Skip to content

DSL: Add valid verifier dummy data for ecdsa #438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kevaundray merged 8 commits into from
May 11, 2023
Merged

DSL: Add valid verifier dummy data for ecdsa #438

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
a2c4060
Add way to make verifiers data valid by replacing zeroes with valid p…
kevaundray May 10, 2023
6742057
Update cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp
kevaundray May 11, 2023
160559c
replace templates with concrete methods
kevaundray May 11, 2023
cbe0140
add comment
kevaundray May 11, 2023
a27c87a
PR review
kevaundray May 11, 2023
64d3d00
add comments
kevaundray May 11, 2023
abfa269
change to use boolean flag, so dummy_ecdsa method lives in ecdsa
kevaundray May 11, 2023
5d19d8c
ad true as default
kevaundray May 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions cpp/src/barretenberg/dsl/acir_format/acir_format.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,7 @@ Composer create_circuit_with_witness(const acir_format& constraint_system,

// Add ECDSA constraints
for (const auto& constraint : constraint_system.ecdsa_constraints) {
create_ecdsa_verify_constraints(composer, constraint);
create_ecdsa_verify_constraints<true>(composer, constraint);
}

// Add blake2s constraints
Expand Down Expand Up @@ -320,7 +320,7 @@ Composer create_circuit_with_witness(const acir_format& constraint_system, std::

// Add ECDSA constraints
for (const auto& constraint : constraint_system.ecdsa_constraints) {
create_ecdsa_verify_constraints(composer, constraint);
create_ecdsa_verify_constraints<true>(composer, constraint);
}

// Add blake2s constraints
Expand Down Expand Up @@ -404,7 +404,7 @@ void create_circuit_with_witness(Composer& composer, const acir_format& constrai

// Add ECDSA constraints
for (const auto& constraint : constraint_system.ecdsa_constraints) {
create_ecdsa_verify_constraints(composer, constraint);
create_ecdsa_verify_constraints<true>(composer, constraint);
}

// Add blake2s constraints
Expand Down
52 changes: 51 additions & 1 deletion cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
namespace acir_format {

using namespace proof_system::plonk;
using curve = proof_system::plonk::stdlib::secp256k1<acir_format::Composer>;
Comment thread
kevaundray marked this conversation as resolved.
Outdated

crypto::ecdsa::signature ecdsa_convert_signature(Composer& composer, std::vector<uint32_t> signature)
{
Expand Down Expand Up @@ -84,9 +85,56 @@ witness_ct ecdsa_index_to_witness(Composer& composer, uint32_t index)
return { &composer, value };
}

template <bool has_witness>
void create_ecdsa_verify_constraints(Composer& composer, const EcdsaSecp256k1Constraint& input)
{

{
std::vector<uint32_t> pub_x_indices_;
std::vector<uint32_t> pub_y_indices_;
std::vector<uint32_t> signature_;
signature_.resize(64);
if constexpr (has_witness) {
for (size_t i = 0; i < 32; ++i) {
uint32_t x_wit = composer.add_variable(composer.get_variable(input.pub_x_indices[i]));
uint32_t y_wit = composer.add_variable(composer.get_variable(input.pub_y_indices[i]));
uint32_t r_wit = composer.add_variable(composer.get_variable(input.signature[i]));
uint32_t s_wit = composer.add_variable(composer.get_variable(input.signature[i + 32]));
pub_x_indices_.emplace_back(x_wit);
pub_y_indices_.emplace_back(y_wit);
signature_[i] = r_wit;
signature_[i + 32] = s_wit;
}
} else {
crypto::ecdsa::key_pair<curve::fr, curve::g1> account;
account.private_key = 10;
account.public_key = curve::g1::one * account.private_key;
uint256_t pub_x_value = account.public_key.x;
uint256_t pub_y_value = account.public_key.y;
std::string message_string = "Instructions unclear, ask again later.";
crypto::ecdsa::signature signature =
crypto::ecdsa::construct_signature<Sha256Hasher, curve::fq, curve::fr, curve::g1>(message_string,
account);
for (size_t i = 0; i < 32; ++i) {
uint32_t x_wit = composer.add_variable(pub_x_value.slice(248 - i * 8, 256 - i * 8));
uint32_t y_wit = composer.add_variable(pub_y_value.slice(248 - i * 8, 256 - i * 8));
uint32_t r_wit = composer.add_variable(signature.r[i]);
uint32_t s_wit = composer.add_variable(signature.s[i]);
pub_x_indices_.emplace_back(x_wit);
pub_y_indices_.emplace_back(y_wit);
signature_[i] = r_wit;
signature_[i + 32] = s_wit;
}
}
for (size_t i = 0; i < input.pub_x_indices.size(); ++i) {
composer.assert_equal(pub_x_indices_[i], input.pub_x_indices[i]);
}
for (size_t i = 0; i < input.pub_y_indices.size(); ++i) {
composer.assert_equal(pub_y_indices_[i], input.pub_y_indices[i]);
}
for (size_t i = 0; i < input.signature.size(); ++i) {
composer.assert_equal(signature_[i], input.signature[i]);
}
}
auto new_sig = ecdsa_convert_signature(composer, input.signature);

auto message = ecdsa_vector_of_bytes_to_byte_array(composer, input.hashed_message);
Expand Down Expand Up @@ -126,5 +174,7 @@ void create_ecdsa_verify_constraints(Composer& composer, const EcdsaSecp256k1Con
bool_ct signature_result_normalized = signature_result.normalize();
composer.assert_equal(signature_result_normalized.witness_index, input.result);
}
template void create_ecdsa_verify_constraints<true>(Composer& composer, const EcdsaSecp256k1Constraint& input);
template void create_ecdsa_verify_constraints<false>(Composer& composer, const EcdsaSecp256k1Constraint& input);

} // namespace acir_format
4 changes: 4 additions & 0 deletions cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,12 @@ struct EcdsaSecp256k1Constraint {
friend bool operator==(EcdsaSecp256k1Constraint const& lhs, EcdsaSecp256k1Constraint const& rhs) = default;
};

template <bool has_witness = false>
void create_ecdsa_verify_constraints(Composer& composer, const EcdsaSecp256k1Constraint& input);

extern template void create_ecdsa_verify_constraints<true>(Composer& composer, const EcdsaSecp256k1Constraint& input);
extern template void create_ecdsa_verify_constraints<false>(Composer& composer, const EcdsaSecp256k1Constraint& input);

template <typename B> inline void read(B& buf, EcdsaSecp256k1Constraint& constraint)
{
using serialize::read;
Expand Down
26 changes: 26 additions & 0 deletions cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ size_t generate_ecdsa_constraint(acir_format::EcdsaSecp256k1Constraint& ecdsa_co
const auto byte = static_cast<uint8_t>(hashed_message[i]);
witness_values.emplace_back(byte);
}
std::cout << message_in.size() << std::endl;
Comment thread
kevaundray marked this conversation as resolved.
Outdated
offset += message_in.size();

for (size_t i = 0; i < 32; ++i) {
Expand Down Expand Up @@ -110,6 +111,31 @@ TEST(ECDSASecp256k1, TestECDSAConstraintSucceed)
EXPECT_EQ(verifier.verify_proof(proof), true);
}

TEST(ECDSASecp256k1, TestECDSAConstraintSucceedSeparate)
{
acir_format::EcdsaSecp256k1Constraint ecdsa_constraint;
std::vector<fr> witness_values;
size_t num_variables = generate_ecdsa_constraint(ecdsa_constraint, witness_values);
acir_format::acir_format constraint_system{
.varnum = static_cast<uint32_t>(num_variables),
.public_inputs = {},
.fixed_base_scalar_mul_constraints = {},
.logic_constraints = {},
.range_constraints = {},
.schnorr_constraints = {},
.ecdsa_constraints = { ecdsa_constraint },
.sha256_constraints = {},
.blake2s_constraints = {},
.keccak_constraints = {},
.hash_to_field_constraints = {},
.pedersen_constraints = {},
.compute_merkle_root_constraints = {},
.constraints = {},
};
auto crs_factory = std::make_unique<proof_system::ReferenceStringFactory>();
auto composer = create_circuit(constraint_system, std::move(crs_factory));
Comment thread
kevaundray marked this conversation as resolved.
}

TEST(ECDSASecp256k1, TestECDSAConstraintFail)
{
acir_format::EcdsaSecp256k1Constraint ecdsa_constraint;
Expand Down