoiuobpmkhqibphwvfjicmpxkshiizlgpyloxyx"
410 "fljwgwlazfidiylowazmguxxxjzimizxrzllescpactcpzeaeuyhjxgkmktkqslxripwwgragpvwknphwifojuqatlraacymbwfaohhhzstnil"
411 "tqvukrienivisigkoefkqejdagylahffwvloqtqjkmtgxenxviqutsjjgffmolrwqbwgigyrhbpqsnyyzmvvyehcsyzxxskkyxiuqvagakutcu"
412 "lqowtykszgnpmeebrksyaqezflhdbrgswpwnrknjnfhnfqfwquooxazubnccawwvldpihkhjkwmwceuvorfeuwvzjzzceywuimfzunordhixpo"
413 "rqveoywjgdbnmgiywcwwcybhoqvhentbwxfvouauviyqbnphtfotgwtitxutdfxjforuyaau", // 512
414 "lbfeywyqvybssdvmorkyltmgxvjezwltijsqfnpaexqyzfppmnpsxlhqwdojjqsqlfybpxskexswevngctedgvhbdwszxqxqoqbhmshmpmdrpy"
415 "akejsoevkfrtvgfzcvockujdynvxfaxsdavmwlpxfwftczoduqdfxrkksnqygdsarhaszezxndalitvvsziyeklymrytdkunnxpvwvkzldrrzw"
416 "ccxghwdnufkxsvpumhhszzjpmwuxvfjxfccltjqlwkyleyoydzpqqfnkkuvdgbvuqqsnpexuoqupakvhvqfucbkzoyzehocvkzsngtwkyqklhk"
417 "qdtszsbtyzxzdeipjsbmzrpqlkhlkqimoiiblhrrymyafvtdbrmbixuzwhvnkcroanyvxvbaaznpgoadhmltgcweqajbnnkzuxihlcqurjzkxb"
418 "pxqjyvutmgqquavwpkdgkppctvybdikwvqxgifgfbgzywijqtcyvfqdsbbxsknqejhrwuhlnqjgdcpipxxwbguzgsjygbdgqczmqxcnzieoyok"
419 "oraykfcqzctnjgjcdyhnxnuorvaxhsdbeosqhvqebccfxiefubecprupofnkkpafpmlzcqbcnojbelemuqlxoiqqwhtrddqqwurvgyretfvhuh"
420 "fzkbvfywmrqpjqxdrvlrmvlbmmfeldmwvxmpohle" // 700
421 };
422
423 for (auto& input_str : input_strings) {
424 auto input_buf = std::vector<uint8_t>(input_str.begin(), input_str.end());
425
426 byte_array_ct input(&builder, input_buf);
427 byte_array_ct output_bytes = stdlib::SHA256<UltraCircuitBuilder>::hash(input);
428
429 auto circuit_output = output_bytes.get_value();
430
431 auto expected = crypto::sha256(input_buf);
432
433 EXPECT_EQ(circuit_output, expected);
434 }
435}
436
437TEST(stdlib_sha256, test_boomerang_value_regression)
438{
439 auto builder = Builder();
440 std::array<field_t<Builder>, 16> input;
441
442 // Create random input witnesses and ensure that the witnesses are constrained to constants
443 for (size_t i = 0; i < 16; i++) {
444 auto random32bits = engine.get_random_uint32();
445 field_ct elt(witness_ct(&builder, fr(random32bits)));
446 elt.fix_witness();
447 input[i] = elt;
448 }
449 // Check correctness
450 std::array<field_t<Builder>, 64> w_ext = SHA256<Builder>::extend_witness(input);
451 bool result1 = CircuitChecker::check(builder);
452 EXPECT_EQ(result1, true);
453 bool result2 = false;
454 for (auto& single_extended_witness : w_ext) {
455
456 auto random32bits = engine.get_random_uint32();
457 uint32_t variable_index = single_extended_witness.witness_index;
458 // Ensure our random value is different
459 while (builder.get_variable(variable_index) == fr(random32bits)) {
460 random32bits = engine.get_random_uint32();
461 }
462 auto backup = builder.get_variable(variable_index);
463 builder.set_variable(variable_index, fr(random32bits));
464 // Check that the circuit fails
465 result2 = result2 || CircuitChecker::check(builder);
466 builder.set_variable(variable_index, backup);
467 }
468 // If at least one of the updated witnesses hasn't caused the circuit to fail, we're in trouble
469 EXPECT_EQ(result2, false);
470}
circuit_checker.hpp
bb::TranslatorCircuitChecker::check
static bool check(const Builder &circuit)
Check the witness satisifies the circuit.
Definition translator_circuit_checker.cpp:20
bb::numeric::RNG::get_random_uint32
virtual uint32_t get_random_uint32()=0
bb::numeric::uint256_t
Definition uint256.hpp:32
bb::stdlib::SHA256::extend_witness
static std::array< field_ct, 64 > extend_witness(const std::array< field_ct, 16 > &w_in)
Definition sha256.cpp:60
bb::stdlib::SHA256::hash
static byte_array< Builder > hash(const byte_array_ct &input)
Definition sha256.cpp:308
bb::stdlib::byte_array
Represents a dynamic array of bytes in-circuit.
Definition byte_array.hpp:28
bb::stdlib::byte_array::slice
byte_array slice(size_t offset) const
Slice bytes from the byte array starting at offset. Does not add any constraints.
Definition byte_array.cpp:278
bb::stdlib::byte_array::get_value
std::vector< uint8_t > get_value() const
A helper converting a byte_array into the vector of its uint8_t values.
Definition byte_array.cpp:315
bb::stdlib::byte_array::size
size_t size() const
Definition byte_array.hpp:74
bb::stdlib::field_t< Builder >
bb::stdlib::field_t::fix_witness
void fix_witness()
Definition field.hpp:441
bb::stdlib::witness_t
Definition witness.hpp:16
info
void info(Args... args)
Definition log.hpp:70
builder
AluTraceBuilder builder
Definition alu.test.cpp:123
data
const std::vector< FF > data
Definition data_copy.test.cpp:61
a
FF a
Definition field_gt.test.cpp:51
b
FF b
Definition field_gt.test.cpp:52
engine
numeric::RNG & engine
Definition eccvm_transcript.test.cpp:282
bb::crypto::sha256
Sha256Hash sha256(const ByteContainer &input)
Definition sha256.cpp:142
bb::numeric::get_debug_randomness
RNG & get_debug_randomness(bool reset, std::uint_fast64_t seed)
Definition engine.cpp:190
bb::numeric::rotate32
constexpr uint32_t rotate32(const uint32_t value, const uint32_t rotation)
Definition rotate.hpp:18
bb::stdlib::blake_util::g
void g(field_t< Builder > state[BLAKE_STATE_SIZE], size_t a, size_t b, size_t c, size_t d, field_t< Builder > x, field_t< Builder > y, const bool last_update=false)
Definition blake_util.hpp:113
bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6
bb::TEST
TEST(MegaCircuitBuilder, CopyConstructor)
Definition mega_circuit_builder.test.cpp:14
bb::fr
field< Bn254FrParams > fr
Definition fr.hpp:174
bb::UltraCircuitBuilder
UltraCircuitBuilder_< UltraExecutionTraceBlocks > UltraCircuitBuilder
Definition circuit_builders_fwd.hpp:24
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
plookup_tables.hpp
sparse_form.hpp
ror
constexpr uint64_t ror(uint64_t val, uint64_t shift)
Definition sha256.test.cpp:41
pack_bytes_into_field_elements
std::vector< field_ct > pack_bytes_into_field_elements(const byte_array_ct &input, size_t num_bytes_in_chunk=4)
Given a byte_array object, slice it into chunks of size num_bytes_in_chunk and compute field elements...
Definition sha256.test.cpp:29
inner_block
std::array< uint64_t, 8 > inner_block(std::array< uint64_t, 64 > &w)
Definition sha256.test.cpp:73
Builder
UltraCircuitBuilder Builder
Definition sha256.test.cpp:18
extend_witness
std::array< uint64_t, 64 > extend_witness(std::array< uint64_t, 16 > &in)
Definition sha256.test.cpp:46
witness_ct
witness_t< Builder > witness_ct
Definition sha256.test.cpp:22
HEAVY_TEST
#define HEAVY_TEST(x, y)
Definition test.hpp:9
ultra_circuit_builder.hpp