diff --git a/avm-transpiler/Cargo.lock b/avm-transpiler/Cargo.lock index 775cd44d2566..3690b1c405af 100644 --- a/avm-transpiler/Cargo.lock +++ b/avm-transpiler/Cargo.lock @@ -55,7 +55,6 @@ dependencies = [ "num-bigint", "p256", "sha2", - "sha3", "thiserror", ] @@ -1252,16 +1251,6 @@ dependencies = [ "digest", ] -[[package]] -name = "sha3" -version = "0.10.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60" -dependencies = [ - "digest", - "keccak", -] - [[package]] name = "signature" version = "1.6.4" diff --git a/avm-transpiler/src/transpile.rs b/avm-transpiler/src/transpile.rs index d900923d2177..355f400aa43a 100644 --- a/avm-transpiler/src/transpile.rs +++ b/avm-transpiler/src/transpile.rs @@ -1040,29 +1040,6 @@ fn handle_black_box_function(avm_instrs: &mut Vec, operation: &B ..Default::default() }); } - BlackBoxOp::Keccak256 { message, output } => { - let message_offset = message.pointer.to_usize(); - let message_size_offset = message.size.to_usize(); - let dest_offset = output.pointer.to_usize(); - assert_eq!(output.size, 32, "Keccak256 output size must be 32!"); - - avm_instrs.push(AvmInstruction { - opcode: AvmOpcode::KECCAK, - indirect: Some( - AddressingModeBuilder::default() - .indirect_operand(&output.pointer) - .indirect_operand(&message.pointer) - .direct_operand(&message.size) - .build(), - ), - operands: vec![ - AvmOperand::U32 { value: dest_offset as u32 }, - AvmOperand::U32 { value: message_offset as u32 }, - AvmOperand::U32 { value: message_size_offset as u32 }, - ], - ..Default::default() - }); - } BlackBoxOp::Keccakf1600 { message, output } => { let message_offset = message.pointer.to_usize(); let message_size_offset = message.size.to_usize(); diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp index 7f357b0f7361..3faba5e923da 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp @@ -148,14 +148,7 @@ void build_constraints(Builder& builder, constraint_system.original_opcode_indices.blake3_constraints.at(i)); } - // Add keccak constraints - for (size_t i = 0; i < constraint_system.keccak_constraints.size(); ++i) { - const auto& constraint = constraint_system.keccak_constraints.at(i); - create_keccak_constraints(builder, constraint); - gate_counter.track_diff(constraint_system.gates_per_opcode, - constraint_system.original_opcode_indices.keccak_constraints.at(i)); - } - + // Add keccak permutations for (size_t i = 0; i < constraint_system.keccak_permutations.size(); ++i) { const auto& constraint = constraint_system.keccak_permutations[i]; create_keccak_permutations(builder, constraint); diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp index c7157edaf906..c21a91609f2a 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp @@ -47,7 +47,6 @@ struct AcirFormatOriginalOpcodeIndices { std::vector ecdsa_r1_constraints; std::vector blake2s_constraints; std::vector blake3_constraints; - std::vector keccak_constraints; std::vector keccak_permutations; std::vector pedersen_constraints; std::vector pedersen_hash_constraints; @@ -95,7 +94,6 @@ struct AcirFormat { std::vector ecdsa_r1_constraints; std::vector blake2s_constraints; std::vector blake3_constraints; - std::vector keccak_constraints; std::vector keccak_permutations; std::vector pedersen_constraints; std::vector pedersen_hash_constraints; @@ -147,7 +145,6 @@ struct AcirFormat { ecdsa_r1_constraints, blake2s_constraints, blake3_constraints, - keccak_constraints, keccak_permutations, pedersen_constraints, pedersen_hash_constraints, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp index 0aa7d35021ef..f419b557ccac 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp @@ -51,7 +51,6 @@ TEST_F(AcirFormatTests, TestASingleConstraintNoPubInputs) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -175,7 +174,6 @@ TEST_F(AcirFormatTests, TestLogicGateFromNoirCircuit) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -258,7 +256,6 @@ TEST_F(AcirFormatTests, TestSchnorrVerifyPass) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -367,7 +364,6 @@ TEST_F(AcirFormatTests, TestSchnorrVerifySmallRange) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -430,98 +426,6 @@ TEST_F(AcirFormatTests, TestSchnorrVerifySmallRange) EXPECT_EQ(verifier.verify_proof(proof), true); } -TEST_F(AcirFormatTests, TestVarKeccak) -{ - HashInput input1; - input1.witness = 0; - input1.num_bits = 8; - HashInput input2; - input2.witness = 1; - input2.num_bits = 8; - HashInput input3; - input3.witness = 2; - input3.num_bits = 8; - KeccakConstraint keccak; - keccak.inputs = { input1, input2, input3 }; - keccak.var_message_size = 3; - keccak.result = { 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, - 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 }; - - RangeConstraint range_a{ - .witness = 0, - .num_bits = 8, - }; - RangeConstraint range_b{ - .witness = 1, - .num_bits = 8, - }; - RangeConstraint range_c{ - .witness = 2, - .num_bits = 8, - }; - RangeConstraint range_d{ - .witness = 3, - .num_bits = 8, - }; - - auto dummy = poly_triple{ - .a = 0, - .b = 0, - .c = 0, - .q_m = 0, - .q_l = 1, - .q_r = 0, - .q_o = 0, - .q_c = fr::neg_one() * fr(4), - }; - - AcirFormat constraint_system{ - .varnum = 36, - .recursive = false, - .num_acir_opcodes = 6, - .public_inputs = {}, - .logic_constraints = {}, - .range_constraints = { range_a, range_b, range_c, range_d }, - .aes128_constraints = {}, - .sha256_compression = {}, - .schnorr_constraints = {}, - .ecdsa_k1_constraints = {}, - .ecdsa_r1_constraints = {}, - .blake2s_constraints = {}, - .blake3_constraints = {}, - .keccak_constraints = { keccak }, - .keccak_permutations = {}, - .pedersen_constraints = {}, - .pedersen_hash_constraints = {}, - .poseidon2_constraints = {}, - .multi_scalar_mul_constraints = {}, - .ec_add_constraints = {}, - .recursion_constraints = {}, - .honk_recursion_constraints = {}, - .avm_recursion_constraints = {}, - .ivc_recursion_constraints = {}, - .bigint_from_le_bytes_constraints = {}, - .bigint_to_le_bytes_constraints = {}, - .bigint_operations = {}, - .assert_equalities = {}, - .poly_triple_constraints = { dummy }, - .quad_constraints = {}, - .big_quad_constraints = {}, - .block_constraints = {}, - .original_opcode_indices = create_empty_original_opcode_indices(), - }; - mock_opcode_indices(constraint_system); - - WitnessVector witness{ 4, 2, 6, 2 }; - auto builder = create_circuit(constraint_system, /*size_hint*/ 0, witness); - - auto composer = Composer(); - auto prover = composer.create_ultra_with_keccak_prover(builder); - auto proof = prover.construct_proof(); - auto verifier = composer.create_ultra_with_keccak_verifier(builder); - EXPECT_EQ(verifier.verify_proof(proof), true); -} - TEST_F(AcirFormatTests, TestKeccakPermutation) { Keccakf1600 @@ -571,7 +475,6 @@ TEST_F(AcirFormatTests, TestKeccakPermutation) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = { keccak_permutation }, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -648,7 +551,6 @@ TEST_F(AcirFormatTests, TestCollectsGateCounts) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -777,7 +679,6 @@ TEST_F(AcirFormatTests, TestBigAdd) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format_mocks.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format_mocks.cpp index 2173285becfa..fdfe73967202 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format_mocks.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format_mocks.cpp @@ -12,7 +12,6 @@ acir_format::AcirFormatOriginalOpcodeIndices create_empty_original_opcode_indice .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -63,9 +62,6 @@ void mock_opcode_indices(acir_format::AcirFormat& constraint_system) for (size_t i = 0; i < constraint_system.blake3_constraints.size(); i++) { constraint_system.original_opcode_indices.blake3_constraints.push_back(current_opcode++); } - for (size_t i = 0; i < constraint_system.keccak_constraints.size(); i++) { - constraint_system.original_opcode_indices.keccak_constraints.push_back(current_opcode++); - } for (size_t i = 0; i < constraint_system.keccak_permutations.size(); i++) { constraint_system.original_opcode_indices.keccak_permutations.push_back(current_opcode++); } diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.cpp index defe82a99651..dff52b896726 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.cpp @@ -647,24 +647,6 @@ void handle_blackbox_func_call(Program::Opcode::BlackBoxFuncCall const& arg, af.constrained_witness.insert(af.ec_add_constraints.back().result_y); af.constrained_witness.insert(af.ec_add_constraints.back().result_infinite); af.original_opcode_indices.ec_add_constraints.push_back(opcode_index); - } else if constexpr (std::is_same_v) { - auto input_var_message_size = get_witness_from_function_input(arg.var_message_size); - af.keccak_constraints.push_back(KeccakConstraint{ - .inputs = map(arg.inputs, - [](auto& e) { - auto input_witness = get_witness_from_function_input(e); - return HashInput{ - .witness = input_witness, - .num_bits = e.num_bits, - }; - }), - .result = map(arg.outputs, [](auto& e) { return e.value; }), - .var_message_size = input_var_message_size, - }); - for (auto& output : af.keccak_constraints.back().result) { - af.constrained_witness.insert(output); - } - af.original_opcode_indices.keccak_constraints.push_back(opcode_index); } else if constexpr (std::is_same_v) { af.keccak_permutations.push_back(Keccakf1600{ .state = map(arg.inputs, [](auto& e) { return parse_input(e); }), diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/bigint_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/bigint_constraint.test.cpp index 7e7cad304307..f7ef70c71fb0 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/bigint_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/bigint_constraint.test.cpp @@ -184,7 +184,6 @@ TEST_F(BigIntTests, TestBigIntConstraintMultiple) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -260,7 +259,6 @@ TEST_F(BigIntTests, TestBigIntConstraintSimple) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -320,7 +318,6 @@ TEST_F(BigIntTests, TestBigIntConstraintReuse) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -385,7 +382,6 @@ TEST_F(BigIntTests, TestBigIntConstraintReuse2) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -471,7 +467,6 @@ TEST_F(BigIntTests, TestBigIntDIV) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp index 10f7d87baea5..2bcd9cf0f924 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp @@ -152,7 +152,6 @@ TEST_F(UltraPlonkRAM, TestBlockConstraint) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -206,7 +205,6 @@ TEST_F(MegaHonk, Databus) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -315,7 +313,6 @@ TEST_F(MegaHonk, DatabusReturn) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp index f009fac6fbdc..9b5e9eacf531 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp @@ -74,7 +74,6 @@ TEST_F(EcOperations, TestECOperations) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -213,7 +212,6 @@ TEST_F(EcOperations, TestECMultiScalarMul) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp index 09c9cfe63c53..de64682de76e 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp @@ -106,7 +106,6 @@ TEST_F(ECDSASecp256k1, TestECDSAConstraintSucceed) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -163,7 +162,6 @@ TEST_F(ECDSASecp256k1, TestECDSACompilesForVerifier) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -215,7 +213,6 @@ TEST_F(ECDSASecp256k1, TestECDSAConstraintFail) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp index dc559d9f74c3..0ecb9fd545db 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp @@ -140,7 +140,6 @@ TEST(ECDSASecp256r1, test_hardcoded) .ecdsa_r1_constraints = { ecdsa_r1_constraint }, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -199,7 +198,6 @@ TEST(ECDSASecp256r1, TestECDSAConstraintSucceed) .ecdsa_r1_constraints = { ecdsa_r1_constraint }, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -256,7 +254,6 @@ TEST(ECDSASecp256r1, TestECDSACompilesForVerifier) .ecdsa_r1_constraints = { ecdsa_r1_constraint }, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -309,7 +306,6 @@ TEST(ECDSASecp256r1, TestECDSAConstraintFail) .ecdsa_r1_constraints = { ecdsa_r1_constraint }, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.test.cpp index d25ad841e5be..709326e935f0 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.test.cpp @@ -102,7 +102,6 @@ class AcirHonkRecursionConstraint : public ::testing::Test { .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.cpp index 54139dba07d9..5261f0c7693a 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.cpp @@ -5,42 +5,6 @@ namespace acir_format { -template void create_keccak_constraints(Builder& builder, const KeccakConstraint& constraint) -{ - using byte_array_ct = bb::stdlib::byte_array; - using field_ct = bb::stdlib::field_t; - using uint32_ct = bb::stdlib::uint32; - - // Create byte array struct - byte_array_ct arr(&builder); - - // Get the witness assignment for each witness index - // Write the witness assignment to the byte_array - for (const auto& witness_index_num_bits : constraint.inputs) { - auto witness_index = witness_index_num_bits.witness; - auto num_bits = witness_index_num_bits.num_bits; - - // XXX: The implementation requires us to truncate the element to the nearest byte and not bit - auto num_bytes = round_to_nearest_byte(num_bits); - - field_ct element = field_ct::from_witness_index(&builder, witness_index); - byte_array_ct element_bytes(element, num_bytes); - - arr.write(element_bytes); - } - - uint32_ct length = field_ct::from_witness_index(&builder, constraint.var_message_size); - - byte_array_ct output_bytes = bb::stdlib::keccak::hash(arr, length); - - // Convert byte array to vector of field_t - auto bytes = output_bytes.bytes(); - - for (size_t i = 0; i < bytes.size(); ++i) { - builder.assert_equal(bytes[i].normalize().witness_index, constraint.result[i]); - } -} - template void create_keccak_permutations(Builder& builder, const Keccakf1600& constraint) { using field_ct = bb::stdlib::field_t; @@ -60,14 +24,9 @@ template void create_keccak_permutations(Builder& builder, co builder.assert_equal(output_state[i].normalize().witness_index, constraint.result[i]); } } -template void create_keccak_constraints(bb::UltraCircuitBuilder& builder, - const KeccakConstraint& constraint); template void create_keccak_permutations(bb::UltraCircuitBuilder& builder, const Keccakf1600& constraint); -template void create_keccak_constraints(bb::MegaCircuitBuilder& builder, - const KeccakConstraint& constraint); - template void create_keccak_permutations(bb::MegaCircuitBuilder& builder, const Keccakf1600& constraint); diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.hpp index 2bf194dfd9f9..dfbdcea2b514 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.hpp @@ -25,17 +25,6 @@ struct Keccakf1600 { friend bool operator==(Keccakf1600 const& lhs, Keccakf1600 const& rhs) = default; }; -struct KeccakConstraint { - std::vector inputs; - std::array result; - uint32_t var_message_size; - - // For serialization, update with any new fields - MSGPACK_FIELDS(inputs, result, var_message_size); - friend bool operator==(KeccakConstraint const& lhs, KeccakConstraint const& rhs) = default; -}; - -template void create_keccak_constraints(Builder& builder, const KeccakConstraint& constraint); template void create_keccak_permutations(Builder& builder, const Keccakf1600& constraint); } // namespace acir_format diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/multi_scalar_mul.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/multi_scalar_mul.test.cpp index 77e818c4d591..52e319aa4cf6 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/multi_scalar_mul.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/multi_scalar_mul.test.cpp @@ -74,7 +74,6 @@ TEST_F(MSMTests, TestMSM) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/poseidon2_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/poseidon2_constraint.test.cpp index e1db815ea812..46337fa01226 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/poseidon2_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/poseidon2_constraint.test.cpp @@ -54,7 +54,6 @@ TEST_F(Poseidon2Tests, TestPoseidon2Permutation) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp index 060d2d483aff..2cdd1fea2ce2 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp @@ -99,7 +99,6 @@ Builder create_inner_circuit() .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, @@ -263,7 +262,6 @@ Builder create_outer_circuit(std::vector& inner_circuits) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/serde/acir.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/serde/acir.hpp index b9b4a2598f03..b781f4000e45 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/serde/acir.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/serde/acir.hpp @@ -291,15 +291,6 @@ struct BlackBoxOp { static Blake3 bincodeDeserialize(std::vector); }; - struct Keccak256 { - Program::HeapVector message; - Program::HeapArray output; - - friend bool operator==(const Keccak256&, const Keccak256&); - std::vector bincodeSerialize() const; - static Keccak256 bincodeDeserialize(std::vector); - }; - struct Keccakf1600 { Program::HeapVector message; Program::HeapArray output; @@ -482,7 +473,6 @@ struct BlackBoxOp { std::variant); }; - struct Keccak256 { - std::vector inputs; - Program::FunctionInput var_message_size; - std::array outputs; - - friend bool operator==(const Keccak256&, const Keccak256&); - std::vector bincodeSerialize() const; - static Keccak256 bincodeDeserialize(std::vector); - }; - struct Keccakf1600 { std::array inputs; std::array outputs; @@ -1093,7 +1073,6 @@ struct BlackBoxFuncCall { EcdsaSecp256r1, MultiScalarMul, EmbeddedCurveAdd, - Keccak256, Keccakf1600, RecursiveAggregation, BigIntAdd, @@ -3454,63 +3433,6 @@ Program::BlackBoxFuncCall::EmbeddedCurveAdd serde::Deserializable< namespace Program { -inline bool operator==(const BlackBoxFuncCall::Keccak256& lhs, const BlackBoxFuncCall::Keccak256& rhs) -{ - if (!(lhs.inputs == rhs.inputs)) { - return false; - } - if (!(lhs.var_message_size == rhs.var_message_size)) { - return false; - } - if (!(lhs.outputs == rhs.outputs)) { - return false; - } - return true; -} - -inline std::vector BlackBoxFuncCall::Keccak256::bincodeSerialize() const -{ - auto serializer = serde::BincodeSerializer(); - serde::Serializable::serialize(*this, serializer); - return std::move(serializer).bytes(); -} - -inline BlackBoxFuncCall::Keccak256 BlackBoxFuncCall::Keccak256::bincodeDeserialize(std::vector input) -{ - auto deserializer = serde::BincodeDeserializer(input); - auto value = serde::Deserializable::deserialize(deserializer); - if (deserializer.get_buffer_offset() < input.size()) { - throw_or_abort("Some input bytes were not read"); - } - return value; -} - -} // end of namespace Program - -template <> -template -void serde::Serializable::serialize( - const Program::BlackBoxFuncCall::Keccak256& obj, Serializer& serializer) -{ - serde::Serializable::serialize(obj.inputs, serializer); - serde::Serializable::serialize(obj.var_message_size, serializer); - serde::Serializable::serialize(obj.outputs, serializer); -} - -template <> -template -Program::BlackBoxFuncCall::Keccak256 serde::Deserializable::deserialize( - Deserializer& deserializer) -{ - Program::BlackBoxFuncCall::Keccak256 obj; - obj.inputs = serde::Deserializable::deserialize(deserializer); - obj.var_message_size = serde::Deserializable::deserialize(deserializer); - obj.outputs = serde::Deserializable::deserialize(deserializer); - return obj; -} - -namespace Program { - inline bool operator==(const BlackBoxFuncCall::Keccakf1600& lhs, const BlackBoxFuncCall::Keccakf1600& rhs) { if (!(lhs.inputs == rhs.inputs)) { @@ -4302,58 +4224,6 @@ Program::BlackBoxOp::Blake3 serde::Deserializable:: namespace Program { -inline bool operator==(const BlackBoxOp::Keccak256& lhs, const BlackBoxOp::Keccak256& rhs) -{ - if (!(lhs.message == rhs.message)) { - return false; - } - if (!(lhs.output == rhs.output)) { - return false; - } - return true; -} - -inline std::vector BlackBoxOp::Keccak256::bincodeSerialize() const -{ - auto serializer = serde::BincodeSerializer(); - serde::Serializable::serialize(*this, serializer); - return std::move(serializer).bytes(); -} - -inline BlackBoxOp::Keccak256 BlackBoxOp::Keccak256::bincodeDeserialize(std::vector input) -{ - auto deserializer = serde::BincodeDeserializer(input); - auto value = serde::Deserializable::deserialize(deserializer); - if (deserializer.get_buffer_offset() < input.size()) { - throw_or_abort("Some input bytes were not read"); - } - return value; -} - -} // end of namespace Program - -template <> -template -void serde::Serializable::serialize(const Program::BlackBoxOp::Keccak256& obj, - Serializer& serializer) -{ - serde::Serializable::serialize(obj.message, serializer); - serde::Serializable::serialize(obj.output, serializer); -} - -template <> -template -Program::BlackBoxOp::Keccak256 serde::Deserializable::deserialize( - Deserializer& deserializer) -{ - Program::BlackBoxOp::Keccak256 obj; - obj.message = serde::Deserializable::deserialize(deserializer); - obj.output = serde::Deserializable::deserialize(deserializer); - return obj; -} - -namespace Program { - inline bool operator==(const BlackBoxOp::Keccakf1600& lhs, const BlackBoxOp::Keccakf1600& rhs) { if (!(lhs.message == rhs.message)) { diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.test.cpp index 1363df7e31b4..7a70d92885e7 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.test.cpp @@ -49,7 +49,6 @@ TEST_F(Sha256Tests, TestSha256Compression) .ecdsa_r1_constraints = {}, .blake2s_constraints = {}, .blake3_constraints = {}, - .keccak_constraints = {}, .keccak_permutations = {}, .pedersen_constraints = {}, .pedersen_hash_constraints = {}, diff --git a/noir/noir-repo/Cargo.lock b/noir/noir-repo/Cargo.lock index 0c0d4afc579b..b74cca927863 100644 --- a/noir/noir-repo/Cargo.lock +++ b/noir/noir-repo/Cargo.lock @@ -71,7 +71,6 @@ dependencies = [ "p256", "proptest", "sha2", - "sha3", "thiserror", ] diff --git a/noir/noir-repo/acvm-repo/acir/codegen/acir.cpp b/noir/noir-repo/acvm-repo/acir/codegen/acir.cpp index 741d1f365af8..07e059041650 100644 --- a/noir/noir-repo/acvm-repo/acir/codegen/acir.cpp +++ b/noir/noir-repo/acvm-repo/acir/codegen/acir.cpp @@ -291,15 +291,6 @@ namespace Program { static Blake3 bincodeDeserialize(std::vector); }; - struct Keccak256 { - Program::HeapVector message; - Program::HeapArray output; - - friend bool operator==(const Keccak256&, const Keccak256&); - std::vector bincodeSerialize() const; - static Keccak256 bincodeDeserialize(std::vector); - }; - struct Keccakf1600 { Program::HeapVector message; Program::HeapArray output; @@ -479,7 +470,7 @@ namespace Program { static ToRadix bincodeDeserialize(std::vector); }; - std::variant value; + std::variant value; friend bool operator==(const BlackBoxOp&, const BlackBoxOp&); std::vector bincodeSerialize() const; @@ -929,16 +920,6 @@ namespace Program { static EmbeddedCurveAdd bincodeDeserialize(std::vector); }; - struct Keccak256 { - std::vector inputs; - Program::FunctionInput var_message_size; - std::array outputs; - - friend bool operator==(const Keccak256&, const Keccak256&); - std::vector bincodeSerialize() const; - static Keccak256 bincodeDeserialize(std::vector); - }; - struct Keccakf1600 { std::array inputs; std::array outputs; @@ -1039,7 +1020,7 @@ namespace Program { static Sha256Compression bincodeDeserialize(std::vector); }; - std::variant value; + std::variant value; friend bool operator==(const BlackBoxFuncCall&, const BlackBoxFuncCall&); std::vector bincodeSerialize() const; @@ -3037,50 +3018,6 @@ Program::BlackBoxFuncCall::EmbeddedCurveAdd serde::Deserializable BlackBoxFuncCall::Keccak256::bincodeSerialize() const { - auto serializer = serde::BincodeSerializer(); - serde::Serializable::serialize(*this, serializer); - return std::move(serializer).bytes(); - } - - inline BlackBoxFuncCall::Keccak256 BlackBoxFuncCall::Keccak256::bincodeDeserialize(std::vector input) { - auto deserializer = serde::BincodeDeserializer(input); - auto value = serde::Deserializable::deserialize(deserializer); - if (deserializer.get_buffer_offset() < input.size()) { - throw serde::deserialization_error("Some input bytes were not read"); - } - return value; - } - -} // end of namespace Program - -template <> -template -void serde::Serializable::serialize(const Program::BlackBoxFuncCall::Keccak256 &obj, Serializer &serializer) { - serde::Serializable::serialize(obj.inputs, serializer); - serde::Serializable::serialize(obj.var_message_size, serializer); - serde::Serializable::serialize(obj.outputs, serializer); -} - -template <> -template -Program::BlackBoxFuncCall::Keccak256 serde::Deserializable::deserialize(Deserializer &deserializer) { - Program::BlackBoxFuncCall::Keccak256 obj; - obj.inputs = serde::Deserializable::deserialize(deserializer); - obj.var_message_size = serde::Deserializable::deserialize(deserializer); - obj.outputs = serde::Deserializable::deserialize(deserializer); - return obj; -} - namespace Program { inline bool operator==(const BlackBoxFuncCall::Keccakf1600 &lhs, const BlackBoxFuncCall::Keccakf1600 &rhs) { @@ -3692,47 +3629,6 @@ Program::BlackBoxOp::Blake3 serde::Deserializable:: return obj; } -namespace Program { - - inline bool operator==(const BlackBoxOp::Keccak256 &lhs, const BlackBoxOp::Keccak256 &rhs) { - if (!(lhs.message == rhs.message)) { return false; } - if (!(lhs.output == rhs.output)) { return false; } - return true; - } - - inline std::vector BlackBoxOp::Keccak256::bincodeSerialize() const { - auto serializer = serde::BincodeSerializer(); - serde::Serializable::serialize(*this, serializer); - return std::move(serializer).bytes(); - } - - inline BlackBoxOp::Keccak256 BlackBoxOp::Keccak256::bincodeDeserialize(std::vector input) { - auto deserializer = serde::BincodeDeserializer(input); - auto value = serde::Deserializable::deserialize(deserializer); - if (deserializer.get_buffer_offset() < input.size()) { - throw serde::deserialization_error("Some input bytes were not read"); - } - return value; - } - -} // end of namespace Program - -template <> -template -void serde::Serializable::serialize(const Program::BlackBoxOp::Keccak256 &obj, Serializer &serializer) { - serde::Serializable::serialize(obj.message, serializer); - serde::Serializable::serialize(obj.output, serializer); -} - -template <> -template -Program::BlackBoxOp::Keccak256 serde::Deserializable::deserialize(Deserializer &deserializer) { - Program::BlackBoxOp::Keccak256 obj; - obj.message = serde::Deserializable::deserialize(deserializer); - obj.output = serde::Deserializable::deserialize(deserializer); - return obj; -} - namespace Program { inline bool operator==(const BlackBoxOp::Keccakf1600 &lhs, const BlackBoxOp::Keccakf1600 &rhs) { diff --git a/noir/noir-repo/acvm-repo/acir/src/circuit/black_box_functions.rs b/noir/noir-repo/acvm-repo/acir/src/circuit/black_box_functions.rs index 5c07a61af7ef..b7dd41c64dba 100644 --- a/noir/noir-repo/acvm-repo/acir/src/circuit/black_box_functions.rs +++ b/noir/noir-repo/acvm-repo/acir/src/circuit/black_box_functions.rs @@ -117,11 +117,6 @@ pub enum BlackBoxFunc { /// scalar $a$: `a=low+high*2^{128}`, with `low, high < 2^{128}` MultiScalarMul, - /// Computes the Keccak-256 (Ethereum version) of the inputs. - /// - inputs: Vector of bytes (witness, 8) - /// - outputs: Array of 32 bytes (witness, 8) - Keccak256, - /// Keccak Permutation function of width 1600 /// - inputs: An array of 25 64-bit Keccak lanes that represent a keccak sponge of 1600 bits /// - outputs: The result of a keccak f1600 permutation on the input state. Also an array of 25 Keccak lanes. @@ -216,7 +211,6 @@ impl BlackBoxFunc { BlackBoxFunc::AND => "and", BlackBoxFunc::XOR => "xor", BlackBoxFunc::RANGE => "range", - BlackBoxFunc::Keccak256 => "keccak256", BlackBoxFunc::Keccakf1600 => "keccakf1600", BlackBoxFunc::RecursiveAggregation => "recursive_aggregation", BlackBoxFunc::EcdsaSecp256r1 => "ecdsa_secp256r1", @@ -246,7 +240,6 @@ impl BlackBoxFunc { "and" => Some(BlackBoxFunc::AND), "xor" => Some(BlackBoxFunc::XOR), "range" => Some(BlackBoxFunc::RANGE), - "keccak256" => Some(BlackBoxFunc::Keccak256), "keccakf1600" => Some(BlackBoxFunc::Keccakf1600), "recursive_aggregation" => Some(BlackBoxFunc::RecursiveAggregation), "bigint_add" => Some(BlackBoxFunc::BigIntAdd), diff --git a/noir/noir-repo/acvm-repo/acir/src/circuit/opcodes/black_box_function_call.rs b/noir/noir-repo/acvm-repo/acir/src/circuit/opcodes/black_box_function_call.rs index fbe179d7c049..a3d78e7b3b5f 100644 --- a/noir/noir-repo/acvm-repo/acir/src/circuit/opcodes/black_box_function_call.rs +++ b/noir/noir-repo/acvm-repo/acir/src/circuit/opcodes/black_box_function_call.rs @@ -157,15 +157,6 @@ pub enum BlackBoxFuncCall { input2: Box<[FunctionInput; 3]>, outputs: (Witness, Witness, Witness), }, - Keccak256 { - inputs: Vec>, - /// This is the number of bytes to take - /// from the input. Note: if `var_message_size` - /// is more than the number of bytes in the input, - /// then an error is returned. - var_message_size: FunctionInput, - outputs: Box<[Witness; 32]>, - }, Keccakf1600 { inputs: Box<[FunctionInput; 25]>, outputs: Box<[Witness; 25]>, @@ -254,7 +245,6 @@ impl BlackBoxFuncCall { BlackBoxFuncCall::EcdsaSecp256r1 { .. } => BlackBoxFunc::EcdsaSecp256r1, BlackBoxFuncCall::MultiScalarMul { .. } => BlackBoxFunc::MultiScalarMul, BlackBoxFuncCall::EmbeddedCurveAdd { .. } => BlackBoxFunc::EmbeddedCurveAdd, - BlackBoxFuncCall::Keccak256 { .. } => BlackBoxFunc::Keccak256, BlackBoxFuncCall::Keccakf1600 { .. } => BlackBoxFunc::Keccakf1600, BlackBoxFuncCall::RecursiveAggregation { .. } => BlackBoxFunc::RecursiveAggregation, BlackBoxFuncCall::BigIntAdd { .. } => BlackBoxFunc::BigIntAdd, @@ -361,11 +351,6 @@ impl BlackBoxFuncCall { inputs.extend(hashed_message.iter().copied()); inputs } - BlackBoxFuncCall::Keccak256 { inputs, var_message_size, .. } => { - let mut inputs = inputs.clone(); - inputs.push(*var_message_size); - inputs - } BlackBoxFuncCall::RecursiveAggregation { verification_key: key, proof, @@ -386,8 +371,7 @@ impl BlackBoxFuncCall { pub fn get_outputs_vec(&self) -> Vec { match self { BlackBoxFuncCall::Blake2s { outputs, .. } - | BlackBoxFuncCall::Blake3 { outputs, .. } - | BlackBoxFuncCall::Keccak256 { outputs, .. } => outputs.to_vec(), + | BlackBoxFuncCall::Blake3 { outputs, .. } => outputs.to_vec(), BlackBoxFuncCall::Keccakf1600 { outputs, .. } => outputs.to_vec(), diff --git a/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/hash.rs b/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/hash.rs index f177cd071d03..7476b0dc2dcd 100644 --- a/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/hash.rs +++ b/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/hash.rs @@ -49,7 +49,7 @@ fn get_hash_input( // in the message, then we error. if num_bytes_to_take > message_input.len() { return Err(OpcodeResolutionError::BlackBoxFunctionFailed( - acir::BlackBoxFunc::Keccak256, + acir::BlackBoxFunc::Blake2s, format!("the number of bytes to take from the message is more than the number of bytes in the message. {} > {}", num_bytes_to_take, message_input.len()), )); } diff --git a/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/mod.rs b/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/mod.rs index 1cca14cc6800..0f23ec361d87 100644 --- a/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/mod.rs +++ b/noir/noir-repo/acvm-repo/acvm/src/pwg/blackbox/mod.rs @@ -3,7 +3,7 @@ use acir::{ native_types::{Witness, WitnessMap}, AcirField, }; -use acvm_blackbox_solver::{blake2s, blake3, keccak256, keccakf1600}; +use acvm_blackbox_solver::{blake2s, blake3, keccakf1600}; use self::{ aes128::solve_aes128_encryption_opcode, bigint::AcvmBigIntSolver, @@ -90,16 +90,6 @@ pub(crate) fn solve( BlackBoxFuncCall::Blake3 { inputs, outputs } => { solve_generic_256_hash_opcode(initial_witness, inputs, None, outputs, blake3) } - - BlackBoxFuncCall::Keccak256 { inputs, var_message_size, outputs } => { - solve_generic_256_hash_opcode( - initial_witness, - inputs, - Some(var_message_size), - outputs, - keccak256, - ) - } BlackBoxFuncCall::Keccakf1600 { inputs, outputs } => { let mut state = [0; 25]; for (it, input) in state.iter_mut().zip(inputs.as_ref()) { diff --git a/noir/noir-repo/acvm-repo/acvm/tests/solver.rs b/noir/noir-repo/acvm-repo/acvm/tests/solver.rs index e10c195ab5f6..efa8de289e59 100644 --- a/noir/noir-repo/acvm-repo/acvm/tests/solver.rs +++ b/noir/noir-repo/acvm-repo/acvm/tests/solver.rs @@ -1099,45 +1099,6 @@ fn blake3_op( }) } -// variable inputs -// 32 outputs -fn keccak256_op( - function_inputs_and_outputs: (Vec>, Vec), -) -> Result, OpcodeResolutionError> { - let (function_inputs, outputs) = function_inputs_and_outputs; - let function_inputs_len = function_inputs.len(); - Ok(BlackBoxFuncCall::Keccak256 { - inputs: function_inputs, - var_message_size: FunctionInput::constant( - function_inputs_len.into(), - FieldElement::max_num_bits(), - )?, - outputs: outputs.try_into().expect("Keccak256 returns 32 outputs"), - }) -} - -// var_message_size is the number of bytes to take -// from the input. Note: if `var_message_size` -// is more than the number of bytes in the input, -// then an error is returned. -// -// variable inputs -// 32 outputs -fn keccak256_invalid_message_size_op( - function_inputs_and_outputs: (Vec>, Vec), -) -> Result, OpcodeResolutionError> { - let (function_inputs, outputs) = function_inputs_and_outputs; - let function_inputs_len = function_inputs.len(); - Ok(BlackBoxFuncCall::Keccak256 { - inputs: function_inputs, - var_message_size: FunctionInput::constant( - (function_inputs_len - 1).into(), - FieldElement::max_num_bits(), - )?, - outputs: outputs.try_into().expect("Keccak256 returns 32 outputs"), - }) -} - // 25 inputs // 25 outputs fn keccakf1600_op( @@ -1489,19 +1450,6 @@ fn blake3_zeros() { assert_eq!(results, Ok(expected_results)); } -#[test] -fn keccak256_zeros() { - let results = solve_array_input_blackbox_call(vec![], 32, None, keccak256_op); - let expected_results: Vec<_> = vec![ - 197, 210, 70, 1, 134, 247, 35, 60, 146, 126, 125, 178, 220, 199, 3, 192, 229, 0, 182, 83, - 202, 130, 39, 59, 123, 250, 216, 4, 93, 133, 164, 112, - ] - .into_iter() - .map(|x: u128| FieldElement::from(x)) - .collect(); - assert_eq!(results, Ok(expected_results)); -} - #[test] fn keccakf1600_zeros() { let results = solve_array_input_blackbox_call( @@ -1642,24 +1590,6 @@ proptest! { prop_assert!(result, "{}", message); } - #[test] - fn keccak256_injective(inputs_distinct_inputs in any_distinct_inputs(Some(8), 0, 32)) { - let (inputs, distinct_inputs) = inputs_distinct_inputs; - let (result, message) = prop_assert_injective(inputs, distinct_inputs, 32, Some(8), keccak256_op); - prop_assert!(result, "{}", message); - } - - // TODO(https://github.com/noir-lang/noir/issues/5689): doesn't fail with a user error - // The test failing with "not injective" demonstrates that it returns constant output instead - // of failing with a user error. - #[test] - #[should_panic(expected = "Test failed: not injective")] - fn keccak256_invalid_message_size_fails(inputs_distinct_inputs in any_distinct_inputs(Some(8), 0, 32)) { - let (inputs, distinct_inputs) = inputs_distinct_inputs; - let (result, message) = prop_assert_injective(inputs, distinct_inputs, 32, Some(8), keccak256_invalid_message_size_op); - prop_assert!(result, "{}", message); - } - #[test] fn keccakf1600_injective(inputs_distinct_inputs in any_distinct_inputs(Some(8), 25, 25)) { let (inputs, distinct_inputs) = inputs_distinct_inputs; diff --git a/noir/noir-repo/acvm-repo/acvm_js/src/black_box_solvers.rs b/noir/noir-repo/acvm-repo/acvm_js/src/black_box_solvers.rs index 6046d52943c4..0e35851ee788 100644 --- a/noir/noir-repo/acvm-repo/acvm_js/src/black_box_solvers.rs +++ b/noir/noir-repo/acvm-repo/acvm_js/src/black_box_solvers.rs @@ -37,12 +37,6 @@ pub fn blake2s256(inputs: &[u8]) -> Vec { acvm::blackbox_solver::blake2s(inputs).unwrap().into() } -/// Calculates the Keccak256 hash of the input bytes -#[wasm_bindgen] -pub fn keccak256(inputs: &[u8]) -> Vec { - acvm::blackbox_solver::keccak256(inputs).unwrap().into() -} - /// Verifies a ECDSA signature over the secp256k1 curve. #[wasm_bindgen] pub fn ecdsa_secp256k1_verify( diff --git a/noir/noir-repo/acvm-repo/acvm_js/src/lib.rs b/noir/noir-repo/acvm-repo/acvm_js/src/lib.rs index 8fe64afbba92..e2468e6d939e 100644 --- a/noir/noir-repo/acvm-repo/acvm_js/src/lib.rs +++ b/noir/noir-repo/acvm-repo/acvm_js/src/lib.rs @@ -17,8 +17,7 @@ mod logging; mod public_witness; pub use black_box_solvers::{ - and, blake2s256, ecdsa_secp256k1_verify, ecdsa_secp256r1_verify, keccak256, sha256_compression, - xor, + and, blake2s256, ecdsa_secp256k1_verify, ecdsa_secp256r1_verify, sha256_compression, xor, }; pub use build_info::build_info; pub use compression::{ diff --git a/noir/noir-repo/acvm-repo/acvm_js/test/browser/black_box_solvers.test.ts b/noir/noir-repo/acvm-repo/acvm_js/test/browser/black_box_solvers.test.ts index 9dc5be2c6828..b99fe9e3d880 100644 --- a/noir/noir-repo/acvm-repo/acvm_js/test/browser/black_box_solvers.test.ts +++ b/noir/noir-repo/acvm-repo/acvm_js/test/browser/black_box_solvers.test.ts @@ -4,7 +4,6 @@ import initACVM, { blake2s256, ecdsa_secp256k1_verify, ecdsa_secp256r1_verify, - keccak256, sha256_compression, xor, } from '@noir-lang/acvm_js'; @@ -51,16 +50,6 @@ it('successfully calculates the blake2s256 hash', async () => { } }); -it('successfully calculates the keccak256 hash', async () => { - const { keccak256_test_cases } = await import('../shared/black_box_solvers'); - - for (const testCase of keccak256_test_cases) { - const [preimage, expectedResult] = testCase; - const hash = keccak256(preimage); - hash.forEach((value, index) => expect(value).to.be.eq(expectedResult.at(index))); - } -}); - it('successfully verifies secp256k1 ECDSA signatures', async () => { const { ecdsa_secp256k1_test_cases } = await import('../shared/black_box_solvers'); diff --git a/noir/noir-repo/acvm-repo/acvm_js/test/node/black_box_solvers.test.ts b/noir/noir-repo/acvm-repo/acvm_js/test/node/black_box_solvers.test.ts index fc998ced5a5a..74553f6b692d 100644 --- a/noir/noir-repo/acvm-repo/acvm_js/test/node/black_box_solvers.test.ts +++ b/noir/noir-repo/acvm-repo/acvm_js/test/node/black_box_solvers.test.ts @@ -4,7 +4,6 @@ import { blake2s256, ecdsa_secp256k1_verify, ecdsa_secp256r1_verify, - keccak256, sha256_compression, xor, } from '@noir-lang/acvm_js'; @@ -47,28 +46,6 @@ it('successfully calculates the blake2s256 hash', async () => { } }); -it('successfully calculates the keccak256 hash', async () => { - const { keccak256_test_cases } = await import('../shared/black_box_solvers'); - - for (const testCase of keccak256_test_cases) { - const [preimage, expectedResult] = testCase; - const hash = keccak256(preimage); - hash.forEach((value, index) => expect(value).to.be.eq(expectedResult.at(index))); - } -}); - -// it("successfully calculates the hash_to_field_128_security field", async () => { -// const { hash_to_field_128_security_test_cases } = await import( -// "../shared/black_box_solvers" -// ); - -// for (const testCase of hash_to_field_128_security_test_cases) { -// const [preimage, expectedResult] = testCase; -// const hashField = hash_to_field_128_security(preimage); -// expect(hashField).to.be.eq(expectedResult); -// } -// }); - it('successfully verifies secp256k1 ECDSA signatures', async () => { const { ecdsa_secp256k1_test_cases } = await import('../shared/black_box_solvers'); diff --git a/noir/noir-repo/acvm-repo/blackbox_solver/Cargo.toml b/noir/noir-repo/acvm-repo/blackbox_solver/Cargo.toml index b57c9356198a..d99240c5a24a 100644 --- a/noir/noir-repo/acvm-repo/blackbox_solver/Cargo.toml +++ b/noir/noir-repo/acvm-repo/blackbox_solver/Cargo.toml @@ -23,7 +23,6 @@ num-bigint = "0.4" blake2 = "0.10.6" blake3 = "1.5.0" sha2.workspace = true -sha3.workspace = true keccak = "0.1.4" k256 = { version = "0.11.0", features = [ "ecdsa", diff --git a/noir/noir-repo/acvm-repo/blackbox_solver/src/hash.rs b/noir/noir-repo/acvm-repo/blackbox_solver/src/hash.rs index af5031174666..660a1fb0e5da 100644 --- a/noir/noir-repo/acvm-repo/blackbox_solver/src/hash.rs +++ b/noir/noir-repo/acvm-repo/blackbox_solver/src/hash.rs @@ -1,7 +1,6 @@ use acir::BlackBoxFunc; use blake2::digest::generic_array::GenericArray; use blake2::{Blake2s256, Digest}; -use sha3::Keccak256; use crate::BlackBoxResolutionError; @@ -22,11 +21,6 @@ pub fn blake3(inputs: &[u8]) -> Result<[u8; 32], BlackBoxResolutionError> { Ok(blake3::hash(inputs).into()) } -pub fn keccak256(inputs: &[u8]) -> Result<[u8; 32], BlackBoxResolutionError> { - generic_hash_256::(inputs) - .map_err(|err| BlackBoxResolutionError::Failed(BlackBoxFunc::Keccak256, err)) -} - pub fn sha256_compression(state: &mut [u32; 8], msg_blocks: &[u32; 16]) { let mut blocks = [0_u8; 64]; for (i, block) in msg_blocks.iter().enumerate() { diff --git a/noir/noir-repo/acvm-repo/blackbox_solver/src/lib.rs b/noir/noir-repo/acvm-repo/blackbox_solver/src/lib.rs index 87ca539f4355..d8f926fcb4b7 100644 --- a/noir/noir-repo/acvm-repo/blackbox_solver/src/lib.rs +++ b/noir/noir-repo/acvm-repo/blackbox_solver/src/lib.rs @@ -5,7 +5,7 @@ //! This crate provides the implementation of BlackBox functions of ACIR and Brillig. //! For functions that are backend-dependent, it provides a Trait [BlackBoxFunctionSolver] that must be implemented by the backend. -//! For functions that have a reference implementation, such as [keccak256], this crate exports the reference implementation directly. +//! For functions that have a reference implementation, such as [keccakf1600], this crate exports the reference implementation directly. use acir::BlackBoxFunc; use thiserror::Error; @@ -21,7 +21,7 @@ pub use aes128::aes128_encrypt; pub use bigint::BigIntSolver; pub use curve_specific_solver::{BlackBoxFunctionSolver, StubbedBlackBoxSolver}; pub use ecdsa::{ecdsa_secp256k1_verify, ecdsa_secp256r1_verify}; -pub use hash::{blake2s, blake3, keccak256, keccakf1600, sha256_compression}; +pub use hash::{blake2s, blake3, keccakf1600, sha256_compression}; pub use logic::{bit_and, bit_xor}; #[derive(Clone, PartialEq, Eq, Debug, Error)] diff --git a/noir/noir-repo/acvm-repo/brillig/src/black_box.rs b/noir/noir-repo/acvm-repo/brillig/src/black_box.rs index 534ef7d318ed..ee191a39b665 100644 --- a/noir/noir-repo/acvm-repo/brillig/src/black_box.rs +++ b/noir/noir-repo/acvm-repo/brillig/src/black_box.rs @@ -22,11 +22,6 @@ pub enum BlackBoxOp { message: HeapVector, output: HeapArray, }, - /// Calculates the Keccak256 hash of the inputs. - Keccak256 { - message: HeapVector, - output: HeapArray, - }, /// Keccak Permutation function of 1600 width Keccakf1600 { message: HeapVector, diff --git a/noir/noir-repo/acvm-repo/brillig_vm/src/black_box.rs b/noir/noir-repo/acvm-repo/brillig_vm/src/black_box.rs index 56f715c13a97..81fd6ee73961 100644 --- a/noir/noir-repo/acvm-repo/brillig_vm/src/black_box.rs +++ b/noir/noir-repo/acvm-repo/brillig_vm/src/black_box.rs @@ -2,8 +2,8 @@ use acir::brillig::{BlackBoxOp, HeapArray, HeapVector, IntegerBitSize}; use acir::{AcirField, BlackBoxFunc}; use acvm_blackbox_solver::BigIntSolver; use acvm_blackbox_solver::{ - aes128_encrypt, blake2s, blake3, ecdsa_secp256k1_verify, ecdsa_secp256r1_verify, keccak256, - keccakf1600, sha256_compression, BlackBoxFunctionSolver, BlackBoxResolutionError, + aes128_encrypt, blake2s, blake3, ecdsa_secp256k1_verify, ecdsa_secp256r1_verify, keccakf1600, + sha256_compression, BlackBoxFunctionSolver, BlackBoxResolutionError, }; use num_bigint::BigUint; use num_traits::Zero; @@ -77,12 +77,6 @@ pub(crate) fn evaluate_black_box memory.write_slice(memory.read_ref(output.pointer), &to_value_vec(&bytes)); Ok(()) } - BlackBoxOp::Keccak256 { message, output } => { - let message = to_u8_vec(read_heap_vector(memory, message)); - let bytes = keccak256(message.as_slice())?; - memory.write_slice(memory.read_ref(output.pointer), &to_value_vec(&bytes)); - Ok(()) - } BlackBoxOp::Keccakf1600 { message, output } => { let state_vec: Vec = read_heap_vector(memory, message) .iter() @@ -447,7 +441,6 @@ fn black_box_function_from_op(op: &BlackBoxOp) -> BlackBoxFunc { BlackBoxOp::AES128Encrypt { .. } => BlackBoxFunc::AES128Encrypt, BlackBoxOp::Blake2s { .. } => BlackBoxFunc::Blake2s, BlackBoxOp::Blake3 { .. } => BlackBoxFunc::Blake3, - BlackBoxOp::Keccak256 { .. } => BlackBoxFunc::Keccak256, BlackBoxOp::Keccakf1600 { .. } => BlackBoxFunc::Keccakf1600, BlackBoxOp::EcdsaSecp256k1 { .. } => BlackBoxFunc::EcdsaSecp256k1, BlackBoxOp::EcdsaSecp256r1 { .. } => BlackBoxFunc::EcdsaSecp256r1, diff --git a/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs b/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs index 889af07fbef8..7b936702bbe1 100644 --- a/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs +++ b/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs @@ -7,9 +7,7 @@ use acvm::{ }; use crate::brillig::brillig_ir::{ - brillig_variable::{BrilligVariable, SingleAddrVariable}, - debug_show::DebugToString, - registers::RegisterAllocator, + brillig_variable::BrilligVariable, debug_show::DebugToString, registers::RegisterAllocator, BrilligBinaryOp, BrilligContext, }; @@ -61,33 +59,6 @@ pub(crate) fn convert_black_box_call { - if let ( - [message, BrilligVariable::SingleAddr(message_size)], - [BrilligVariable::BrilligArray(result_array)], - ) = (function_arguments, function_results) - { - let message_vector = convert_array_or_vector(brillig_context, *message, bb_func); - let output_heap_array = - brillig_context.codegen_brillig_array_to_heap_array(*result_array); - - // Message_size is not usize - brillig_context.cast_instruction( - SingleAddrVariable::new_usize(message_vector.size), - *message_size, - ); - - brillig_context.black_box_op_instruction(BlackBoxOp::Keccak256 { - message: message_vector, - output: output_heap_array, - }); - - brillig_context.deallocate_heap_vector(message_vector); - brillig_context.deallocate_heap_array(output_heap_array); - } else { - unreachable!("ICE: Keccak256 expects message, message size and result array") - } - } BlackBoxFunc::Keccakf1600 => { if let ([message], [BrilligVariable::BrilligArray(result_array)]) = (function_arguments, function_results) diff --git a/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_ir/debug_show.rs b/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_ir/debug_show.rs index 5750a8ff036d..83eb7b5b31a9 100644 --- a/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_ir/debug_show.rs +++ b/noir/noir-repo/compiler/noirc_evaluator/src/brillig/brillig_ir/debug_show.rs @@ -270,9 +270,6 @@ impl DebugShow { outputs ); } - BlackBoxOp::Keccak256 { message, output } => { - debug_println!(self.enable_debug_trace, " KECCAK256 {} -> {}", message, output); - } BlackBoxOp::Keccakf1600 { message, output } => { debug_println!(self.enable_debug_trace, " KECCAKF1600 {} -> {}", message, output); } diff --git a/noir/noir-repo/compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/generated_acir.rs b/noir/noir-repo/compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/generated_acir.rs index 21d4dfb60b87..6000edf4bc4d 100644 --- a/noir/noir-repo/compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/generated_acir.rs +++ b/noir/noir-repo/compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/generated_acir.rs @@ -294,9 +294,6 @@ impl GeneratedAcir { input2: Box::new([inputs[3][0], inputs[4][0], inputs[5][0]]), outputs: (outputs[0], outputs[1], outputs[2]), }, - BlackBoxFunc::Keccak256 => { - unreachable!("unexpected BlackBox {}", func_name.to_string()) - } BlackBoxFunc::Keccakf1600 => BlackBoxFuncCall::Keccakf1600 { inputs: inputs[0] .clone() @@ -475,7 +472,7 @@ impl GeneratedAcir { /// /// This equation however falls short when `t != 0` because then `t` /// may not be `1`. If `t` is non-zero, then `y` is also non-zero due to - /// `y == 1 - t` and the equation `y * t == 0` fails. + /// `y == 1 - t` and the equation `y * t == 0` fails. /// /// To fix, we introduce another free variable called `z` and apply the following /// constraint instead: `y == 1 - t * z`. @@ -485,7 +482,7 @@ impl GeneratedAcir { /// /// We now arrive at the conclusion that when `t == 0`, `y` is `1` and when /// `t != 0`, then `y` is `0`. - /// + /// /// Bringing it all together, We introduce two variables `y` and `z`, /// With the following equations: /// - `y == 1 - tz` (`z` is a value that is chosen to be the inverse of `t` by the prover) @@ -644,7 +641,6 @@ fn black_box_func_expected_input_size(name: BlackBoxFunc) -> Option { // All of the hash/cipher methods will take in a // variable number of inputs. BlackBoxFunc::AES128Encrypt - | BlackBoxFunc::Keccak256 | BlackBoxFunc::Blake2s | BlackBoxFunc::Blake3 | BlackBoxFunc::PedersenCommitment @@ -696,7 +692,7 @@ fn black_box_expected_output_size(name: BlackBoxFunc) -> Option { BlackBoxFunc::AND | BlackBoxFunc::XOR => Some(1), // 32 byte hash algorithms - BlackBoxFunc::Keccak256 | BlackBoxFunc::Blake2s | BlackBoxFunc::Blake3 => Some(32), + BlackBoxFunc::Blake2s | BlackBoxFunc::Blake3 => Some(32), BlackBoxFunc::Keccakf1600 => Some(25), // The permutation returns a fixed number of outputs, equals to the inputs length which depends on the proving system implementation. diff --git a/noir/noir-repo/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs b/noir/noir-repo/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs index 3068f2b5c37f..dbfa12b7f5e3 100644 --- a/noir/noir-repo/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs +++ b/noir/noir-repo/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs @@ -517,9 +517,6 @@ fn simplify_black_box_func( SimplifyResult::None } } - BlackBoxFunc::Keccak256 => { - unreachable!("Keccak256 should have been replaced by calls to Keccakf1600") - } BlackBoxFunc::Poseidon2Permutation => { blackbox::simplify_poseidon2_permutation(dfg, solver, arguments) } diff --git a/noir/noir-repo/tooling/noir_js/src/index.ts b/noir/noir-repo/tooling/noir_js/src/index.ts index f3016efd032a..ed0999a960c6 100644 --- a/noir/noir-repo/tooling/noir_js/src/index.ts +++ b/noir/noir-repo/tooling/noir_js/src/index.ts @@ -2,7 +2,7 @@ import * as acvm from '@noir-lang/acvm_js'; import * as abi from '@noir-lang/noirc_abi'; import { CompiledCircuit } from '@noir-lang/types'; -export { ecdsa_secp256r1_verify, ecdsa_secp256k1_verify, keccak256, blake2s256, xor, and } from '@noir-lang/acvm_js'; +export { ecdsa_secp256r1_verify, ecdsa_secp256k1_verify, blake2s256, xor, and } from '@noir-lang/acvm_js'; export { InputMap } from '@noir-lang/noirc_abi'; export { WitnessMap, ForeignCallHandler, ForeignCallInput, ForeignCallOutput } from '@noir-lang/acvm_js'; diff --git a/noir/noir-repo/tooling/profiler/src/opcode_formatter.rs b/noir/noir-repo/tooling/profiler/src/opcode_formatter.rs index f367360b189d..6f106d5de3e9 100644 --- a/noir/noir-repo/tooling/profiler/src/opcode_formatter.rs +++ b/noir/noir-repo/tooling/profiler/src/opcode_formatter.rs @@ -23,7 +23,6 @@ fn format_blackbox_function(call: &BlackBoxFuncCall) -> String { BlackBoxFuncCall::EcdsaSecp256r1 { .. } => "ecdsa_secp256r1".to_string(), BlackBoxFuncCall::MultiScalarMul { .. } => "multi_scalar_mul".to_string(), BlackBoxFuncCall::EmbeddedCurveAdd { .. } => "embedded_curve_add".to_string(), - BlackBoxFuncCall::Keccak256 { .. } => "keccak256".to_string(), BlackBoxFuncCall::Keccakf1600 { .. } => "keccakf1600".to_string(), BlackBoxFuncCall::RecursiveAggregation { .. } => "recursive_aggregation".to_string(), BlackBoxFuncCall::BigIntAdd { .. } => "big_int_add".to_string(), @@ -49,7 +48,6 @@ fn format_blackbox_op(call: &BlackBoxOp) -> String { BlackBoxOp::EcdsaSecp256r1 { .. } => "ecdsa_secp256r1".to_string(), BlackBoxOp::MultiScalarMul { .. } => "multi_scalar_mul".to_string(), BlackBoxOp::EmbeddedCurveAdd { .. } => "embedded_curve_add".to_string(), - BlackBoxOp::Keccak256 { .. } => "keccak256".to_string(), BlackBoxOp::Keccakf1600 { .. } => "keccakf1600".to_string(), BlackBoxOp::BigIntAdd { .. } => "big_int_add".to_string(), BlackBoxOp::BigIntSub { .. } => "big_int_sub".to_string(), diff --git a/yarn-project/yarn.lock b/yarn-project/yarn.lock index 63efcfd82108..e65a156214b6 100644 --- a/yarn-project/yarn.lock +++ b/yarn-project/yarn.lock @@ -3387,12 +3387,11 @@ __metadata: "@noir-lang/noir_js@file:../noir/packages/noir_js::locator=%40aztec%2Faztec3-packages%40workspace%3A.": version: 0.35.0 - resolution: "@noir-lang/noir_js@file:../noir/packages/noir_js#../noir/packages/noir_js::hash=c3f372&locator=%40aztec%2Faztec3-packages%40workspace%3A." + resolution: "@noir-lang/noir_js@file:../noir/packages/noir_js#../noir/packages/noir_js::hash=518513&locator=%40aztec%2Faztec3-packages%40workspace%3A." dependencies: "@noir-lang/acvm_js": 0.51.0 "@noir-lang/noirc_abi": 0.35.0 "@noir-lang/types": 0.35.0 - checksum: fd290b2f240bc9d24a00ac341972ea7c2742d0089170e343bef7775f88494bf6ba8f779e1034b8e44939c5ea0a9375afa2c35497ef5e60ea93508919b29b30a7 languageName: node linkType: hard