From c3f8b6372c3950ff63d9c7152c40e01fc8d1f63d Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Wed, 31 May 2023 17:42:50 +0200 Subject: [PATCH 01/21] Epoxy-tx: slow regressions --- src/lib_epoxy_tx/test/test-slow.expected | 152 +++++++++++------------ 1 file changed, 76 insertions(+), 76 deletions(-) diff --git a/src/lib_epoxy_tx/test/test-slow.expected b/src/lib_epoxy_tx/test/test-slow.expected index 60d5b28d3529..5410bcb42c83 100644 --- a/src/lib_epoxy_tx/test/test-slow.expected +++ b/src/lib_epoxy_tx/test/test-slow.expected @@ -2,203 +2,203 @@ RandomTx.make_rollup: Constraints: 3760 RandomTx.make_rollup_optimized: -Constraints: 1423 +Constraints: 1400 RandomTx.make_rollup: Constraints: 3760 RandomTx.make_rollup_optimized: -Constraints: 1423 +Constraints: 1400 RandomTx.make_rollup: -Proof size: 3.13 KB -Proof hash: ca463881d200d11f6bc5b9b4f15294e574cbe4c90ec87bb5aeae7980076d28ba -Prover_pp hash: 254882a724a1a5dfabb52c42375d960391f8be276d075c5369af5b1e2ee8cfa5 -Verifier_pp hash: 130756b55cb16714615228a08a2c6c494d4b15228a6023f1a4cb75f56619980c +Proof size: 3.56 KB +Proof hash: 172b62e47a53b850d48725b2d386d235d123c194d73b64a14210daff7f939eea +Prover_pp hash: b3dc6389e431a1083781a0feae20a4058cace0a29c9da0a0b7ef8117c706acaf +Verifier_pp hash: ec78f151ff31ceb5674cac29f11cb376b1cf91fe5abbc1c747735f816bb365a7 insufficient balance: amount > bal: Constraints: 3760 insufficient balance: amount > bal_optimized: -Constraints: 1423 +Constraints: 1400 insufficient balance: amount + fee > bal: Constraints: 3760 insufficient balance: amount + fee > bal_optimized: -Constraints: 1423 +Constraints: 1400 invalid dst: Constraints: 3760 invalid dst_optimized: -Constraints: 1423 +Constraints: 1400 invalid src: Constraints: 3760 invalid src_optimized: -Constraints: 1423 +Constraints: 1400 replay: Constraints: 3760 replay_optimized: -Constraints: 1423 +Constraints: 1400 balance out of bounds 1: Constraints: 3760 balance out of bounds 1_optimized: -Constraints: 1423 +Constraints: 1400 invalid signature: bad msg: Constraints: 3760 invalid signature: bad msg_optimized: -Constraints: 1423 +Constraints: 1400 invalid signature: bad sk: Constraints: 3760 invalid signature: bad sk_optimized: -Constraints: 1423 +Constraints: 1400 invalid signature: not on curve: Constraints: 3760 invalid signature: not on curve_optimized: -Constraints: 1423 +Constraints: 1400 insufficient balance: amount > bal: Constraints: 3760 insufficient balance: amount > bal_optimized: -Constraints: 1423 +Constraints: 1400 insufficient balance: amount > bal: -Proof size: 3.71 KB -Proof hash: 707fa203fab59a164b9011ae059c19e5e6d4e94d71f393a5583b87d223aeb832 -Prover_pp hash: 53db01b2215ff322a1f2d51a9ef7745d796463b3598cdc2a6fc665ab174dcffa -Verifier_pp hash: dea786762d596e0a7e2329644647c755744b905c9a862850dd9f8eb4a0a314ca +Proof size: 4.23 KB +Proof hash: f771865dcb2601ce6e16547aee9c251baa6fd25b2fce5e9beea58de6089b8783 +Prover_pp hash: c492e2e27467eab63a9f74dd9be8196c447215c843c2c987b20a36f8711e7b09 +Verifier_pp hash: 4ec92e2102da26ecae2fcd78216b4aba08feee9b8b45bb30f2f7d3aedc2eabbc insufficient balance: amount + fee > bal: Constraints: 3760 insufficient balance: amount + fee > bal_optimized: -Constraints: 1423 +Constraints: 1400 insufficient balance: amount + fee > bal: -Proof size: 3.97 KB -Proof hash: 71870b8bbd5cdf6a7aebcd2f86a8fddfaee48da64c849b355f320911efa22522 -Prover_pp hash: 26bba0518bc2429805f3cf1b3d1b00b262c760112265fd8b6b0c6129e60ca560 -Verifier_pp hash: 72f1c27fcd97b6823804ac43e99a2a2e53804c497d13c4f0a0afb06804490706 +Proof size: 4.52 KB +Proof hash: 87747f2e94b61c2d77286da56b721abbd3da135041c35313a567958a21643a4b +Prover_pp hash: 42753e51be02ed3cf3d104a4bc03b21ba4e07a9f6b02f8de3d02974d8887b3cd +Verifier_pp hash: 9264198716df5d44425bd06df5e3c7d34446c97e8cadab8e1c3b45d0ba8f5fa9 invalid dst: Constraints: 3760 invalid dst_optimized: -Constraints: 1423 +Constraints: 1400 invalid dst: -Proof size: 2.75 KB -Proof hash: 2a19a16f61f938c4e2a544f4643c8baf6e6b4c3d3060fc4a1f2dce27f781f6f6 -Prover_pp hash: 601c76b2c454878fb567ada1f4ec0055302b3b0dafb973bf176cfa58402e1d8e -Verifier_pp hash: 16b49d55945280cd35610575348f10f63ee5f1f922730c64639cd7bd2c615df6 +Proof size: 3.13 KB +Proof hash: 55b10a299baa449da7dba412705bf26a754b53d4ef72080eacebe00a98758344 +Prover_pp hash: fac2b0fa7231b22288168b17a57adb1193b0bd7b9cf7e2094d7b66e38472540f +Verifier_pp hash: 826e313532063d525853775f6f5d90be04ef85b54536fe6c8c8c3eedbdfd6f1c invalid src: Constraints: 3760 invalid src_optimized: -Constraints: 1423 +Constraints: 1400 invalid src: -Proof size: 2.75 KB -Proof hash: b605890a6ce49e09e90c9298359414be586f9a41af0c790d05ce1f5a94e47d87 -Prover_pp hash: bd81591ae287ba09e9090c37cd7875830466589890a40f5cdcf0602380b8df42 -Verifier_pp hash: 9d498379c6e73920534d339793cc3f718c62b312bec31725d54d0fbe37a56a7e +Proof size: 3.13 KB +Proof hash: 7b22a2bc36c30d6006d55c290453fbb8b8b8e9e9fda9edaa749b4627a742e394 +Prover_pp hash: 972075d8610f29a9a17e73334a08fa0b9a62159666b4e1c1b4ab363f317524b2 +Verifier_pp hash: 49f3c094209c080c1a2e1c1aa08b153ecdcdd9b33a85bd757898f4fe950d9c88 replay: Constraints: 3760 replay_optimized: -Constraints: 1423 +Constraints: 1400 replay: -Proof size: 2.54 KB -Proof hash: a2e68d2417c26fc59c6ad5abd3329b6fc808f5ed791a2c2a75e865e70573d214 -Prover_pp hash: 314e08f2887c6d8d5aa82b4d9e05eb55b246e72a1630841816f6c1121dbd0b03 -Verifier_pp hash: ac6cdc4825081c331f341cae9fe980db06b936cc4b698de15e04a70e4ca2e232 +Proof size: 2.89 KB +Proof hash: 6c09c9ddcd63130f5293b38bc83c4acd7e366c7a6e07583ba1cdb1c5ef65ac40 +Prover_pp hash: d9dd03a16bef231d5de2687e38d38a2cddd58cc3e8ceb9c473e068ecd14b550d +Verifier_pp hash: 19c4752c11e50bd4a17a29e516c53bcd410ccbf18268d10d14d5e3791e14c214 balance out of bounds 1: Constraints: 3760 balance out of bounds 1_optimized: -Constraints: 1423 +Constraints: 1400 balance out of bounds 1: -Proof size: 3.25 KB -Proof hash: 18b2ec09204fe13aa26fa3f76e6c22682d8b72074fd739c0b032bdd4fccf465c -Prover_pp hash: a238ce464a901050f8e7cc137375421229374ff903b5502c465fced1a7a2ccf4 -Verifier_pp hash: b75aa485eb7e48f5258c70e581246cad2bb7ab106e2e9431074725a870cba9c0 +Proof size: 3.71 KB +Proof hash: feee26dea346975562a7562475c4e6533ce1bae1aaa59bdbcae5b3e64e75bc0c +Prover_pp hash: 19db0c71fe3d8c1ed9cd6486db1b7c639f049acc09f83e79d28b2c8d442d30ca +Verifier_pp hash: cd2235680a87598b7ccee7e28777458f6dc12b94e9db998d01bb54a3d894da26 invalid signature: bad msg: Constraints: 3760 invalid signature: bad msg_optimized: -Constraints: 1423 +Constraints: 1400 invalid signature: bad msg: -Proof size: 3.38 KB -Proof hash: 32b526dcbf1f74ece4f397d84d02945f13e9226f8d7d6270bf8f72345c6b3b39 -Prover_pp hash: aeeac370e721a83c126ec661fcc837bcaa71fa918dea481e7d94511877ebc7df -Verifier_pp hash: c14aac1821b9ca4c0c6c1bbde1f6a7f1e34b5bcd7ca8fa23485584551511e814 +Proof size: 3.85 KB +Proof hash: ed79a6f0a9c1117b8d7a7b0ad234d488fa439dee6582955325840d341a26efd3 +Prover_pp hash: a00e4a0b713d8f8b1bceb584cc56d98362a43e915ba035b028888053009980cb +Verifier_pp hash: a4b328620821492da2811ef9e911fd8c8cc59173e3b18eb38de5c8f50df05d93 invalid signature: bad sk: Constraints: 3760 invalid signature: bad sk_optimized: -Constraints: 1423 +Constraints: 1400 invalid signature: bad sk: -Proof size: 3.34 KB -Proof hash: 9c2fa7ee974b3f29bf93457a9608db62146d894f9681225dbf307088ac00b7f2 -Prover_pp hash: 86b9c49eff7b9a12c87928141b1677a78f4655a6ca5b40fedbb16ae377707cc3 -Verifier_pp hash: 2b780182467b766302b5bd12225487d44e2774471ead6847e8b88614c0bbea7c +Proof size: 3.80 KB +Proof hash: 348c4f142fe9b31d40dc063b76d6cdea1a435376d1018b6edfdeaef9ea123d03 +Prover_pp hash: 66379d9f00e2861efe426f85f989be27b1a0abc6133e0a15dfffde1570e94a57 +Verifier_pp hash: 7e03954b6ad9f93f800376d72af36a0cbb3efbd6a0c4b89aeee282191e1fb756 invalid signature: not on curve: Constraints: 3760 invalid signature: not on curve_optimized: -Constraints: 1423 +Constraints: 1400 invalid signature: not on curve: -Proof size: 3.59 KB -Proof hash: 19d9aeb1b1404eb6f60b75dfe34154deeea9721197f34daa23efe6ea12eb81f1 -Prover_pp hash: b285cf5a2af3148680a51e5b8acdc82266065e9c27078a9fd48334711ef24daa -Verifier_pp hash: 444896fb75ac99f3d0f70fa53601924ce66eee447163214a12770ff3b151a853 +Proof size: 4.09 KB +Proof hash: 7995a3821dbb3bdc583e0439c62992c941cb6afb55c6afa0aa171a112c93ea52 +Prover_pp hash: 54fc1c8af1a1e25337556aedaf3c06662abcfb5f1b28804d87167ef23aa04d8c +Verifier_pp hash: 6b5cd79a1dc303c2b2caec7d10a46049e3e2f390fb861e61b85c419428920a9b benchmark: -Proof size: 4.61 KB -Proof hash: e121544533111c7b44140b5019dd62860e8663745fadf04d13184be865f90140 -Prover_pp hash: 5efee91cb2e45cdb17e3be39785c24082fec9fcfa30f6b13fb2bbd22f3d86a70 -Verifier_pp hash: 7ed32e56ee49e190ec37c21056be1b3c287814d08fa543a8c456e701270e7a18 +Proof size: 5.39 KB +Proof hash: 39a8009fa8221364e33937add69bfe8f610cb3b1eda224677825f8f1eecdcf79 +Prover_pp hash: d566b0d3e7f26f8ebbe08b35bef6a504f76ba3606979cc583397aecbad0edf1f +Verifier_pp hash: 32d2dd2c3bf8878c65125f30c92bde95a3edef80a61291ea5a9adb2bf694b409 benchmark: -Proof size: 4.61 KB -Proof hash: da68541b5692398eb22f057e0dc6186d8225ae4cc5c90031cee9981602d3991c -Prover_pp hash: 5efee91cb2e45cdb17e3be39785c24082fec9fcfa30f6b13fb2bbd22f3d86a70 -Verifier_pp hash: 7ed32e56ee49e190ec37c21056be1b3c287814d08fa543a8c456e701270e7a18 +Proof size: 5.39 KB +Proof hash: 77205f16cb96ad88eb69a97fe63889ca2abd3d35b4c26d3b4b6fd43dbb8ea092 +Prover_pp hash: d566b0d3e7f26f8ebbe08b35bef6a504f76ba3606979cc583397aecbad0edf1f +Verifier_pp hash: 32d2dd2c3bf8878c65125f30c92bde95a3edef80a61291ea5a9adb2bf694b409 benchmark_meta: -Proof size: 10.90 KB -Proof hash: 8cb05e77aea1941d06d78d17cc4b10f09f4c498f7b1a51c20d6209e808774561 -Prover_pp hash: c6a93a7cfca723d18b703412998f40d1d36b6f8d0ed695ff7c776532533138cf -Verifier_pp hash: 38c3360669a1be23e32e4de333ca325c74ab720108cd504fe5fd5969953c643f +Proof size: 11.18 KB +Proof hash: d4b15aecf8d3a03f6c0edc75cc6a248b20974daeaddd7ce3ee8c254fa59011ed +Prover_pp hash: 1489086479a61dcc724d47b7f9d432bff688f5b4da3f89d8037403cc061671c3 +Verifier_pp hash: 162ffcce8cb38ee79ec2c83f894960c5afc17218ae1f9e96044dded3aaab7175 benchmark_meta: -Proof size: 10.90 KB -Proof hash: 207064f62f1e46182f21cb2fa4718f4d83ce7c4a9487b5f7de7c2c616f9bb106 -Prover_pp hash: c6a93a7cfca723d18b703412998f40d1d36b6f8d0ed695ff7c776532533138cf -Verifier_pp hash: 38c3360669a1be23e32e4de333ca325c74ab720108cd504fe5fd5969953c643f +Proof size: 11.18 KB +Proof hash: a4817531fe99b5fec3d9069c8f4da0662d50a7baca98a169843e749a12a01d6f +Prover_pp hash: 1489086479a61dcc724d47b7f9d432bff688f5b4da3f89d8037403cc061671c3 +Verifier_pp hash: 162ffcce8cb38ee79ec2c83f894960c5afc17218ae1f9e96044dded3aaab7175 -- GitLab From 1144e5f7839af13baacd081aade7322ce2a13feb Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Wed, 24 May 2023 15:33:23 +0200 Subject: [PATCH 02/21] Plompiler: slightly better error handling --- src/lib_plompiler/circuit.ml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/lib_plompiler/circuit.ml b/src/lib_plompiler/circuit.ml index 96cfbbe00e4a..9ec3026920a7 100644 --- a/src/lib_plompiler/circuit.ml +++ b/src/lib_plompiler/circuit.ml @@ -141,7 +141,13 @@ let rec iterM f l = let* _ = f x in iterM f xs -let iter2M f ls rs = iterM (fun (a, b) -> f a b) (List.combine ls rs) +let iter2M f ls rs = + let lrs = + try List.combine ls rs + with Invalid_argument _ -> + failwith "iter2M: inputs are of different length" + in + iterM (fun (a, b) -> f a b) lrs let with_bool_check : bool repr t -> unit repr t = fun c s -> -- GitLab From 0ed4bfa979fbc6c26d28e8332bf85df2844efaf5 Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Tue, 30 May 2023 21:57:19 +0200 Subject: [PATCH 03/21] Plompiler: rename Bool.constant_bool Bool.constant --- src/lib_aplonk/circuit.ml | 2 +- src/lib_aplonk/pi_parameters.ml | 4 ++-- src/lib_plompiler/circuit.ml | 8 ++++---- src/lib_plompiler/gadget_blake2s.ml | 2 +- src/lib_plompiler/gadget_edwards.ml | 4 ++-- src/lib_plompiler/gadget_weierstrass.ml | 2 +- src/lib_plompiler/lang_core.ml | 2 +- src/lib_plompiler/lang_stdlib.ml | 8 +------- src/lib_plompiler/result.ml | 2 +- 9 files changed, 14 insertions(+), 20 deletions(-) diff --git a/src/lib_aplonk/circuit.ml b/src/lib_aplonk/circuit.ml index 0c38cb49c473..635306654650 100644 --- a/src/lib_aplonk/circuit.ml +++ b/src/lib_aplonk/circuit.ml @@ -350,7 +350,7 @@ module V (Main : Aggregation.Main_protocol.S) = struct let zg_rc, wires_g = split_rc_wires nb_rc wires_g in let z_rc, wires = split_rc_wires nb_rc wires in (* precompute some constant *) - let* t = Bool.constant_bool true in + let* t = Bool.constant true in let* zs = compute_zs x n in let* l1 = compute_l1 x zs n generator in (* split the arith selectors & other selectors in two lists *) diff --git a/src/lib_aplonk/pi_parameters.ml b/src/lib_aplonk/pi_parameters.ml index 9d35320dd92c..5874cf72ca64 100644 --- a/src/lib_aplonk/pi_parameters.ml +++ b/src/lib_aplonk/pi_parameters.ml @@ -34,7 +34,7 @@ module No_public_input : CircuitPI = struct let nb_outer = 0 - let check ~switches:_ ~outer:_ ~inner:_ = L.Bool.constant_bool true + let check ~switches:_ ~outer:_ ~inner:_ = L.Bool.constant true let outer_of_inner _ = [] end @@ -44,7 +44,7 @@ module One_public_input : CircuitPI = struct let nb_outer = 0 - let check ~switches:_ ~outer:_ ~inner:_ = L.Bool.constant_bool true + let check ~switches:_ ~outer:_ ~inner:_ = L.Bool.constant true let outer_of_inner _ = [] end diff --git a/src/lib_plompiler/circuit.ml b/src/lib_plompiler/circuit.ml index 9ec3026920a7..e6565a8b28b2 100644 --- a/src/lib_plompiler/circuit.ml +++ b/src/lib_plompiler/circuit.ml @@ -681,7 +681,7 @@ end module Bool = struct include Num - let constant_bool : bool -> bool repr t = + let constant : bool -> bool repr t = fun b -> let s = if b then S.one else S.zero in let* (Scalar s) = constant_scalar s in @@ -828,7 +828,7 @@ module Bool = struct with_label ~label:"Bool.band_list" @@ match l with - | [] -> constant_bool true + | [] -> constant true | hd :: tl -> let* sum = foldM Num.add (scalar_of_bool hd) (List.map scalar_of_bool tl) @@ -863,7 +863,7 @@ let equal : type a. a repr -> a repr -> bool repr t = let open Bool in let open Num in match (a, b) with - | Unit, Unit -> constant_bool true + | Unit, Unit -> Bool.constant true | Bool a, Bool b -> let* s = sub (Scalar a) (Scalar b) in is_zero s @@ -876,7 +876,7 @@ let equal : type a. a repr -> a repr -> bool repr t = band le re | List ls, List rs -> let lrs = List.map2 pair ls rs in - let* acc = constant_bool true in + let* acc = Bool.constant true in foldM (fun acc (Pair (l, r)) -> let* e = aux l r in diff --git a/src/lib_plompiler/gadget_blake2s.ml b/src/lib_plompiler/gadget_blake2s.ml index 9d7b16d3d3ee..01646f4db22f 100644 --- a/src/lib_plompiler/gadget_blake2s.ml +++ b/src/lib_plompiler/gadget_blake2s.ml @@ -191,7 +191,7 @@ functor ] in let h = Array.of_list (List.rev h) in - let* z = constant_bool false in + let* z = Bool.constant false in let rec loop (blocks, acc_block, acc_u32) (nblock, nu32) rest = let blocks, acc_block, acc_u32, nblock, nu32 = diff --git a/src/lib_plompiler/gadget_edwards.ml b/src/lib_plompiler/gadget_edwards.ml index 687ae0e7941e..64c92d62388a 100644 --- a/src/lib_plompiler/gadget_edwards.ml +++ b/src/lib_plompiler/gadget_edwards.ml @@ -117,7 +117,7 @@ functor ret @@ pair u v let scalar_mul s p = - let* one = Bool.constant_bool true in + let* one = Bool.constant true in with_label ~label:"Edwards.scalar_mul" @@ let rev_s = List.rev (of_list s) in @@ -133,7 +133,7 @@ functor - ls: [[s_11; ...; s_1m]; ...; [s_n1; ...; s_nm]] - lp: [p1; ...; pn] *) let multi_scalar_mul ls lp = - let* one = Bool.constant_bool true in + let* one = Bool.constant true in with_label ~label:"Edwards.multi_scalar_mul" @@ (* Check we apply Shamir's trick on at least 2 points *) diff --git a/src/lib_plompiler/gadget_weierstrass.ml b/src/lib_plompiler/gadget_weierstrass.ml index aabca540ebb9..b8fb99f97450 100644 --- a/src/lib_plompiler/gadget_weierstrass.ml +++ b/src/lib_plompiler/gadget_weierstrass.ml @@ -134,7 +134,7 @@ functor handle the point at infinity *) let scalar_mul s p = with_label ~label:"Weierstrass.scalar_mul" - @@ let* flag = constant_bool false in + @@ let* flag = Bool.constant false in let init = pair p flag in let* res = foldM diff --git a/src/lib_plompiler/lang_core.ml b/src/lib_plompiler/lang_core.ml index 0965e3730bdf..9755de5b4ae1 100644 --- a/src/lib_plompiler/lang_core.ml +++ b/src/lib_plompiler/lang_core.ml @@ -102,7 +102,7 @@ module type BOOL = sig val assert_false : bool repr -> unit repr t - val constant_bool : bool -> bool repr t + val constant : bool -> bool repr t val band_list : bool repr list -> bool repr t end diff --git a/src/lib_plompiler/lang_stdlib.ml b/src/lib_plompiler/lang_stdlib.ml index 481d8d16b886..8ad40581ee83 100644 --- a/src/lib_plompiler/lang_stdlib.ml +++ b/src/lib_plompiler/lang_stdlib.ml @@ -115,8 +115,6 @@ module type LIB = sig val add2 : (scalar * scalar) repr -> (scalar * scalar) repr -> (scalar * scalar) repr t - val constant_bool : bool -> bool repr t - val constant_bytes : ?le:bool -> bytes -> Bytes.bl repr t val constant_uint32 : ?le:bool -> Stdint.uint32 -> Bytes.bl repr t @@ -638,16 +636,12 @@ module Lib (C : COMMON) = struct let* y3 = Num.add y1 y2 in ret (pair x3 y3) - let constant_bool b = - let* bit = constant_scalar (if b then S.one else S.zero) in - ret @@ unsafe_bool_of_scalar bit - let constant_bytes ?(le = false) b = let bl = Utils.bitlist ~le b in let* ws = foldM (fun ws bit -> - let* w = constant_bool bit in + let* w = Bool.constant bit in ret (w :: ws)) [] bl diff --git a/src/lib_plompiler/result.ml b/src/lib_plompiler/result.ml index 4815ffd396eb..af384690bc3f 100644 --- a/src/lib_plompiler/result.ml +++ b/src/lib_plompiler/result.ml @@ -273,7 +273,7 @@ module Bool = struct assert (not b) ; ret U - let constant_bool : bool -> bool repr t = fun b -> ret (B b) + let constant : bool -> bool repr t = fun b -> ret (B b) let band (B l) (B r) = ret @@ B (l && r) -- GitLab From 55ae3fa50b34c5dfaf3a2a34a1cc251824993799 Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Tue, 30 May 2023 09:47:44 +0200 Subject: [PATCH 04/21] Plompiler: remove a couple of Num include --- src/lib_plompiler/circuit.ml | 8 ++++++-- src/lib_plompiler/result.ml | 6 +++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/lib_plompiler/circuit.ml b/src/lib_plompiler/circuit.ml index e6565a8b28b2..cf370823ead7 100644 --- a/src/lib_plompiler/circuit.ml +++ b/src/lib_plompiler/circuit.ml @@ -679,7 +679,11 @@ module Num = struct end module Bool = struct - include Num + type nonrec scalar = scalar + + type nonrec 'a repr = 'a repr + + type nonrec 'a t = 'a t let constant : bool -> bool repr t = fun b -> @@ -822,7 +826,7 @@ module Bool = struct let is_eq_const l s = with_label ~label:"Bool.is_eq_const" @@ let* diff = Num.add_constant ~ql:S.mone s l in - is_zero diff + Num.is_zero diff let band_list l = with_label ~label:"Bool.band_list" diff --git a/src/lib_plompiler/result.ml b/src/lib_plompiler/result.ml index af384690bc3f..810376059b3f 100644 --- a/src/lib_plompiler/result.ml +++ b/src/lib_plompiler/result.ml @@ -261,7 +261,11 @@ module Num = struct end module Bool = struct - include Num + type nonrec scalar = scalar + + type nonrec 'a repr = 'a repr + + type nonrec 'a t = 'a t let s_of_b b = if b then X S.one else X S.zero -- GitLab From 458ac0ed367371f5361640c49a5629875b95b4bd Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Tue, 30 May 2023 22:15:30 +0200 Subject: [PATCH 05/21] Plompiler: remove a couple of Num open --- src/lib_plonk/boolean_gates.ml | 13 ++++++------- src/lib_plonk/ecc_gates.ml | 35 +++++++++++++++++----------------- src/lib_plonk/hash_gates.ml | 17 ++++++++--------- 3 files changed, 31 insertions(+), 34 deletions(-) diff --git a/src/lib_plonk/boolean_gates.ml b/src/lib_plonk/boolean_gates.ml index e9279da0232b..4f617e074f5b 100644 --- a/src/lib_plonk/boolean_gates.ml +++ b/src/lib_plonk/boolean_gates.ml @@ -198,26 +198,25 @@ module CondSwap : Base_sig = struct let u = wires.(3) in let v = wires.(4) in let open L in - let open Num in - let* bit_times_x = mul bit x in - let* bit_times_y = mul bit y in + let* bit_times_x = Num.mul bit x in + let* bit_times_y = Num.mul bit y in (* id1 = qbool · [(1 - b) · x + b · y - u] *) let* id1 = let* all = - add_list + Num.add_list ~coeffs:[one; mone; one; mone] (to_list [x; bit_times_x; bit_times_y; u]) in - mul qbool all + Num.mul qbool all in (* id1 = qbool · [b · x + (1 - b) · y - v] *) let* id2 = let* all = - add_list + Num.add_list ~coeffs:[one; one; mone; mone] (to_list [bit_times_x; y; bit_times_y; v]) in - mul qbool all + Num.mul qbool all in ret [id1; id2] end diff --git a/src/lib_plonk/ecc_gates.ml b/src/lib_plonk/ecc_gates.ml index f5493937aae3..0179f8de80ed 100644 --- a/src/lib_plonk/ecc_gates.ml +++ b/src/lib_plonk/ecc_gates.ml @@ -714,46 +714,45 @@ module ConditionalAddEdwards : Base_sig = struct let rx = wires_g.(3) in let ry = wires_g.(4) in let open L in - let open Num in - let sub x y = add ~qr:mone x y in - let* px_qy = mul px qy in - let* py_qx = mul py qx in - let* pqs = mul px_qy py_qx in - let* denom_first = custom ~qm:param_d bit pqs ~qc:one in + let sub x y = Num.add ~qr:mone x y in + let* px_qy = Num.mul px qy in + let* py_qx = Num.mul py qx in + let* pqs = Num.mul px_qy py_qx in + let* denom_first = Num.custom ~qm:param_d bit pqs ~qc:one in (* q · [rx · (1 + d · b · px · qx · py · qy) - (b · px · qy + b · py · qx - b · px + px)] = 0 *) let* first_identity = (* left = rx · (1 + d · b · px · qx · py · qy) *) - let* left = mul denom_first rx in + let* left = Num.mul denom_first rx in (* right = b · (px · qy + py · qx - px) + px *) - let* px_qy_plus_py_qx = add px_qy py_qx in + let* px_qy_plus_py_qx = Num.add px_qy py_qx in let* px_qy_plus_py_qx_minux_px = sub px_qy_plus_py_qx px in - let* right_b = mul bit px_qy_plus_py_qx_minux_px in - let* right = add px right_b in + let* right_b = Num.mul bit px_qy_plus_py_qx_minux_px in + let* right = Num.add px right_b in (* all = left - right = rx · (1 + d · b · px · qx · py · qy) - (b · px · qy + b · py · qx - b · px + px) *) let* all = sub left right in - mul qec all + Num.mul qec all in (* q · [ry · (1 - d · b · px · qx · py · qy) - (b · py · qy - a · b · px · qx - b · py + py )] = 0 *) let* second_identity = (* left = ry · (1 - d · b · px · qx · py · qy) *) - let* denom_second = add_constant ~ql:mone two denom_first in - let* left = mul ry denom_second in + let* denom_second = Num.add_constant ~ql:mone two denom_first in + let* left = Num.mul ry denom_second in (* right = b · (py · qy - a · px · qx - py) + py *) - let* py_qy = mul py qy in - let* a_px_qx = mul ~qm:param_a px qx in + let* py_qy = Num.mul py qy in + let* a_px_qx = Num.mul ~qm:param_a px qx in let* py_qy_plus_a_px_qx = sub py_qy a_px_qx in let* py_qy_plus_a_px_qx_minus_py = sub py_qy_plus_a_px_qx py in - let* right_b = mul bit py_qy_plus_a_px_qx_minus_py in - let* right = add right_b py in + let* right_b = Num.mul bit py_qy_plus_a_px_qx_minus_py in + let* right = Num.add right_b py in (* all = left - right = y · (1 - d · b · px · qx · py · qy) - (b · py · qy - a · b · px · qx - b · py + py ) *) let* all = sub left right in - mul qec all + Num.mul qec all in ret [first_identity; second_identity] end diff --git a/src/lib_plonk/hash_gates.ml b/src/lib_plonk/hash_gates.ml index d6ed072f125a..7a066507535e 100644 --- a/src/lib_plonk/hash_gates.ml +++ b/src/lib_plonk/hash_gates.ml @@ -93,21 +93,20 @@ module AnemoiDouble : Base_sig = struct let cs_round_identities ~kx ~ky (x, y) (x', y') = let open L in - let open Num in let mg2_p_1 = Scalar.negate g2_p_1 in - let* mv = add_list ~coeffs:[g; one; mone] (to_list [x'; ky; y']) in - let* w = add mv y in + let* mv = Num.add_list ~coeffs:[g; one; mone] (to_list [x'; ky; y']) in + let* w = Num.add mv y in let* c = - add_list + Num.add_list ~qc:(delta -@ gamma) ~coeffs:[g; one; one; mg2_p_1] (to_list [y'; kx; x; x']) in - let* beta_y2 = mul ~qm:beta y y in - let* beta_mv2_c = custom ~qx2b:beta ~ql:one c mv in - let* id1 = add ~qr:mone beta_mv2_c beta_y2 in - let* w5_x = custom ~qx5a:one ~qr:mone w x in - let* id2 = add ~qc:gamma w5_x beta_y2 in + let* beta_y2 = Num.mul ~qm:beta y y in + let* beta_mv2_c = Num.custom ~qx2b:beta ~ql:one c mv in + let* id1 = Num.add ~qr:mone beta_mv2_c beta_y2 in + let* w5_x = Num.custom ~qx5a:one ~qr:mone w x in + let* id2 = Num.add ~qc:gamma w5_x beta_y2 in ret [id1; id2] let evals_round_identities ~domain_size ~buffers ~selector ~id1_buffer -- GitLab From 2e8a75f99212b5a3bed11eedce444348bb721bee Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Tue, 30 May 2023 22:16:29 +0200 Subject: [PATCH 06/21] Plompiler: rename constant_scalar to Num.constant, add zero one --- src/lib_aplonk/circuit.ml | 8 ++--- src/lib_epoxy_tx/tx_rollup.ml | 10 +++---- src/lib_plompiler/circuit.ml | 30 +++++++++++-------- src/lib_plompiler/gadget_anemoi.ml | 4 +-- src/lib_plompiler/gadget_mod_arith.ml | 2 +- src/lib_plompiler/lang_core.ml | 8 +++-- src/lib_plompiler/lang_stdlib.ml | 6 ++-- src/lib_plompiler/result.ml | 8 +++-- src/lib_plonk/custom_gates.ml | 2 +- src/lib_plonk/mod_arith_gates.ml | 2 +- src/lib_plonk/test/bench.ml | 2 +- src/lib_plonk/test_plompiler/test_encoding.ml | 2 +- 12 files changed, 48 insertions(+), 36 deletions(-) diff --git a/src/lib_aplonk/circuit.ml b/src/lib_aplonk/circuit.ml index 635306654650..ee7a51e30c93 100644 --- a/src/lib_aplonk/circuit.ml +++ b/src/lib_aplonk/circuit.ml @@ -193,7 +193,7 @@ module V (Main : Aggregation.Main_protocol.S) = struct with_label ~label:"zs" @@ let nb_bits = S.size_in_bytes in - let* n_repr = constant_scalar n in + let* n_repr = Num.constant n in let* n_bytes = bits_of_scalar ~nb_bits n_repr in let* xn = Num.pow x (of_list n_bytes) in Num.add_constant S.(negate one) xn @@ -207,7 +207,7 @@ module V (Main : Aggregation.Main_protocol.S) = struct let sum_alpha_i list_circuit alpha = let list_circuit = List.rev list_circuit in match list_circuit with - | [] -> constant_scalar S.zero + | [] -> Num.zero | init :: list_circuit -> foldM (fun acc circuit -> @@ -218,13 +218,13 @@ module V (Main : Aggregation.Main_protocol.S) = struct (* Circuit that computes (x₀ + αx₁ + α²x₂ + …) for list_circuit = [x₀, x₁, x₂, …] and ignores the coefficients when corresponding switch is false ; for instance, if switch₁ = 0 and all other switches are 1, it will compute (x₀ + αx₂ + α²x₃ + …) *) let sum_alpha_i_switched switches list_circuit alpha = - let* zero = constant_scalar S.zero in + let* zero = Num.zero in let* alpha_min_one = Num.add ~qc:S.(negate one) alpha zero in let nb_proofs = List.length switches in let list_circuit = List.rev list_circuit in let switches = List.rev switches in match list_circuit with - | [] -> constant_scalar S.zero + | [] -> Num.zero | list_circuit -> let* res, _ = fold2M diff --git a/src/lib_epoxy_tx/tx_rollup.ml b/src/lib_epoxy_tx/tx_rollup.ml index 4e8d41176916..4219519ee0ea 100644 --- a/src/lib_epoxy_tx/tx_rollup.ml +++ b/src/lib_epoxy_tx/tx_rollup.ml @@ -1456,7 +1456,7 @@ module V (L : LIB) = struct in with_bool_check (Bool.bor is_tez_or_bal_0 equal_dst) >* (* ----------------- Check new leaves -----------------------*) - let* z = constant_scalar S.zero in + let* z = Num.zero in let* ticket_amount = Bool.ifthenelse is_tez z (coerce tx.payload.msg.amount.amount) in @@ -1691,7 +1691,7 @@ module V (L : LIB) = struct ~signature:tx.payload.signature ()) >* let* b_tx = get_checks_wire in - let* z = constant_scalar S.zero in + let* z = Num.zero in let* expected_fee = Bool.ifthenelse b_tx (coerce tx.payload.msg.fee) z in @@ -1753,7 +1753,7 @@ module V (L : LIB) = struct in with_bool_check (Bool.bor is_tez_or_eq_id bal_0) >* (* ----------------- Check new leaf and acc ---------------------- *) - let* z = constant_scalar S.zero in + let* z = Num.zero in let* ticket_amount = Bool.ifthenelse is_tez z (coerce tx.payload.amount.amount) in @@ -1874,7 +1874,7 @@ module V (L : LIB) = struct in with_bool_check (Bool.bor is_tez eq_id) >* (* ----------------- Check new leaves -----------------------*) - let* z = constant_scalar S.zero in + let* z = Num.zero in let* ticket_amount = Bool.ifthenelse is_tez z (coerce tx.payload.msg.amount.amount) in @@ -1985,7 +1985,7 @@ module V (L : LIB) = struct Plompiler_Curve.(input_point @@ affine_to_point Curve.one) in let op_code = S.zero in - let* z = constant_scalar S.zero in + let* z = Num.zero in let z = Bounded_u.make_unsafe ~bound:Constants.Bound.max_amount z in let* computed_root, computed_fees = fold2M diff --git a/src/lib_plompiler/circuit.ml b/src/lib_plompiler/circuit.ml index cf370823ead7..d7a5764b7302 100644 --- a/src/lib_plompiler/circuit.ml +++ b/src/lib_plompiler/circuit.ml @@ -497,18 +497,6 @@ let deserialize : type a. S.t array -> a Input.t -> a Input.t = in fun a (w, check) -> (fst @@ aux a w 0, check) -let constant_scalar s = - let*& o = fresh Dummy.scalar in - append - [| - CS.new_constraint - ~wires:[0; 0; o] - ~qc:s - ~linear:[(wqo, mone)] - "constant_scalar"; - |] - >* ret (Scalar o) - let scalar_of_bool (Bool b) = Scalar b let unsafe_bool_of_scalar (Scalar b) = Bool b @@ -676,6 +664,22 @@ module Num = struct in let solver = Pow5 {a = l; c = o} in append gate ~solver >* ret @@ Scalar o + + let constant s = + let*& o = fresh Dummy.scalar in + append + [| + CS.new_constraint + ~wires:[0; 0; o] + ~qc:s + ~linear:[(wqo, mone)] + "constant_scalar"; + |] + >* ret (Scalar o) + + let zero = constant S.zero + + let one = constant S.one end module Bool = struct @@ -688,7 +692,7 @@ module Bool = struct let constant : bool -> bool repr t = fun b -> let s = if b then S.one else S.zero in - let* (Scalar s) = constant_scalar s in + let* (Scalar s) = Num.constant s in ret (Bool s) let assert_true (Bool bit) = diff --git a/src/lib_plompiler/gadget_anemoi.ml b/src/lib_plompiler/gadget_anemoi.ml index fbbccf082f0a..ef5f4f8d3d3e 100644 --- a/src/lib_plompiler/gadget_anemoi.ml +++ b/src/lib_plompiler/gadget_anemoi.ml @@ -143,9 +143,9 @@ module Make (L : LIB) = struct let digest : ?input_length:int -> scalar list repr -> scalar repr t = fun ?input_length:_ inputs -> match of_list inputs with - | [] -> constant_scalar (AnemoiPerm.jive128_1 S.zero S.zero) + | [] -> Num.constant (AnemoiPerm.jive128_1 S.zero S.zero) | [x] -> - let* zero = constant_scalar S.zero in + let* zero = Num.zero in compress_19_5 zero x | x :: rest -> foldM compress_19_5 x rest end diff --git a/src/lib_plompiler/gadget_mod_arith.ml b/src/lib_plompiler/gadget_mod_arith.ml index 27076e112940..f69357b40e6f 100644 --- a/src/lib_plompiler/gadget_mod_arith.ml +++ b/src/lib_plompiler/gadget_mod_arith.ml @@ -337,7 +337,7 @@ functor assert (Utils.is_power_of_2 Params.base) ; iterM (Num.range_check ~nb_bits:(Z.log2 Params.base)) (of_list i) >* ret i - let constant n = mapM constant_scalar @@ scalar_limbs_of_z n <$> to_list + let constant n = mapM Num.constant @@ scalar_limbs_of_z n <$> to_list let zero = constant Z.zero diff --git a/src/lib_plompiler/lang_core.ml b/src/lib_plompiler/lang_core.ml index 9755de5b4ae1..948a17cf4385 100644 --- a/src/lib_plompiler/lang_core.ml +++ b/src/lib_plompiler/lang_core.ml @@ -32,6 +32,12 @@ module type NUM = sig type 'a t + val constant : S.t -> scalar repr t + + val zero : scalar repr t + + val one : scalar repr t + val range_check : nb_bits:int -> scalar repr -> unit repr t val custom : @@ -198,8 +204,6 @@ module type COMMON = sig val equal : 'a repr -> 'a repr -> bool repr t - val constant_scalar : S.t -> scalar repr t - (** Returns a list of Boolean variables representing the little endian bit decomposition of the given scalar (with the least significant bit on the head). *) diff --git a/src/lib_plompiler/lang_stdlib.ml b/src/lib_plompiler/lang_stdlib.ml index 8ad40581ee83..24b61a34f99e 100644 --- a/src/lib_plompiler/lang_stdlib.ml +++ b/src/lib_plompiler/lang_stdlib.ml @@ -435,7 +435,7 @@ module Lib (C : COMMON) = struct let pow x n_list = let* init = - let* left = constant_scalar S.one in + let* left = Num.one in ret (left, x) in let* res, _acc = @@ -462,7 +462,7 @@ module Lib (C : COMMON) = struct let* res = Num.add ~qc ~ql ~qr x1 x2 in fold2M (fun acc x ql -> Num.add ~ql x acc) res xs qs | [x], [ql] -> Num.add_constant ~ql qc x - | [], [] -> constant_scalar qc + | [], [] -> Num.constant qc | _, _ -> assert false let mul_list l = @@ -473,7 +473,7 @@ module Lib (C : COMMON) = struct (* Evaluates P(X) = \sum_i bᵢ Xⁱ at 2 with Horner's method: P(2) = b₀ + 2 (b₁+ 2 (b₂ + 2(…))). *) let scalar_of_bytes b = - let* zero = constant_scalar S.zero in + let* zero = Num.zero in foldM (fun acc b -> add acc (scalar_of_bool b) ~ql:S.(one + one) ~qr:S.one) zero diff --git a/src/lib_plompiler/result.ml b/src/lib_plompiler/result.ml index 810376059b3f..0a1b22ab2382 100644 --- a/src/lib_plompiler/result.ml +++ b/src/lib_plompiler/result.ml @@ -180,8 +180,6 @@ let rec foldM f e l = let scalar_of_bool (B b) = if b then S (X S.one) else S (X S.zero) -let constant_scalar x = ret @@ Input.s x - let unsafe_bool_of_scalar (S (X s)) = if S.(eq s one) then B true else B false module Num = struct @@ -258,6 +256,12 @@ module Num = struct let pow5 sl = let l = of_s sl in ret @@ S (X S.(pow l (Z.of_int 5))) + + let constant : S.t -> scalar repr t = fun s -> ret (S (X s)) + + let zero = constant S.zero + + let one = constant S.one end module Bool = struct diff --git a/src/lib_plonk/custom_gates.ml b/src/lib_plonk/custom_gates.ml index 886ab8c1094c..381e6ee591cb 100644 --- a/src/lib_plonk/custom_gates.ml +++ b/src/lib_plonk/custom_gates.ml @@ -373,7 +373,7 @@ module Aggregator = struct let n_inv = Scalar.(inverse_exn (negate n)) in let g_inv = Scalar.inverse_exn generator in match pi_list with - | [] -> constant_scalar Scalar.zero + | [] -> Num.zero | hd :: tl_pi -> (* negate because we want -PI(x) *) let* left_term = mul_by_constant n_inv zs in diff --git a/src/lib_plonk/mod_arith_gates.ml b/src/lib_plonk/mod_arith_gates.ml index 42f23c72208d..9aefb94c43d3 100644 --- a/src/lib_plonk/mod_arith_gates.ml +++ b/src/lib_plonk/mod_arith_gates.ml @@ -214,7 +214,7 @@ module Make_ModAdd (MOD_ARITH : Plompiler__Gadget_mod_arith.MOD_ARITH) : *) let open L in let xs, ys, zs, qm, t_infos = get_values wires wires_g in - let* zero = constant_scalar Scalar.zero in + let* zero = Num.zero in map2M (fun mj t_info -> (* \sum_i ((B^i mod m) mod mj) * (x_i + y_i - z_i) diff --git a/src/lib_plonk/test/bench.ml b/src/lib_plonk/test/bench.ml index c3d1a77bf7b9..58dd8467e271 100644 --- a/src/lib_plonk/test/bench.ml +++ b/src/lib_plonk/test/bench.ml @@ -65,7 +65,7 @@ let rc_circuit n nb_range_checks nb_bits = [rc] is true, it adds a range check on every input *) let circuit rc inputs = let* inputs = mapM input inputs in - let* i1 = constant_scalar S.zero in + let* i1 = Num.zero in let l = List.init (1 lsl n) (Fun.const i1) in let i = ref 0 in let* foo = diff --git a/src/lib_plonk/test_plompiler/test_encoding.ml b/src/lib_plonk/test_plompiler/test_encoding.ml index 75baad457222..6060325a5837 100644 --- a/src/lib_plonk/test_plompiler/test_encoding.ml +++ b/src/lib_plonk/test_plompiler/test_encoding.ml @@ -168,7 +168,7 @@ functor let p = point_encoding.decode p in (* We want the intermediate variable here, to test the behaviour of input_flag *) - let* z = constant_scalar S.zero in + let* z = Num.zero in assert_equal p.x z let test_assertion a b () = -- GitLab From dfec2f8bc461132bea5c685f70852abbf6b6bb31 Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Tue, 30 May 2023 22:00:15 +0200 Subject: [PATCH 07/21] Plompiler: move bytes constant inside Bytes, add test --- src/lib_plompiler/gadget_blake2s.ml | 10 ++--- src/lib_plompiler/lang_stdlib.ml | 42 +++++++++---------- .../test_plompiler/test-quick.expected | 12 ++++++ .../test_plompiler/test-slow.expected | 36 ++++++++++++++++ src/lib_plonk/test_plompiler/test_core.ml | 21 ++++++++-- 5 files changed, 92 insertions(+), 29 deletions(-) diff --git a/src/lib_plompiler/gadget_blake2s.ml b/src/lib_plompiler/gadget_blake2s.ml index 01646f4db22f..e515058a1018 100644 --- a/src/lib_plompiler/gadget_blake2s.ml +++ b/src/lib_plompiler/gadget_blake2s.ml @@ -106,7 +106,7 @@ functor with_label ~label:"Blake2s.compression" @@ let* constants = mapM - (fun c -> constant_bytes (Utils.bytes_of_hex c)) + (fun c -> Bytes.constant (Utils.bytes_of_hex c)) [ "6A09E667"; "BB67AE85"; @@ -120,16 +120,16 @@ functor in let constants = Array.of_list constants in let v = Array.append h constants in - let* tmp = constant_uint32 Stdint.Uint64.(to_uint32 t) in + let* tmp = Bytes.constant_uint32 Stdint.Uint64.(to_uint32 t) in let* tmp = Bytes.xor v.(12) tmp in v.(12) <- tmp ; let* tmp = - constant_uint32 Stdint.Uint64.(to_uint32 (shift_right t 32)) + Bytes.constant_uint32 Stdint.Uint64.(to_uint32 (shift_right t 32)) in let* tmp = Bytes.xor v.(13) tmp in v.(13) <- tmp ; (* TODO here we assign many times the same constant *) - let* tmp = constant_uint32 Stdint.Uint32.max_int in + let* tmp = Bytes.constant_uint32 Stdint.Uint32.max_int in let* tmp = if f then Bytes.xor v.(14) tmp else ret v.(14) in v.(14) <- tmp ; let* v = @@ -175,7 +175,7 @@ functor let* h = foldM (fun acc c -> - let* w = constant_bytes (Utils.bytes_of_hex c) in + let* w = Bytes.constant (Utils.bytes_of_hex c) in ret (w :: acc)) [] [ diff --git a/src/lib_plompiler/lang_stdlib.ml b/src/lib_plompiler/lang_stdlib.ml index 24b61a34f99e..19f438d61071 100644 --- a/src/lib_plompiler/lang_stdlib.ml +++ b/src/lib_plompiler/lang_stdlib.ml @@ -105,6 +105,10 @@ module type LIB = sig val input_bytes : ?le:bool -> bytes -> bl Input.t + val constant : ?le:bool -> bytes -> bl repr t + + val constant_uint32 : ?le:bool -> Stdint.uint32 -> bl repr t + val add : ?ignore_carry:bool -> bl repr -> bl repr -> bl repr t val xor : bl repr -> bl repr -> bl repr t @@ -115,10 +119,6 @@ module type LIB = sig val add2 : (scalar * scalar) repr -> (scalar * scalar) repr -> (scalar * scalar) repr t - val constant_bytes : ?le:bool -> bytes -> Bytes.bl repr t - - val constant_uint32 : ?le:bool -> Stdint.uint32 -> Bytes.bl repr t - module Encodings : sig (** Encoding type for encapsulating encoding/decoding/input functions. @@ -590,6 +590,23 @@ module Lib (C : COMMON) = struct let input_bytes ?le b = input_bitlist @@ Utils.bitlist ?le b + let constant ?(le = false) b = + let bl = Utils.bitlist ~le b in + let* ws = + foldM + (fun ws bit -> + let* w = Bool.constant bit in + ret (w :: ws)) + [] + bl + in + ret @@ to_list @@ List.rev ws + + let constant_uint32 ?(le = false) u32 = + let b = Stdlib.Bytes.create 4 in + Stdint.Uint32.to_bytes_big_endian u32 b 0 ; + constant ~le b + let add ?(ignore_carry = false) a b = let ha, ta = (List.hd (of_list a), List.tl (of_list a)) in let hb, tb = (List.hd (of_list b), List.tl (of_list b)) in @@ -636,23 +653,6 @@ module Lib (C : COMMON) = struct let* y3 = Num.add y1 y2 in ret (pair x3 y3) - let constant_bytes ?(le = false) b = - let bl = Utils.bitlist ~le b in - let* ws = - foldM - (fun ws bit -> - let* w = Bool.constant bit in - ret (w :: ws)) - [] - bl - in - ret @@ to_list @@ List.rev ws - - let constant_uint32 ?(le = false) u32 = - let b = Stdlib.Bytes.create 4 in - Stdint.Uint32.to_bytes_big_endian u32 b 0 ; - constant_bytes ~le b - module Encodings = struct type ('oh, 'u, 'p) encoding = { encode : 'u -> 'p repr; diff --git a/src/lib_plonk/test_plompiler/test-quick.expected b/src/lib_plonk/test_plompiler/test-quick.expected index 27cfa6fdda2e..0117195d5cb2 100644 --- a/src/lib_plonk/test_plompiler/test-quick.expected +++ b/src/lib_plonk/test_plompiler/test-quick.expected @@ -1102,6 +1102,18 @@ Constraints: 12 ECC.test_edwards_add_optimized: Constraints: 11 +Bytes.test_constant: +Constraints: 24 + +Bytes.test_constant_optimized: +Constraints: 8 + +Bytes.test_constant: +Constraints: 24 + +Bytes.test_constant_optimized: +Constraints: 8 + Bytes.test_add: Constraints: 69 diff --git a/src/lib_plonk/test_plompiler/test-slow.expected b/src/lib_plonk/test_plompiler/test-slow.expected index 29b9a5e0e63c..658cf99bd393 100644 --- a/src/lib_plonk/test_plompiler/test-slow.expected +++ b/src/lib_plonk/test_plompiler/test-slow.expected @@ -1102,6 +1102,18 @@ Constraints: 12 ECC.test_edwards_add_optimized: Constraints: 11 +Bytes.test_constant: +Constraints: 24 + +Bytes.test_constant_optimized: +Constraints: 8 + +Bytes.test_constant: +Constraints: 24 + +Bytes.test_constant_optimized: +Constraints: 8 + Bytes.test_add: Constraints: 69 @@ -2560,6 +2572,30 @@ Proof hash: 4354b30ac189071d319083e8b3a822469165829629cad8a665820f102eec1f20 Prover_pp hash: 790d223c3bf2ab129f975664c1086110d10fdb66cdfcf4404880920901392661 Verifier_pp hash: cdb4a62221463856fb4c646f93c4e998c0799a7db7c8226138b5a3d4feed674b +Bytes.test_constant: +Constraints: 24 + +Bytes.test_constant_optimized: +Constraints: 8 + +Bytes.test_constant: +Proof size: 2.09 KB +Proof hash: 2faa96f1773a23257473f62a80a82c024a9b533801791d41060cc9117638cd84 +Prover_pp hash: bbb3d2c2caaa2fef3865098570d85ac2c69ce3f1a4ef452c5f64bb97830a4c51 +Verifier_pp hash: 9993a521cbe03571c5b1d7cac67998323622d3dfaafe62d22779eb2df67c6412 + +Bytes.test_constant: +Constraints: 24 + +Bytes.test_constant_optimized: +Constraints: 8 + +Bytes.test_constant: +Proof size: 2.09 KB +Proof hash: 2faa96f1773a23257473f62a80a82c024a9b533801791d41060cc9117638cd84 +Prover_pp hash: bbb3d2c2caaa2fef3865098570d85ac2c69ce3f1a4ef452c5f64bb97830a4c51 +Verifier_pp hash: 9993a521cbe03571c5b1d7cac67998323622d3dfaafe62d22779eb2df67c6412 + Bytes.test_add: Constraints: 69 diff --git a/src/lib_plonk/test_plompiler/test_core.ml b/src/lib_plonk/test_plompiler/test_core.ml index f2b04f239bb3..dccb12d2cb07 100644 --- a/src/lib_plonk/test_plompiler/test_core.ml +++ b/src/lib_plonk/test_plompiler/test_core.ml @@ -731,6 +731,22 @@ functor open Utils (L) + let bytes_of_hex = Plompiler.Utils.bytes_of_hex + + let test_constant ~le b () = + let b = bytes_of_hex b in + let* o' = input @@ input_bytes ~le (bytes_of_hex "0f") in + let* o = Bytes.constant ~le b in + assert_equal o o' + + let tests_constant = + let name = "Bytes.test_constant" in + [ + test ~valid:true ~name @@ test_constant ~le:false "0f"; + test ~valid:true ~name @@ test_constant ~le:true "0f"; + test ~valid:false ~name @@ test_constant ~le:true "00"; + ] + let test_add a b z () = let* a = input ~kind:`Public a in let* b = input b in @@ -753,8 +769,6 @@ functor let* z' = xor a b in assert_equal z z' - let bytes_of_hex = Plompiler.Utils.bytes_of_hex - let tests_xor = let i = input_bytes @@ bytes_of_hex "08" in let o = input_bytes @@ bytes_of_hex "00" in @@ -834,7 +848,8 @@ functor ] let tests = - tests_add @ tests_xor @ tests_ifthenelse_bytes @ tests_rotate_right + tests_constant @ tests_add @ tests_xor @ tests_ifthenelse_bytes + @ tests_rotate_right end module ECC : Test = -- GitLab From 77d0d494a0728a4276937044d22e801f61dac178 Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Fri, 26 May 2023 17:15:38 +0200 Subject: [PATCH 08/21] Plompiler: Bool.add ignore carry by default --- src/lib_plompiler/lang_stdlib.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib_plompiler/lang_stdlib.ml b/src/lib_plompiler/lang_stdlib.ml index 19f438d61071..b07ac82760bb 100644 --- a/src/lib_plompiler/lang_stdlib.ml +++ b/src/lib_plompiler/lang_stdlib.ml @@ -607,7 +607,7 @@ module Lib (C : COMMON) = struct Stdint.Uint32.to_bytes_big_endian u32 b 0 ; constant ~le b - let add ?(ignore_carry = false) a b = + let add ?(ignore_carry = true) a b = let ha, ta = (List.hd (of_list a), List.tl (of_list a)) in let hb, tb = (List.hd (of_list b), List.tl (of_list b)) in let* a_xor_b = Bool.xor ha hb in -- GitLab From 87d3afbb61c4d01b2511cf941a284b678a458617 Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Fri, 28 Apr 2023 15:08:17 +0200 Subject: [PATCH 09/21] Plompiler: add Bytes.length --- src/lib_plompiler/lang_stdlib.ml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/lib_plompiler/lang_stdlib.ml b/src/lib_plompiler/lang_stdlib.ml index b07ac82760bb..1c8760ce67e6 100644 --- a/src/lib_plompiler/lang_stdlib.ml +++ b/src/lib_plompiler/lang_stdlib.ml @@ -109,6 +109,9 @@ module type LIB = sig val constant_uint32 : ?le:bool -> Stdint.uint32 -> bl repr t + (* length in bits *) + val length : bl repr -> int + val add : ?ignore_carry:bool -> bl repr -> bl repr -> bl repr t val xor : bl repr -> bl repr -> bl repr t @@ -607,6 +610,8 @@ module Lib (C : COMMON) = struct Stdint.Uint32.to_bytes_big_endian u32 b 0 ; constant ~le b + let length b = List.length (of_list b) + let add ?(ignore_carry = true) a b = let ha, ta = (List.hd (of_list a), List.tl (of_list a)) in let hb, tb = (List.hd (of_list b), List.tl (of_list b)) in -- GitLab From 68c088b5a6965dedaf14997715feb7a93242985c Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Fri, 26 May 2023 17:15:52 +0200 Subject: [PATCH 10/21] Plompiler: check args length --- src/lib_plompiler/lang_stdlib.ml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/lib_plompiler/lang_stdlib.ml b/src/lib_plompiler/lang_stdlib.ml index 1c8760ce67e6..c27c12f58ff4 100644 --- a/src/lib_plompiler/lang_stdlib.ml +++ b/src/lib_plompiler/lang_stdlib.ml @@ -612,7 +612,20 @@ module Lib (C : COMMON) = struct let length b = List.length (of_list b) + let check_args_length name a b = + let la = length a in + let lb = length b in + if la != lb then + raise + (Invalid_argument + (Format.sprintf + "%s arguments of different lengths %i %i" + name + la + lb)) + let add ?(ignore_carry = true) a b = + check_args_length "Bytes.add" a b ; let ha, ta = (List.hd (of_list a), List.tl (of_list a)) in let hb, tb = (List.hd (of_list b), List.tl (of_list b)) in let* a_xor_b = Bool.xor ha hb in @@ -630,6 +643,7 @@ module Lib (C : COMMON) = struct ret @@ to_list @@ List.rev (if ignore_carry then res else carry :: res) let xor a b = + check_args_length "Bytes.xor" a b ; let* l = map2M Bool.xor (of_list a) (of_list b) in ret @@ to_list l -- GitLab From cbaf19642a17ab21914e9eccc6fe3e712bb98209 Mon Sep 17 00:00:00 2001 From: Raphael Toledo Date: Thu, 27 Apr 2023 14:25:44 +0100 Subject: [PATCH 11/21] Plompiler: add Bytes.not --- src/lib_plompiler/lang_stdlib.ml | 6 ++++++ src/lib_plonk/test_plompiler/test-quick.expected | 12 ++++++++++++ src/lib_plonk/test_plompiler/test_core.ml | 16 +++++++++++++++- 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/src/lib_plompiler/lang_stdlib.ml b/src/lib_plompiler/lang_stdlib.ml index c27c12f58ff4..80b76b50bb78 100644 --- a/src/lib_plompiler/lang_stdlib.ml +++ b/src/lib_plompiler/lang_stdlib.ml @@ -116,6 +116,8 @@ module type LIB = sig val xor : bl repr -> bl repr -> bl repr t + val not : bl repr -> bl repr t + val rotate_right : bl repr -> int -> bl repr end @@ -647,6 +649,10 @@ module Lib (C : COMMON) = struct let* l = map2M Bool.xor (of_list a) (of_list b) in ret @@ to_list l + let not a = + let* l = mapM Bool.bnot (of_list a) in + ret @@ to_list l + let rotate_right a i = let split_n n l = let rec aux acc k l = diff --git a/src/lib_plonk/test_plompiler/test-quick.expected b/src/lib_plonk/test_plompiler/test-quick.expected index 0117195d5cb2..f9eef6faadc4 100644 --- a/src/lib_plonk/test_plompiler/test-quick.expected +++ b/src/lib_plonk/test_plompiler/test-quick.expected @@ -1324,6 +1324,18 @@ Constraints: 72 Bytes.test_rotate_right_optimized: Constraints: 48 +Bytes.test_not: +Constraints: 32 + +Bytes.test_not_optimized: +Constraints: 16 + +Bytes.test_not: +Constraints: 32 + +Bytes.test_not_optimized: +Constraints: 16 + Blake.test_mixing: Constraints: 2638 diff --git a/src/lib_plonk/test_plompiler/test_core.ml b/src/lib_plonk/test_plompiler/test_core.ml index dccb12d2cb07..90c7b1b2d9e3 100644 --- a/src/lib_plonk/test_plompiler/test_core.ml +++ b/src/lib_plonk/test_plompiler/test_core.ml @@ -847,9 +847,23 @@ functor (9, "\000\000\001", "\000\128\000"); ] + let test_not a z () = + let* a = input ~kind:`Public a in + let* z = input z in + let* z' = not a in + assert_equal z z' + + let tests_not = + let i = Bytes.input_bytes @@ bytes_of_hex "0F" in + let o = Bytes.input_bytes @@ bytes_of_hex "F0" in + [ + test ~valid:true ~name:"Bytes.test_not" @@ test_not i o; + test ~valid:true ~name:"Bytes.test_not" @@ test_not o i; + ] + let tests = tests_constant @ tests_add @ tests_xor @ tests_ifthenelse_bytes - @ tests_rotate_right + @ tests_rotate_right @ tests_not end module ECC : Test = -- GitLab From ef82685290e3c2b62b5012f77718f3cc8c78316a Mon Sep 17 00:00:00 2001 From: Raphael Toledo Date: Thu, 27 Apr 2023 14:26:19 +0100 Subject: [PATCH 12/21] Plompiler: add Bytes.band --- src/lib_plompiler/lang_stdlib.ml | 7 ++++ .../test_plompiler/test-quick.expected | 42 +++++++++++++++++++ src/lib_plonk/test_plompiler/test_core.ml | 27 +++++++++++- 3 files changed, 75 insertions(+), 1 deletion(-) diff --git a/src/lib_plompiler/lang_stdlib.ml b/src/lib_plompiler/lang_stdlib.ml index 80b76b50bb78..c5bfdfe18b4f 100644 --- a/src/lib_plompiler/lang_stdlib.ml +++ b/src/lib_plompiler/lang_stdlib.ml @@ -118,6 +118,8 @@ module type LIB = sig val not : bl repr -> bl repr t + val band : bl repr -> bl repr -> bl repr t + val rotate_right : bl repr -> int -> bl repr end @@ -653,6 +655,11 @@ module Lib (C : COMMON) = struct let* l = mapM Bool.bnot (of_list a) in ret @@ to_list l + let band a b = + check_args_length "Bytes.band" a b ; + let* l = map2M Bool.band (of_list a) (of_list b) in + ret @@ to_list l + let rotate_right a i = let split_n n l = let rec aux acc k l = diff --git a/src/lib_plonk/test_plompiler/test-quick.expected b/src/lib_plonk/test_plompiler/test-quick.expected index f9eef6faadc4..4e838591a6c3 100644 --- a/src/lib_plonk/test_plompiler/test-quick.expected +++ b/src/lib_plonk/test_plompiler/test-quick.expected @@ -1336,6 +1336,48 @@ Constraints: 32 Bytes.test_not_optimized: Constraints: 16 +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + Blake.test_mixing: Constraints: 2638 diff --git a/src/lib_plonk/test_plompiler/test_core.ml b/src/lib_plonk/test_plompiler/test_core.ml index 90c7b1b2d9e3..d389edf9d409 100644 --- a/src/lib_plonk/test_plompiler/test_core.ml +++ b/src/lib_plonk/test_plompiler/test_core.ml @@ -861,9 +861,34 @@ functor test ~valid:true ~name:"Bytes.test_not" @@ test_not o i; ] + let test_band a b o () = + let* a = input ~kind:`Public a in + let* b = input ~kind:`Public b in + let* o = input o in + let* o' = band a b in + assert_equal o o' + + let tests_band = + List.map + (fun (valid, a, b, o) -> + let a = Bytes.input_bytes @@ bytes_of_hex a in + let b = Bytes.input_bytes @@ bytes_of_hex b in + let o = Bytes.input_bytes @@ bytes_of_hex o in + test ~valid ~name:"Bytes.test_band" @@ test_band a b o) + [ + (true, "00", "00", "00"); + (true, "0F", "00", "00"); + (true, "00", "0F", "00"); + (true, "0F", "0F", "0F"); + (true, "F0", "00", "00"); + (true, "00", "F0", "00"); + (true, "F0", "F0", "F0"); + (false, "0F", "00", "0F"); + ] + let tests = tests_constant @ tests_add @ tests_xor @ tests_ifthenelse_bytes - @ tests_rotate_right @ tests_not + @ tests_rotate_right @ tests_not @ tests_band end module ECC : Test = -- GitLab From c29e9a87bfcff032b16a12152708fcddaa2e0ce1 Mon Sep 17 00:00:00 2001 From: Raphael Toledo Date: Thu, 27 Apr 2023 18:45:56 +0100 Subject: [PATCH 13/21] Plompiler: add Bytes.shift_left/right --- src/lib_plompiler/lang_stdlib.ml | 27 +++++ .../test_plompiler/test-quick.expected | 108 ++++++++++++++++++ src/lib_plonk/test_plompiler/test_core.ml | 53 ++++++++- 3 files changed, 187 insertions(+), 1 deletion(-) diff --git a/src/lib_plompiler/lang_stdlib.ml b/src/lib_plompiler/lang_stdlib.ml index c5bfdfe18b4f..50c35e868a2d 100644 --- a/src/lib_plompiler/lang_stdlib.ml +++ b/src/lib_plompiler/lang_stdlib.ml @@ -121,6 +121,14 @@ module type LIB = sig val band : bl repr -> bl repr -> bl repr t val rotate_right : bl repr -> int -> bl repr + + (* [shift_left bl 1] shifts all bits left by 1 position, so each bit is more + significant. The most signigicant bit is lost and the least significant + bit is set to zero. More precisely, if we interpret the [bl] as an integer + [shift_left bl i = bl * 2^i mod 2^{length a}] *) + val shift_left : bl repr -> int -> bl repr t + + val shift_right : bl repr -> int -> bl repr t end val add2 : @@ -676,6 +684,25 @@ module Lib (C : COMMON) = struct in let head, tail = split_n i (of_list a) in to_list @@ tail @ head + + let shift_left a i = + let* zero = Bool.constant false in + let l = of_list a in + let length = List.length l - i in + assert (length >= 0) ; + let res = + List.init i (fun _ -> zero) @ List.filteri (fun j _x -> j < length) l + in + ret @@ to_list res + + let shift_right a i = + let* zero = Bool.constant false in + let l = of_list a in + assert (List.compare_length_with l i >= 0) ; + let res = + List.filteri (fun j _x -> j >= i) l @ List.init i (fun _ -> zero) + in + ret @@ to_list res end let add2 p1 p2 = diff --git a/src/lib_plonk/test_plompiler/test-quick.expected b/src/lib_plonk/test_plompiler/test-quick.expected index 4e838591a6c3..e64835702b3c 100644 --- a/src/lib_plonk/test_plompiler/test-quick.expected +++ b/src/lib_plonk/test_plompiler/test-quick.expected @@ -1378,6 +1378,114 @@ Constraints: 40 Bytes.test_band_optimized: Constraints: 24 +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + Blake.test_mixing: Constraints: 2638 diff --git a/src/lib_plonk/test_plompiler/test_core.ml b/src/lib_plonk/test_plompiler/test_core.ml index d389edf9d409..ce542d733d26 100644 --- a/src/lib_plonk/test_plompiler/test_core.ml +++ b/src/lib_plonk/test_plompiler/test_core.ml @@ -886,9 +886,60 @@ functor (false, "0F", "00", "0F"); ] + let test_shift_left l i z () = + let* l = input ~kind:`Public l in + let* z = input z in + let* o = shift_left l i in + assert_equal o z + + let tests_shift_left = + List.map + (fun (i, a, b) -> + let a = Bytes.input_bytes @@ bytes_of_hex a in + let b = Bytes.input_bytes @@ bytes_of_hex b in + test ~valid:true ~name:"Bytes.test_shift_left" + @@ test_shift_left a i b) + [ + (0, "B0", "B0"); + (1, "B0", "60"); + (2, "B0", "C0"); + (3, "B0", "80"); + (4, "B0", "00"); + (5, "B0", "00"); + (6, "B0", "00"); + (7, "B0", "00"); + (8, "B0", "00"); + ] + + let test_shift_right l i z () = + let* l = input ~kind:`Public l in + let* z = input z in + let* o = shift_right l i in + assert_equal o z + + let tests_shift_right = + List.map + (fun (i, a, b) -> + let a = Bytes.input_bytes @@ bytes_of_hex a in + let b = Bytes.input_bytes @@ bytes_of_hex b in + test ~valid:true ~name:"Bytes.test_shift_right" + @@ test_shift_right a i b) + [ + (0, "B0", "B0"); + (1, "B0", "58"); + (2, "B0", "2C"); + (3, "B0", "16"); + (4, "B0", "0B"); + (5, "B0", "05"); + (6, "B0", "02"); + (7, "B0", "01"); + (8, "B0", "00"); + ] + let tests = tests_constant @ tests_add @ tests_xor @ tests_ifthenelse_bytes - @ tests_rotate_right @ tests_not @ tests_band + @ tests_rotate_right @ tests_not @ tests_band @ tests_shift_left + @ tests_shift_right end module ECC : Test = -- GitLab From d6a381ce689060c1b34bbd71e33e5a5ff87f5df1 Mon Sep 17 00:00:00 2001 From: Raphael Toledo Date: Wed, 17 May 2023 14:37:59 +0200 Subject: [PATCH 14/21] Plompiler: add Bytes.rotate_left --- src/lib_plompiler/lang_stdlib.ml | 8 + .../test_plompiler/test-quick.expected | 186 ++++++++++++++++++ src/lib_plonk/test_plompiler/test_core.ml | 51 ++++- 3 files changed, 243 insertions(+), 2 deletions(-) diff --git a/src/lib_plompiler/lang_stdlib.ml b/src/lib_plompiler/lang_stdlib.ml index 50c35e868a2d..df408cd62d38 100644 --- a/src/lib_plompiler/lang_stdlib.ml +++ b/src/lib_plompiler/lang_stdlib.ml @@ -120,6 +120,12 @@ module type LIB = sig val band : bl repr -> bl repr -> bl repr t + (* [rotate_left bl 1] shifts the bits left by 1 position, so each bit is more + significant. The most significant bit becomes the least significant + i.e. it is "rotated". + [rotate_left bl (length bl) = bl] *) + val rotate_left : bl repr -> int -> bl repr + val rotate_right : bl repr -> int -> bl repr (* [shift_left bl 1] shifts all bits left by 1 position, so each bit is more @@ -685,6 +691,8 @@ module Lib (C : COMMON) = struct let head, tail = split_n i (of_list a) in to_list @@ tail @ head + let rotate_left a i = rotate_right a (length a - i) + let shift_left a i = let* zero = Bool.constant false in let l = of_list a in diff --git a/src/lib_plonk/test_plompiler/test-quick.expected b/src/lib_plonk/test_plompiler/test-quick.expected index e64835702b3c..298ed1382500 100644 --- a/src/lib_plonk/test_plompiler/test-quick.expected +++ b/src/lib_plonk/test_plompiler/test-quick.expected @@ -1144,6 +1144,192 @@ Constraints: 41 Bytes.test_ifthenelse_optimized: Constraints: 32 +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + Bytes.test_rotate_right: Constraints: 24 diff --git a/src/lib_plonk/test_plompiler/test_core.ml b/src/lib_plonk/test_plompiler/test_core.ml index ce542d733d26..da1c16b082e1 100644 --- a/src/lib_plonk/test_plompiler/test_core.ml +++ b/src/lib_plonk/test_plompiler/test_core.ml @@ -801,6 +801,53 @@ functor @@ test_ifthenelse_bytes (Input.bool false) l r l; ] + let test_rotate_left l i z () = + let* l = input ~kind:`Public l in + let* z = input z in + let o = rotate_left l i in + assert_equal o z + + let tests_rotate_left = + List.map + (fun (i, a, b) -> + let a = input_bytes @@ Stdlib.Bytes.of_string a in + let b = input_bytes @@ Stdlib.Bytes.of_string b in + test ~valid:true ~name:"Bytes.test_rotate_left" + @@ test_rotate_left a i b) + [ + (0, "\001", "\001"); + (1, "\001", "\002"); + (2, "\001", "\004"); + (3, "\001", "\008"); + (4, "\001", "\016"); + (5, "\001", "\032"); + (6, "\001", "\064"); + (7, "\001", "\128"); + (8, "\001", "\001"); + (0, "\000\001", "\000\001"); + (1, "\000\001", "\000\002"); + (2, "\000\001", "\000\004"); + (3, "\000\001", "\000\008"); + (4, "\000\001", "\000\016"); + (5, "\000\001", "\000\032"); + (6, "\000\001", "\000\064"); + (7, "\000\001", "\000\128"); + (8, "\000\001", "\001\000"); + (1, "\000\128", "\001\000"); + (1, "\128\000", "\000\001"); + (0, "\000\000\001", "\000\000\001"); + (1, "\000\000\001", "\000\000\002"); + (2, "\000\000\001", "\000\000\004"); + (3, "\000\000\001", "\000\000\008"); + (4, "\000\000\001", "\000\000\016"); + (5, "\000\000\001", "\000\000\032"); + (6, "\000\000\001", "\000\000\064"); + (7, "\000\000\001", "\000\000\128"); + (8, "\000\000\001", "\000\001\000"); + (1, "\000\000\128", "\000\001\000"); + (1, "\128\000\000", "\000\000\001"); + ] + let test_rotate_right l i z () = let* l = input ~kind:`Public l in let* z = input z in @@ -938,8 +985,8 @@ functor let tests = tests_constant @ tests_add @ tests_xor @ tests_ifthenelse_bytes - @ tests_rotate_right @ tests_not @ tests_band @ tests_shift_left - @ tests_shift_right + @ tests_rotate_left @ tests_rotate_right @ tests_not @ tests_band + @ tests_shift_left @ tests_shift_right end module ECC : Test = -- GitLab From 64cbdc89d56da369a9630fd4316e44258309c127 Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Fri, 19 May 2023 18:03:47 +0200 Subject: [PATCH 15/21] Plompiler: add Bytes.concat --- src/lib_plompiler/lang_stdlib.ml | 10 ++++++++++ .../test_plompiler/test-quick.expected | 6 ++++++ src/lib_plonk/test_plompiler/test_core.ml | 19 ++++++++++++++++--- 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/src/lib_plompiler/lang_stdlib.ml b/src/lib_plompiler/lang_stdlib.ml index df408cd62d38..0a614309cd2a 100644 --- a/src/lib_plompiler/lang_stdlib.ml +++ b/src/lib_plompiler/lang_stdlib.ml @@ -112,6 +112,8 @@ module type LIB = sig (* length in bits *) val length : bl repr -> int + val concat : bl repr array -> bl repr + val add : ?ignore_carry:bool -> bl repr -> bl repr -> bl repr t val xor : bl repr -> bl repr -> bl repr t @@ -630,6 +632,14 @@ module Lib (C : COMMON) = struct let length b = List.length (of_list b) + let concat : bl repr array -> bl repr = + fun bs -> + let bs = Array.to_list bs in + let bs = List.rev bs in + let bs = List.map of_list bs in + let bs = List.concat bs in + to_list bs + let check_args_length name a b = let la = length a in let lb = length b in diff --git a/src/lib_plonk/test_plompiler/test-quick.expected b/src/lib_plonk/test_plompiler/test-quick.expected index 298ed1382500..686cd3835367 100644 --- a/src/lib_plonk/test_plompiler/test-quick.expected +++ b/src/lib_plonk/test_plompiler/test-quick.expected @@ -1132,6 +1132,12 @@ Constraints: 160 Bytes.blake_optimized: Constraints: 96 +Bytes.test_concat: +Constraints: 48 + +Bytes.test_concat_optimized: +Constraints: 32 + Bytes.test_ifthenelse: Constraints: 41 diff --git a/src/lib_plonk/test_plompiler/test_core.ml b/src/lib_plonk/test_plompiler/test_core.ml index da1c16b082e1..48f0c9473e49 100644 --- a/src/lib_plonk/test_plompiler/test_core.ml +++ b/src/lib_plonk/test_plompiler/test_core.ml @@ -781,6 +781,19 @@ functor test ~valid:false ~name:"Bytes.test_xor" @@ test_xor o o i; ] + let test_concat a b o () = + let* a = input ~kind:`Public a in + let* b = input b in + let* o = input o in + let o' = Bytes.concat [|a; b|] in + assert_equal o o' + + let tests_concat = + let a = input_bytes @@ bytes_of_hex "08" in + let b = input_bytes @@ bytes_of_hex "01" in + let o = input_bytes @@ bytes_of_hex "0801" in + [test ~valid:true ~name:"Bytes.test_concat" @@ test_concat a b o] + let test_ifthenelse_bytes b l r z () = let* b = input ~kind:`Public b in let* l = input ~kind:`Public l in @@ -984,9 +997,9 @@ functor ] let tests = - tests_constant @ tests_add @ tests_xor @ tests_ifthenelse_bytes - @ tests_rotate_left @ tests_rotate_right @ tests_not @ tests_band - @ tests_shift_left @ tests_shift_right + tests_constant @ tests_add @ tests_xor @ tests_concat + @ tests_ifthenelse_bytes @ tests_rotate_left @ tests_rotate_right + @ tests_not @ tests_band @ tests_shift_left @ tests_shift_right end module ECC : Test = -- GitLab From a64a88b7654f130bd4527d2f6bc5e9681d2ad2da Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Wed, 31 May 2023 22:28:04 +0200 Subject: [PATCH 16/21] Plompiler: add labels to Bytes.add --- src/lib_plompiler/lang_stdlib.ml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/lib_plompiler/lang_stdlib.ml b/src/lib_plompiler/lang_stdlib.ml index 0a614309cd2a..1963a6b47f3a 100644 --- a/src/lib_plompiler/lang_stdlib.ml +++ b/src/lib_plompiler/lang_stdlib.ml @@ -443,12 +443,13 @@ module Lib (C : COMMON) = struct include Bool let full_adder a b c_in = - let* a_xor_b = xor a b in - let* a_xor_b_xor_c = xor a_xor_b c_in in - let* a_xor_b_and_c = band a_xor_b c_in in - let* a_and_b = band a b in - let* c = bor a_xor_b_and_c a_and_b in - ret (pair a_xor_b_xor_c c) + with_label ~label:"Bool.full_adder" + @@ let* a_xor_b = xor a b in + let* a_xor_b_xor_c = xor a_xor_b c_in in + let* a_xor_b_and_c = band a_xor_b c_in in + let* a_and_b = band a b in + let* c = bor a_xor_b_and_c a_and_b in + ret (pair a_xor_b_xor_c c) end module Num = struct @@ -654,6 +655,8 @@ module Lib (C : COMMON) = struct let add ?(ignore_carry = true) a b = check_args_length "Bytes.add" a b ; + with_label ~label:"Bytes.add" + @@ let ha, ta = (List.hd (of_list a), List.tl (of_list a)) in let hb, tb = (List.hd (of_list b), List.tl (of_list b)) in let* a_xor_b = Bool.xor ha hb in -- GitLab From f5937cd7e8412a88e54abaa9bc5202adc8ccbac2 Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Fri, 26 May 2023 08:51:01 +0200 Subject: [PATCH 17/21] Plompiler/Utils: add of_bitlist, hex_of_bytes --- src/lib_plompiler/utils.ml | 41 ++++++++++++++++++++++ src/lib_plonk/test_plompiler/test_utils.ml | 7 ++-- 2 files changed, 44 insertions(+), 4 deletions(-) diff --git a/src/lib_plompiler/utils.ml b/src/lib_plompiler/utils.ml index 8ab18b5b54da..94156c0a7a0d 100644 --- a/src/lib_plompiler/utils.ml +++ b/src/lib_plompiler/utils.ml @@ -45,6 +45,7 @@ let alpha = Z.(shift_left one (Z.numbits S.order) - S.order) let bitlist : ?le:bool -> bytes -> bool list = fun ?(le = false) b -> let l = Bytes.length b in + (* Depending on endianess we start, stop and step in different directions. *) let start = if le then 0 else l - 1 in let stop = if le then l else -1 in let next = if le then succ else pred in @@ -55,6 +56,10 @@ let bitlist : ?le:bool -> bytes -> bool list = let rec loop_bit acc m = if m = 8 then acc else + (* For each position in a byte, a mask is built where all bits are + zero except the one at position. The masked byte is compute by + locagical AND of the mask and the current byte. If the masked + result is zero the bit at position is zero, otherwise it's one. *) let mask = 1 lsl m in let bit = byte land mask in let bit = if bit = 0 then false else true in @@ -65,10 +70,46 @@ let bitlist : ?le:bool -> bytes -> bool list = in List.rev @@ loop_byte [] start +(* Takes a list of booleans (typically from the Plompiler Bytes representation) + and returns OCaml Bytes. Works only if the input length is a multiple of a + byte. *) +let of_bitlist : ?le:bool -> bool list -> bytes = + fun ?(le = false) bl -> + assert (List.length bl mod 8 = 0) ; + let rec loop_byte acc rest = + match rest with + | [] -> + let res = if le then List.rev acc else acc in + Bytes.(concat empty res) + | _ -> + let rec loop_bit acc pos rest = + if pos = 8 then (acc, rest) + else + match rest with + | [] -> assert false + | bit :: rest -> + (* For each position in a byte, a mask is built where all bits + are zero except the one at position. The mask is then summed + to the accumulator using a logical OR. *) + let mask = if bit then 1 lsl pos else 0 in + let acc = acc lor mask in + loop_bit acc (succ pos) rest + in + (* Each sequence of 8 bits is converted to an integer in the previous + loop and here it is interpreted as a uint8. *) + let byte_as_int, rest = loop_bit 0 0 rest in + let byte = Bytes.create 1 in + Bytes.set_uint8 byte 0 byte_as_int ; + loop_byte (byte :: acc) rest + in + loop_byte [] bl + let bytes_of_hex hs = let h = `Hex hs in Hex.to_bytes h +let hex_of_bytes bs = Hex.of_bytes bs |> Hex.show + let bool_list_to_scalar : bool list -> S.t = fun b_list -> let res, _ = diff --git a/src/lib_plonk/test_plompiler/test_utils.ml b/src/lib_plonk/test_plompiler/test_utils.ml index 5aef62d6e99b..f2ec276ce05e 100644 --- a/src/lib_plonk/test_plompiler/test_utils.ml +++ b/src/lib_plonk/test_plompiler/test_utils.ml @@ -28,11 +28,10 @@ let test_bitlist () = (fun (le, input, output) -> let input = Bytes.of_string input in let output = - List.map - (fun n -> match n with 0 -> false | 1 -> true | _ -> assert false) - output + List.map (function 0 -> false | 1 -> true | _ -> assert false) output in - assert (Plompiler.Utils.bitlist ~le input = output)) + assert (Plompiler.Utils.bitlist ~le input = output) ; + assert (Plompiler.Utils.of_bitlist ~le output = input)) [ (false, "", []); (false, "\001", [1; 0; 0; 0; 0; 0; 0; 0]); -- GitLab From 59016076a737b7d3b4fdf28c6a5b6b739ccb0a1a Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Wed, 31 May 2023 07:27:05 +0200 Subject: [PATCH 18/21] Plompiler: add debug --- src/lib_plompiler/circuit.ml | 2 ++ src/lib_plompiler/lang_core.ml | 5 +++++ src/lib_plompiler/result.ml | 16 ++++++++++++++++ src/lib_plonk/test/helpers.ml | 19 ++++++++++--------- 4 files changed, 33 insertions(+), 9 deletions(-) diff --git a/src/lib_plompiler/circuit.ml b/src/lib_plompiler/circuit.ml index d7a5764b7302..93c96d2a1081 100644 --- a/src/lib_plompiler/circuit.ml +++ b/src/lib_plompiler/circuit.ml @@ -271,6 +271,8 @@ let with_label ~label m s = let s'', a = m s' in ({s'' with labels = s.labels}, a) +let debug _ _ = ret Unit + let add_solver : solver:Solver.solver_desc -> unit repr t = fun ~solver s -> ({s with solver = Solver.append_solver solver s.solver}, Unit) diff --git a/src/lib_plompiler/lang_core.ml b/src/lib_plompiler/lang_core.ml index 948a17cf4385..62fc942acbb9 100644 --- a/src/lib_plompiler/lang_core.ml +++ b/src/lib_plompiler/lang_core.ml @@ -212,6 +212,11 @@ module type COMMON = sig val with_label : label:string -> 'a t -> 'a t + (** Prints on stdout the prefix string and the repr. It works only when + running the Result interpreter, it has no effect in the Circuit + interpreter. *) + val debug : string -> 'a repr -> unit repr t + module Num : NUM with type scalar = scalar diff --git a/src/lib_plompiler/result.ml b/src/lib_plompiler/result.ml index 0a1b22ab2382..ff4f74e564d6 100644 --- a/src/lib_plompiler/result.ml +++ b/src/lib_plompiler/result.ml @@ -471,6 +471,22 @@ let with_label ~label t = ignore label ; t +let rec repr_to_string : type a. a repr -> string = function + | U -> "()" + | S (X s) -> S.string_of_scalar s + | B b -> if b then "T" else "F" + | P (a, b) -> "(" ^ repr_to_string a ^ "," ^ repr_to_string b ^ ")" + | L (B _ :: _ as bs) -> + (* special case to print bytes in hex *) + let bs = List.map (fun (B b) -> if b then true else false) bs in + let bs = Utils.of_bitlist bs in + Utils.hex_of_bytes bs + | L l -> String.concat ";" (List.map repr_to_string l) + +let debug s x = + Format.printf "%s: %s\n%!" s (repr_to_string x) ; + ret unit + let get_result : 'a repr t -> 'a Input.t = fun m -> let s, r = m init_state in diff --git a/src/lib_plonk/test/helpers.ml b/src/lib_plonk/test/helpers.ml index b06fc2470083..573ce403b34d 100644 --- a/src/lib_plonk/test/helpers.ml +++ b/src/lib_plonk/test/helpers.ml @@ -474,6 +474,16 @@ module Plompiler_Helpers = struct info.name Array.(concat cs.cs |> length) ; + let res = LibResult.get_result (result ()) in + let serialized_res = LibResult.serialize res in + let out_size = Array.length serialized_res in + let trace_out = + Array.sub + private_inputs + (Array.length private_inputs - out_size) + out_size + in + assert (CS.sat cs.cs cs.tables private_inputs) ; let cs, private_inputs = if optimize then ( @@ -493,15 +503,6 @@ module Plompiler_Helpers = struct Plompiler.Utils.dump_label_traces (info.name ^ "_opt_flamegraph") cs.cs ; - let res = LibResult.get_result (result ()) in - let serialized_res = LibResult.serialize res in - let out_size = Array.length serialized_res in - let trace_out = - Array.sub - private_inputs - (Array.length private_inputs - out_size) - out_size - in (* Compare values obtained from Result and Circuit interpreters *) assert (Array.for_all2 S.( = ) serialized_res trace_out) ; match plonk with -- GitLab From 37423171f7f0226117dd647834c0e0beca4dc16e Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Tue, 30 May 2023 17:54:22 +0200 Subject: [PATCH 19/21] Plompiler/Optimizer: fix stack overflow --- src/lib_plompiler/optimizer.ml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib_plompiler/optimizer.ml b/src/lib_plompiler/optimizer.ml index 12b279c96e2a..71872ea7885e 100644 --- a/src/lib_plompiler/optimizer.ml +++ b/src/lib_plompiler/optimizer.ml @@ -725,7 +725,8 @@ let inline_renamings ~nb_inputs ~range_checked gates = IMap.filter ( <> ) renaming |> IMap.bindings |> List.map fst in let rename i = Option.value ~default:i @@ IMap.find_opt i renaming in - (List.map (CS.rename_wires ~rename) gates, free_wires) + let map f l = (* avoid stack overflows *) List.rev_map f l |> List.rev in + (map (CS.rename_wires ~rename) gates, free_wires) (* We remove all constraints of the form [a * x - a * x = 0], which may be the result of having renamed some variables *) -- GitLab From f95d754aee815b7f72c364b2acba78a169d4fc23 Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Thu, 27 Apr 2023 14:28:28 +0100 Subject: [PATCH 20/21] Plompiler: add SHA256 Co-authored-by: Raphael Toledo --- manifest/main.ml | 1 + src/lib_plompiler/gadget_sha2.ml | 340 ++++++++++++++++++ src/lib_plompiler/plompiler.ml | 1 + src/lib_plompiler/sha2_variants.ml | 326 +++++++++++++++++ src/lib_plonk/test_plompiler/dune | 1 + src/lib_plonk/test_plompiler/main.ml | 1 + .../test_plompiler/test-quick.expected | 60 ++++ src/lib_plonk/test_plompiler/test_sha2.ml | 254 +++++++++++++ 8 files changed, 984 insertions(+) create mode 100644 src/lib_plompiler/gadget_sha2.ml create mode 100644 src/lib_plompiler/sha2_variants.ml create mode 100644 src/lib_plonk/test_plompiler/test_sha2.ml diff --git a/manifest/main.ml b/manifest/main.ml index d995491db3e9..e33a3779499c 100644 --- a/manifest/main.ml +++ b/manifest/main.ml @@ -1446,6 +1446,7 @@ let _octez_plonk_test_plompiler_main = "main"; "test_anemoi"; "test_blake"; + "test_sha2"; "test_core"; "test_edwards"; "test_encoding"; diff --git a/src/lib_plompiler/gadget_sha2.ml b/src/lib_plompiler/gadget_sha2.ml new file mode 100644 index 000000000000..e906a2ea3421 --- /dev/null +++ b/src/lib_plompiler/gadget_sha2.ml @@ -0,0 +1,340 @@ +(*****************************************************************************) +(* *) +(* MIT License *) +(* Copyright (c) 2023 Nomadic Labs *) +(* *) +(* Permission is hereby granted, free of charge, to any person obtaining a *) +(* copy of this software and associated documentation files (the "Software"),*) +(* to deal in the Software without restriction, including without limitation *) +(* the rights to use, copy, modify, merge, publish, distribute, sublicense, *) +(* and/or sell copies of the Software, and to permit persons to whom the *) +(* Software is furnished to do so, subject to the following conditions: *) +(* *) +(* The above copyright notice and this permission notice shall be included *) +(* in all copies or substantial portions of the Software. *) +(* *) +(* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR*) +(* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, *) +(* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL *) +(* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER*) +(* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING *) +(* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER *) +(* DEALINGS IN THE SOFTWARE. *) +(* *) +(*****************************************************************************) + +open Lang_stdlib +open Sha2_variants + +(** Gadget implementing SHA2. + Specification can be found at + https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf + + Precious test vectors can be found at + https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values + under "Secure hashing". + *) + +(* This file was partially generalized to handle more variants of SHA2, in + reality only SHA256 is properly tested, so there are probably some SHA256 + constants lurking around. *) + +module MAKE (V : VARIANT) = +functor + (L : LIB) + -> + struct + open L + + (* Utils *) + let split_exactly array size_chunk nb_chunks = + assert (Bytes.length array = size_chunk * nb_chunks) ; + let res = + List.init nb_chunks (fun i -> + let array = Array.of_list (of_list array) in + let array = Array.sub array (i * size_chunk) size_chunk in + to_list (Array.to_list array)) + in + Array.of_list (List.rev res) + + let debug_toggle = false + + let debug_array s a = + if debug_toggle then debug s unit >* iterM (debug "") (Array.to_list a) + else ret unit + + (* Section 4.1.2 + use six logical functions, where each function operates on 32-bit words, + which are represented as x, y, and z. The result of each function is a + new 32-bit word. *) + + (* Ch(x, y, z) = (x && y) XOR ( !x && z) *) + let ch x y z = + with_label ~label:"Sha2.Ch" + @@ let* x_and_y = Bytes.band x y in + let* not_x = Bytes.not x in + let* not_x_and_z = Bytes.band not_x z in + let* res = Bytes.xor x_and_y not_x_and_z in + ret res + + (* Maj(x, y, z) = (x && y) XOR (x && z) XOR (y && z) *) + let maj x y z = + with_label ~label:"Sha2.Maj" + @@ let* x_and_y = Bytes.band x y in + let* x_and_z = Bytes.band x z in + let* y_and_z = Bytes.band y z in + let* tmp = Bytes.xor x_and_y x_and_z in + let* res = Bytes.xor tmp y_and_z in + ret res + + (* Sum_0(x) = ROTR^{c0}(x) XOR ROTR^{c1}(x) XOR ROTR^{c2}(x) *) + let sum_0 x = + with_label ~label:"Sha2.Sum0" + @@ + let x0 = Bytes.rotate_right x V.sum_constants.(0) in + let x1 = Bytes.rotate_right x V.sum_constants.(1) in + let x2 = Bytes.rotate_right x V.sum_constants.(2) in + let* tmp = Bytes.xor x0 x1 in + let* res = Bytes.xor tmp x2 in + ret res + + (* Sum_1(x) = ROTR^{c3}(x) XOR ROTR^{c4}(x) XOR ROTR^{c5}(x) *) + let sum_1 x = + with_label ~label:"Sha2.Sum1" + @@ + let x0 = Bytes.rotate_right x V.sum_constants.(3) in + let x1 = Bytes.rotate_right x V.sum_constants.(4) in + let x2 = Bytes.rotate_right x V.sum_constants.(5) in + let* tmp = Bytes.xor x0 x1 in + let* res = Bytes.xor tmp x2 in + ret res + + (* Sigma_0(x) = ROTR^{d0}(x) XOR ROTR^{d1}(x) XOR SHR^{d2}(x) *) + let sigma_0 x = + with_label ~label:"Sha2.Sigma0" + @@ + let x0 = Bytes.rotate_right x V.sigma_constants.(0) in + let x1 = Bytes.rotate_right x V.sigma_constants.(1) in + let* x2 = Bytes.shift_right x V.sigma_constants.(2) in + let* tmp = Bytes.xor x0 x1 in + let* res = Bytes.xor tmp x2 in + ret res + + (* Sigma_1(x) = ROTR^{d3}(x) XOR ROTR^{d4}(x) XOR SHR^{d5}(x) *) + let sigma_1 x = + with_label ~label:"Sha2.Sigma1" + @@ + let x0 = Bytes.rotate_right x V.sigma_constants.(3) in + let x1 = Bytes.rotate_right x V.sigma_constants.(4) in + let* x2 = Bytes.shift_right x V.sigma_constants.(5) in + let* tmp = Bytes.xor x0 x1 in + let* res = Bytes.xor tmp x2 in + ret res + + (* Section 4.2.2 constants *) + let ks : Bytes.bl repr array t = + with_label ~label:"Sha2.ks" + @@ let* a = + mapM + (fun s -> Bytes.constant @@ Utils.bytes_of_hex s) + (Array.to_list V.round_constants) + in + ret @@ Array.of_list a + + (* Section 5.3 *) + let initial_hash : Bytes.bl repr array t = + let* a = + mapM + (fun s -> Bytes.constant @@ Utils.bytes_of_hex s) + (Array.to_list V.init_hash) + in + ret @@ Array.of_list a + + (* Section 5.1.1 *) + let padding : Bytes.bl repr -> Bytes.bl repr t = + fun msg -> + with_label ~label:"Sha2.padding" + @@ + (* TODO generalize to other versions *) + let l = Bytes.length msg in + let k = + let k = (448 - (l + 1)) mod 512 in + if k > 0 then k else k + 512 + in + let* padding = + let bitlist = List.(init k (Fun.const false) @ [true]) in + Bytes.constant @@ Utils.of_bitlist bitlist + in + let* binary_l = + Z.of_int l |> Z.to_bits |> Stdlib.Bytes.of_string + |> Bytes.constant ~le:true + in + ret @@ Bytes.concat [|msg; padding; binary_l|] + + (* Section 5.2 *) + let parsing : Bytes.bl repr -> Bytes.bl repr array array = + fun msg -> + let nb_blocks = Bytes.length msg / V.block_size in + (* Split in blocks of V.block_size bits *) + let blocks = split_exactly msg V.block_size nb_blocks in + (* Split each block into 16 words of V.word_size bits *) + Array.map (fun block -> split_exactly block V.word_size 16) blocks + + (* Section 6.2.2 step 1 *) + let schedule : Bytes.bl repr array -> Bytes.bl repr array t = + fun message_block -> + assert (Array.length message_block = 16) ; + let ( + ) = Bytes.add in + with_label ~label:"Sha2.schedule" + @@ let* rest = + let* res = + mapM + (fun _ -> Bytes.constant Stdlib.Bytes.empty) + (List.init (V.loop_bound - 16) Fun.id) + in + ret @@ Array.of_list res + in + let ws = Array.append message_block rest in + let rec aux t = + if t = V.loop_bound then ret () + else + let* res = + let* tmp1 = + let* tmp = sigma_1 ws.(t - 2) in + tmp + ws.(t - 7) + in + let* tmp2 = + let* tmp = sigma_0 ws.(t - 15) in + tmp + ws.(t - 16) + in + tmp1 + tmp2 + in + ws.(t) <- res ; + aux (succ t) + in + let* () = aux 16 in + ret ws + + type vars = + Bytes.bl repr + * Bytes.bl repr + * Bytes.bl repr + * Bytes.bl repr + * Bytes.bl repr + * Bytes.bl repr + * Bytes.bl repr + * Bytes.bl repr + + let assign_variables : Bytes.bl repr array -> vars = + fun hs -> + let a = hs.(0) in + let b = hs.(1) in + let c = hs.(2) in + let d = hs.(3) in + let e = hs.(4) in + let f = hs.(5) in + let g = hs.(6) in + let h = hs.(7) in + (a, b, c, d, e, f, g, h) + + (* Section 6.2.2 step 3. *) + let step3_one_iteration t : vars -> Bytes.bl repr array -> vars t = + fun (a, b, c, d, e, f, g, h) ws -> + let ( + ) = Bytes.add in + with_label ~label:"Sha2.step3_one_iteration" + @@ let* ks in + let* t1 = + let* tmp_sum = sum_1 e in + let* tmp_ch = ch e f g in + + let* tmp = h + tmp_sum in + let* tmp = tmp + tmp_ch in + let* tmp = tmp + ks.(t) in + tmp + ws.(t) + in + let* t2 = + let* tmp_sum = sum_0 a in + let* tmp_maj = maj a b c in + tmp_sum + tmp_maj + in + let h = g in + let g = f in + let f = e in + let* e = d + t1 in + let d = c in + let c = b in + let b = a in + let* a = t1 + t2 in + ret (a, b, c, d, e, f, g, h) + + let step3 : vars -> L.Bytes.bl repr array -> vars t = + fun vars ws -> + with_label ~label:"Sha2.step3" + @@ + let rec aux acc t = + (let a, b, c, d, e, f, g, h = acc in + let tmp = [|a; b; c; d; e; f; g; h|] in + debug_array ("t" ^ string_of_int t) tmp) + >* + if t = V.loop_bound then ret acc + else + let* acc = step3_one_iteration t acc ws in + aux acc (t + 1) + in + aux vars 0 + + (* Section 6.2.2 step 4 *) + let compute_intermediate_hash : + vars -> Bytes.bl repr array -> Bytes.bl repr array t = + fun (a, b, c, d, e, f, g, h) hs -> + with_label ~label:"Sha2.compute_intermediate_hash" + @@ + let vars = [a; b; c; d; e; f; g; h] in + let hs = Array.to_list hs in + let* res = map2M Bytes.add vars hs in + ret @@ Array.of_list res + + let process_one_block : + L.Bytes.bl repr array -> + L.Bytes.bl repr array -> + L.Bytes.bl repr array t = + fun block hs -> + with_label ~label:"Sha2.process_one_block" + @@ let* ws = schedule block in + let vars = assign_variables hs in + let* vars = step3 vars ws in + compute_intermediate_hash vars hs + + let digest : Bytes.bl repr -> L.Bytes.bl repr t = + fun blocks -> + with_label ~label:"Sha2.digest" + @@ let* blocks = padding blocks in + let* _ = debug "padding" blocks in + let blocks = parsing blocks in + let* _ = debug_array "parsing" blocks.(0) in + let* initial_hash in + let rec process_blocks acc i = + let* _ = debug_array ("ih" ^ string_of_int i) acc in + if i = Array.length blocks then ret acc + else + let* acc = process_one_block blocks.(i) acc in + process_blocks acc (i + 1) + in + let* res = process_blocks initial_hash 0 in + let res = Array.sub res 0 V.digest_blocks in + ret @@ Bytes.concat res + end + +module type SHA2 = functor (L : LIB) -> sig + open L + + val digest : Bytes.bl repr -> Bytes.bl repr t +end + +module SHA224 : SHA2 = MAKE (Sha224) + +module SHA256 : SHA2 = MAKE (Sha256) + +module SHA384 : SHA2 = MAKE (Sha384) + +module SHA512 : SHA2 = MAKE (Sha512) diff --git a/src/lib_plompiler/plompiler.ml b/src/lib_plompiler/plompiler.ml index fb9500f31793..4ee7e4ce3d69 100644 --- a/src/lib_plompiler/plompiler.ml +++ b/src/lib_plompiler/plompiler.ml @@ -77,6 +77,7 @@ module Gadget = struct module Schnorr = Gadget_schnorr.Make (Mec.Curve.Jubjub.AffineEdwards) module Blake2s = Gadget_blake2s.Blake2s module ArithMod25519 = Gadget_mod_arith.ArithMod25519 + module Sha256 = Gadget_sha2.SHA256 end include Gadget diff --git a/src/lib_plompiler/sha2_variants.ml b/src/lib_plompiler/sha2_variants.ml new file mode 100644 index 000000000000..19c8bc799a59 --- /dev/null +++ b/src/lib_plompiler/sha2_variants.ml @@ -0,0 +1,326 @@ +(*****************************************************************************) +(* *) +(* MIT License *) +(* Copyright (c) 2022 Nomadic Labs *) +(* *) +(* Permission is hereby granted, free of charge, to any person obtaining a *) +(* copy of this software and associated documentation files (the "Software"),*) +(* to deal in the Software without restriction, including without limitation *) +(* the rights to use, copy, modify, merge, publish, distribute, sublicense, *) +(* and/or sell copies of the Software, and to permit persons to whom the *) +(* Software is furnished to do so, subject to the following conditions: *) +(* *) +(* The above copyright notice and this permission notice shall be included *) +(* in all copies or substantial portions of the Software. *) +(* *) +(* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR*) +(* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, *) +(* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL *) +(* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER*) +(* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING *) +(* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER *) +(* DEALINGS IN THE SOFTWARE. *) +(* *) +(*****************************************************************************) + +module type VARIANT = sig + val word_size : int + + val block_size : int + + val sum_constants : int array + + val sigma_constants : int array + + val round_constants : string array + + val init_hash : string array + + val loop_bound : int + + val digest_blocks : int +end + +let word_size_224_256 = 32 + +let word_size_384_512 = 64 + +let block_size_224_256 = 512 + +let block_size_384_512 = 1024 + +let sum_constants_224_256 = [|2; 13; 22; 6; 11; 25|] + +let sum_constants_384_512 = [|28; 34; 39; 14; 18; 41|] + +let sigma_constants_224_256 = [|7; 18; 3; 17; 19; 10|] + +let sigma_constants_384_512 = [|1; 8; 7; 19; 61; 6|] + +let round_constants_224_256 = + [| + "428a2f98"; + "71374491"; + "b5c0fbcf"; + "e9b5dba5"; + "3956c25b"; + "59f111f1"; + "923f82a4"; + "ab1c5ed5"; + "d807aa98"; + "12835b01"; + "243185be"; + "550c7dc3"; + "72be5d74"; + "80deb1fe"; + "9bdc06a7"; + "c19bf174"; + "e49b69c1"; + "efbe4786"; + "0fc19dc6"; + "240ca1cc"; + "2de92c6f"; + "4a7484aa"; + "5cb0a9dc"; + "76f988da"; + "983e5152"; + "a831c66d"; + "b00327c8"; + "bf597fc7"; + "c6e00bf3"; + "d5a79147"; + "06ca6351"; + "14292967"; + "27b70a85"; + "2e1b2138"; + "4d2c6dfc"; + "53380d13"; + "650a7354"; + "766a0abb"; + "81c2c92e"; + "92722c85"; + "a2bfe8a1"; + "a81a664b"; + "c24b8b70"; + "c76c51a3"; + "d192e819"; + "d6990624"; + "f40e3585"; + "106aa070"; + "19a4c116"; + "1e376c08"; + "2748774c"; + "34b0bcb5"; + "391c0cb3"; + "4ed8aa4a"; + "5b9cca4f"; + "682e6ff3"; + "748f82ee"; + "78a5636f"; + "84c87814"; + "8cc70208"; + "90befffa"; + "a4506ceb"; + "bef9a3f7"; + "c67178f2"; + |] + +let round_constants_384_512 = + [| + "428a2f98d728ae22"; + "7137449123ef65cd"; + "b5c0fbcfec4d3b2f"; + "e9b5dba58189dbbc"; + "3956c25bf348b538"; + "59f111f1b605d019"; + "923f82a4af194f9b"; + "ab1c5ed5da6d8118"; + "d807aa98a3030242"; + "12835b0145706fbe"; + "243185be4ee4b28c"; + "550c7dc3d5ffb4e2"; + "72be5d74f27b896f"; + "80deb1fe3b1696b1"; + "9bdc06a725c71235"; + "c19bf174cf692694"; + "e49b69c19ef14ad2"; + "efbe4786384f25e3"; + "0fc19dc68b8cd5b5"; + "240ca1cc77ac9c65"; + "2de92c6f592b0275"; + "4a7484aa6ea6e483"; + "5cb0a9dcbd41fbd4"; + "76f988da831153b5"; + "983e5152ee66dfab"; + "a831c66d2db43210"; + "b00327c898fb213f"; + "bf597fc7beef0ee4"; + "c6e00bf33da88fc2"; + "d5a79147930aa725"; + "06ca6351e003826f"; + "142929670a0e6e70"; + "27b70a8546d22ffc"; + "2e1b21385c26c926"; + "4d2c6dfc5ac42aed"; + "53380d139d95b3df"; + "650a73548baf63de"; + "766a0abb3c77b2a8"; + "81c2c92e47edaee6"; + "92722c851482353b"; + "a2bfe8a14cf10364"; + "a81a664bbc423001"; + "c24b8b70d0f89791"; + "c76c51a30654be30"; + "d192e819d6ef5218"; + "d69906245565a910"; + "f40e35855771202a"; + "106aa07032bbd1b8"; + "19a4c116b8d2d0c8"; + "1e376c085141ab53"; + "2748774cdf8eeb99"; + "34b0bcb5e19b48a8"; + "391c0cb3c5c95a63"; + "4ed8aa4ae3418acb"; + "5b9cca4f7763e373"; + "682e6ff3d6b2b8a3"; + "748f82ee5defb2fc"; + "78a5636f43172f60"; + "84c87814a1f0ab72"; + "8cc702081a6439ec"; + "90befffa23631e28"; + "a4506cebde82bde9"; + "bef9a3f7b2c67915"; + "c67178f2e372532b"; + "ca273eceea26619c"; + "d186b8c721c0c207"; + "eada7dd6cde0eb1e"; + "f57d4f7fee6ed178"; + "06f067aa72176fba"; + "0a637dc5a2c898a6"; + "113f9804bef90dae"; + "1b710b35131c471b"; + "28db77f523047d84"; + "32caab7b40c72493"; + "3c9ebe0a15c9bebc"; + "431d67c49c100d4c"; + "4cc5d4becb3e42b6"; + "597f299cfc657e2a"; + "5fcb6fab3ad6faec"; + "6c44198c4a475817"; + |] + +let loop_bound_224_256 = 64 + +let loop_bound_384_512 = 80 + +module Sha224 : VARIANT = struct + let word_size = word_size_224_256 + + let block_size = word_size_224_256 + + let sum_constants = sum_constants_224_256 + + let sigma_constants = sigma_constants_224_256 + + let round_constants = round_constants_224_256 + + let init_hash = + [| + "c1059ed8"; + "367cd507"; + "3070dd17"; + "f70e5939"; + "ffc00b31"; + "68581511"; + "64f98fa7"; + "befa4fa4"; + |] + + let loop_bound = loop_bound_224_256 + + let digest_blocks = 7 +end + +module Sha256 : VARIANT = struct + let word_size = word_size_224_256 + + let block_size = block_size_224_256 + + let sum_constants = sum_constants_224_256 + + let sigma_constants = sigma_constants_224_256 + + let round_constants = round_constants_224_256 + + let init_hash = + [| + "6a09e667"; + "bb67ae85"; + "3c6ef372"; + "a54ff53a"; + "510e527f"; + "9b05688c"; + "1f83d9ab"; + "5be0cd19"; + |] + + let loop_bound = loop_bound_224_256 + + let digest_blocks = 8 +end + +module Sha384 : VARIANT = struct + let word_size = word_size_384_512 + + let block_size = block_size_384_512 + + let sum_constants = sum_constants_384_512 + + let sigma_constants = sigma_constants_384_512 + + let round_constants = round_constants_384_512 + + let init_hash = + [| + "cbbb9d5dc1059ed8"; + "629a292a367cd507"; + "9159015a3070dd17"; + "152fecd8f70e5939"; + "67332667ffc00b31"; + "8eb44a8768581511"; + "db0c2e0d64f98fa7"; + "47b5481dbefa4fa4"; + |] + + let loop_bound = loop_bound_384_512 + + let digest_blocks = 6 +end + +module Sha512 : VARIANT = struct + let word_size = word_size_384_512 + + let block_size = block_size_384_512 + + let sum_constants = sum_constants_384_512 + + let sigma_constants = sigma_constants_384_512 + + let round_constants = round_constants_384_512 + + let init_hash = + [| + "6a09e667f3bcc908"; + "bb67ae8584caa73b"; + "3c6ef372fe94f82b"; + "a54ff53a5f1d36f1"; + "510e527fade682d1"; + "9b05688c2b3e6c1f"; + "1f83d9abfb41bd6b"; + "5be0cd19137e2179"; + |] + + let loop_bound = loop_bound_384_512 + + let digest_blocks = 8 +end diff --git a/src/lib_plonk/test_plompiler/dune b/src/lib_plonk/test_plompiler/dune index 36183739ba07..b0abecfc1bd6 100644 --- a/src/lib_plonk/test_plompiler/dune +++ b/src/lib_plonk/test_plompiler/dune @@ -19,6 +19,7 @@ main test_anemoi test_blake + test_sha2 test_core test_edwards test_encoding diff --git a/src/lib_plonk/test_plompiler/main.ml b/src/lib_plonk/test_plompiler/main.ml index 540f52e49264..dfc20ae7ffba 100644 --- a/src/lib_plonk/test_plompiler/main.ml +++ b/src/lib_plonk/test_plompiler/main.ml @@ -35,6 +35,7 @@ let () = ("Core", Test_core.tests); ("Blake", Test_blake.tests); ("Poseidon", Test_poseidon.tests); + ("Sha2", Test_sha2.tests); ("Anemoi", Test_anemoi.tests); ("Enum", Test_enum.tests); ("Schnorr", Test_schnorr.tests); diff --git a/src/lib_plonk/test_plompiler/test-quick.expected b/src/lib_plonk/test_plompiler/test-quick.expected index 686cd3835367..27c587bf7a30 100644 --- a/src/lib_plonk/test_plompiler/test-quick.expected +++ b/src/lib_plonk/test_plompiler/test-quick.expected @@ -1768,6 +1768,66 @@ Constraints: 1215 Poseidon.test_poseidon.fixed_length_optimized: Constraints: 373 +SHA256.test_ch: +Constraints: 72 + +SHA256.test_ch_optimized: +Constraints: 56 + +SHA256.test_maj: +Constraints: 80 + +SHA256.test_maj_optimized: +Constraints: 56 + +SHA256.test_sigma0: +Constraints: 161 + +SHA256.test_sigma0_optimized: +Constraints: 97 + +SHA256.test_sigma1: +Constraints: 161 + +SHA256.test_sigma1_optimized: +Constraints: 97 + +SHA256.test_sum0: +Constraints: 160 + +SHA256.test_sum0_optimized: +Constraints: 96 + +SHA256.test_sum1: +Constraints: 160 + +SHA256.test_sum1_optimized: +Constraints: 96 + +SHA256.test_padding: +Constraints: 1536 + +SHA256.test_padding_optimized: +Constraints: 536 + +SHA256.test_initial_hash: +Constraints: 320 + +SHA256.test_initial_hash_optimized: +Constraints: 32 + +SHA256.test_digestabc: +Constraints: 259416 + +SHA256.test_digestabc_optimized: +Constraints: 130136 + +SHA256.test_digestabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq: +Constraints: 518064 + +SHA256.test_digestabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq_optimized: +Constraints: 259344 + Anemoi.test_round.valid: Constraints: 20 diff --git a/src/lib_plonk/test_plompiler/test_sha2.ml b/src/lib_plonk/test_plompiler/test_sha2.ml new file mode 100644 index 000000000000..4df0788d73e5 --- /dev/null +++ b/src/lib_plonk/test_plompiler/test_sha2.ml @@ -0,0 +1,254 @@ +(*****************************************************************************) +(* *) +(* MIT License *) +(* Copyright (c) 2023 Nomadic Labs *) +(* *) +(* Permission is hereby granted, free of charge, to any person obtaining a *) +(* copy of this software and associated documentation files (the "Software"),*) +(* to deal in the Software without restriction, including without limitation *) +(* the rights to use, copy, modify, merge, publish, distribute, sublicense, *) +(* and/or sell copies of the Software, and to permit persons to whom the *) +(* Software is furnished to do so, subject to the following conditions: *) +(* *) +(* The above copyright notice and this permission notice shall be included *) +(* in all copies or substantial portions of the Software. *) +(* *) +(* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR*) +(* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, *) +(* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL *) +(* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER*) +(* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING *) +(* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER *) +(* DEALINGS IN THE SOFTWARE. *) +(* *) +(*****************************************************************************) + +open Plompiler +open Plonk_test +module CS = Plonk.Circuit +open Helpers + +module Internal : Test = +functor + (L : LIB) + -> + struct + open L + open L.Bytes + + open Utils (L) + + module H = Plompiler__Gadget_sha2.MAKE (Plompiler__Sha2_variants.Sha256) (L) + + let bytes_of_hex = Plompiler.Utils.bytes_of_hex + + let test_ch a b c z () = + let* a = input ~kind:`Public a in + let* b = input b in + let* c = input c in + let* z = input z in + let* z' = H.ch a b c in + assert_equal z z' + + let tests_ch = + let i0 = input_bytes @@ bytes_of_hex "11" in + let i1 = input_bytes @@ bytes_of_hex "13" in + let i2 = input_bytes @@ bytes_of_hex "2A" in + let o = input_bytes @@ bytes_of_hex "3B" in + [ + test ~valid:true ~name:"SHA256.test_ch" @@ test_ch i0 i1 i2 o; + test ~valid:false ~name:"SHA256.test_ch" @@ test_ch i0 i1 i2 i2; + ] + + let test_maj a b c z () = + let* a = input ~kind:`Public a in + let* b = input b in + let* c = input c in + let* z = input z in + let* z' = H.maj a b c in + assert_equal z z' + + let tests_maj = + let i0 = input_bytes @@ bytes_of_hex "11" in + let i1 = input_bytes @@ bytes_of_hex "13" in + let i2 = input_bytes @@ bytes_of_hex "2A" in + let o = input_bytes @@ bytes_of_hex "13" in + [ + test ~valid:true ~name:"SHA256.test_maj" @@ test_maj i0 i1 i2 o; + test ~valid:false ~name:"SHA256.test_maj" @@ test_maj i0 i1 i2 i2; + ] + + let test_sigma0 a z () = + let* a = input ~kind:`Public a in + let* z = input z in + let* z' = H.sigma_0 a in + assert_equal z z' + + let tests_sigma0 = + let i = input_bytes @@ bytes_of_hex "0000002A" in + let o = input_bytes @@ bytes_of_hex "540A8005" in + [ + test ~valid:true ~name:"SHA256.test_sigma0" @@ test_sigma0 i o; + test ~valid:false ~name:"SHA256.test_sigma0" @@ test_sigma0 i i; + ] + + let test_sigma1 a z () = + let* a = input ~kind:`Public a in + let* z = input z in + let* z' = H.sigma_1 a in + assert_equal z z' + + let tests_sigma1 = + let i = input_bytes @@ bytes_of_hex "0000002A" in + let o = input_bytes @@ bytes_of_hex "00104000" in + [ + test ~valid:true ~name:"SHA256.test_sigma1" @@ test_sigma1 i o; + test ~valid:false ~name:"SHA256.test_sigma1" @@ test_sigma1 i i; + ] + + let test_sum0 a z () = + let* a = input ~kind:`Public a in + let* z = input z in + let* z' = H.sum_0 a in + assert_equal z z' + + let tests_sum0 = + let i = input_bytes @@ bytes_of_hex "00000001" in + let o = input_bytes @@ bytes_of_hex "40080400" in + [ + test ~valid:true ~name:"SHA256.test_sum0" @@ test_sum0 i o; + test ~valid:false ~name:"SHA256.test_sum0" @@ test_sum0 i i; + ] + + let test_sum1 a z () = + let* a = input ~kind:`Public a in + let* z = input z in + let* z' = H.sum_1 a in + assert_equal z z' + + let tests_sum1 = + let i = input_bytes @@ bytes_of_hex "00000001" in + let o = input_bytes @@ bytes_of_hex "04200080" in + [ + test ~valid:true ~name:"SHA256.test_sum1" @@ test_sum1 i o; + test ~valid:false ~name:"SHA256.test_sum1" @@ test_sum1 i i; + ] + + let test_padding i o () = + let* i = input ~kind:`Public i in + let* o = input o in + let* o' = H.padding i in + assert_equal o o' + + (* Example from the spec https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf + section 5.1.1 *) + let tests_padding = + let abc = Stdlib.Bytes.of_string "abc" in + let padding = + Stdlib.Bytes.( + concat + empty + (of_string "\128" :: List.init 52 (fun _ -> of_string "\000"))) + in + let length_bites = + let res = Stdlib.Bytes.create 8 in + Stdlib.Bytes.set_int64_be res 0 24L ; + res + in + let output_bytes = + Stdlib.Bytes.(concat empty [abc; padding; length_bites]) + in + assert (Stdlib.Bytes.length output_bytes = 512 / 8) ; + let i = input_bytes abc in + let o = input_bytes output_bytes in + [test ~valid:true ~name:"SHA256.test_padding" @@ test_padding i o] + + let test_initial_hash i o () = + let* o = input o in + let* ih = H.initial_hash in + assert_equal o ih.(i) + + let tests_initial_hash = + let o = input_bytes @@ bytes_of_hex "6A09E667" in + [ + test ~valid:true ~name:"SHA256.test_initial_hash" + @@ test_initial_hash 0 o; + ] + + let tests = + tests_ch @ tests_maj @ tests_sigma0 @ tests_sigma1 @ tests_sum0 + @ tests_sum1 @ tests_padding @ tests_initial_hash + end + +module External : Test = +functor + (L : LIB) + -> + struct + open L + open Bytes + + open Utils (L) + + module H = Plompiler.Gadget.Sha256 (L) + + let bytes_of_hex = Plompiler.Utils.bytes_of_hex + + let test_digest i o () = + let* i = input ~kind:`Public i in + let* o = input o in + let* o' = H.digest i in + assert_equal o o' + + let tests_digest = + List.map + (fun (i, o) -> + let name = "SHA256.test_digest" ^ i in + let i = input_bytes @@ Stdlib.Bytes.of_string i in + let o = input_bytes @@ bytes_of_hex (String.concat "" o) in + test ~valid:true ~name ~flamegraph:true @@ test_digest i o) + [ + ( "abc", + [ + "BA7816BF"; + "8F01CFEA"; + "414140DE"; + "5DAE2223"; + "B00361A3"; + "96177A9C"; + "B410FF61"; + "F20015AD"; + ] ); + ( "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + [ + "248D6A61"; + "D20638B8"; + "E5C02693"; + "0C3E6039"; + "A33CE459"; + "64FF2167"; + "F6ECEDD4"; + "19DB06C1"; + ] ); + ] + + let tests = tests_digest + end + +let tests = + let both = + [ + ("Internal", (module Internal : Test)); + ("External", (module External : Test)); + ] + in + (* This test uses plonk and it is marked quick so that it + is always run by the CI *) + List.map (fun (name, m) -> Alcotest.test_case name `Quick (to_test m)) both + @ List.map + (fun (name, m) -> + Alcotest.test_case + (name ^ " plonk") + `Slow + (to_test ~plonk:(module Plonk.Main_protocol) m)) + both -- GitLab From 7e33e7c864c66fa3c722d7a790c68cb396e2b514 Mon Sep 17 00:00:00 2001 From: Marco Stronati Date: Fri, 2 Jun 2023 15:30:09 +0200 Subject: [PATCH 21/21] Plompiler: slow regressions --- src/lib_plonk/test/test-slow.expected | 8 +- .../test_plompiler/test-slow.expected | 1270 ++++++++++++++++- 2 files changed, 1260 insertions(+), 18 deletions(-) diff --git a/src/lib_plonk/test/test-slow.expected b/src/lib_plonk/test/test-slow.expected index 218536415770..4cc6b9337b8d 100644 --- a/src/lib_plonk/test/test-slow.expected +++ b/src/lib_plonk/test/test-slow.expected @@ -594,7 +594,7 @@ Verifier_pp hash: 241df7b1925b2c3951bf8667fe799939d4d216d0797e4063c29bd7e124e13a zk-KZG.big_circuit.2.16: Proof size: 2.42 KB -Proof hash: 9f4d65c3e9e49134a140774af1e0d008adefd67c8204acb290cba68e19ccae96 +Proof hash: f5f3a1b2eee6e4e71969144bcfe0ecc2a7daedd0ec91380cdefbaa4a5a5ef9d6 Prover_pp hash: 92cd5c5f752a559ec1f4c7e172116dbaee3ec46ec41c12afc19fca18a95c77d1 Verifier_pp hash: 241df7b1925b2c3951bf8667fe799939d4d216d0797e4063c29bd7e124e13a8f @@ -606,7 +606,7 @@ Verifier_pp hash: 241df7b1925b2c3951bf8667fe799939d4d216d0797e4063c29bd7e124e13a zk-KZG.big_circuit.2.16: Proof size: 2.42 KB -Proof hash: 212fc3c4401bb0273a6948910ad72002a013b915be02759d5ff49e0e26dedec8 +Proof hash: e2ed8a9c47ff91249d8bc7d13584a2df98d91b03071041f92e115841fb1eb4e8 Prover_pp hash: 92cd5c5f752a559ec1f4c7e172116dbaee3ec46ec41c12afc19fca18a95c77d1 Verifier_pp hash: 241df7b1925b2c3951bf8667fe799939d4d216d0797e4063c29bd7e124e13a8f @@ -618,7 +618,7 @@ Verifier_pp hash: 1d4cc220c775d0567ae74b7fc0a5d4fae6c20285421922887d1553381c8144 zk-KZG_Pack.big_circuit.2.16: Proof size: 8.65 KB -Proof hash: d3c10271377edb0a585d1d4bc5d120c324fa6a072f85930967e7273a689590ef +Proof hash: 29fa9ac600dcc1b1235d79f9da6305de5e266960de8f06eeea562f754d74eec0 Prover_pp hash: db3383f03b9b080040fdcb3deb64db55f726904ff6ea1f2fd7ee5cf3ac720bee Verifier_pp hash: 1d4cc220c775d0567ae74b7fc0a5d4fae6c20285421922887d1553381c814429 @@ -630,7 +630,7 @@ Verifier_pp hash: 1d4cc220c775d0567ae74b7fc0a5d4fae6c20285421922887d1553381c8144 zk-KZG_Pack.big_circuit.2.16: Proof size: 8.65 KB -Proof hash: b9f12d01fa9f1b3740fd8b09554d1eba564d2a52ead8ae40aabf06b9ccb481ec +Proof hash: 67f21fa0bdf720e4fbe8caaa78a52ec7080c7917de0b00836bb27f52bf650536 Prover_pp hash: db3383f03b9b080040fdcb3deb64db55f726904ff6ea1f2fd7ee5cf3ac720bee Verifier_pp hash: 1d4cc220c775d0567ae74b7fc0a5d4fae6c20285421922887d1553381c814429 diff --git a/src/lib_plonk/test_plompiler/test-slow.expected b/src/lib_plonk/test_plompiler/test-slow.expected index 658cf99bd393..1ab41ee9d702 100644 --- a/src/lib_plonk/test_plompiler/test-slow.expected +++ b/src/lib_plonk/test_plompiler/test-slow.expected @@ -1132,6 +1132,12 @@ Constraints: 160 Bytes.blake_optimized: Constraints: 96 +Bytes.test_concat: +Constraints: 48 + +Bytes.test_concat_optimized: +Constraints: 32 + Bytes.test_ifthenelse: Constraints: 41 @@ -1144,6 +1150,192 @@ Constraints: 41 Bytes.test_ifthenelse_optimized: Constraints: 32 +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + Bytes.test_rotate_right: Constraints: 24 @@ -1324,6 +1516,168 @@ Constraints: 72 Bytes.test_rotate_right_optimized: Constraints: 48 +Bytes.test_not: +Constraints: 32 + +Bytes.test_not_optimized: +Constraints: 16 + +Bytes.test_not: +Constraints: 32 + +Bytes.test_not_optimized: +Constraints: 16 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + Num.test_add: Constraints: 2 @@ -2632,6 +2986,18 @@ Proof hash: 90273d8d7d5813ec1677634b4b412d11ac5f95300ad12ff0e95ea5eb869ba9b0 Prover_pp hash: 605fcb5329a15fbece0a8740e42e0ea149fece9d85a91fe88ae58e764aa18dc4 Verifier_pp hash: ab39e56db943fa2365fae10732288602ad673e2cb0dbfe2a452419f51f0a0654 +Bytes.test_concat: +Constraints: 48 + +Bytes.test_concat_optimized: +Constraints: 32 + +Bytes.test_concat: +Proof size: 2.04 KB +Proof hash: a8353a9ea4558cc18ec45f3494c59d638fe1bddd7895496291e620a451b1d6da +Prover_pp hash: 8640ff5d049a9600a668880dcbabb9ffcb7d535e6237524176f464784929a389 +Verifier_pp hash: 59d07328c37e244455c3d280b86dda90a43a9018727fa3a54f35c69ea86ffd03 + Bytes.test_ifthenelse: Constraints: 41 @@ -2656,29 +3022,401 @@ Proof hash: 5bd635df25e274a9e9fc4d05824de36c191dd484f558b7f55df0c767ed152d9c Prover_pp hash: 7e1bf30a9efca7516bd2b9085f378531c5cde7925cb05d358726239c3f972890 Verifier_pp hash: fc60e6c53d0781886ea097141c49745afa63e10c3f0ecf47452eece0a8438a4b -Bytes.test_rotate_right: +Bytes.test_rotate_left: Constraints: 24 -Bytes.test_rotate_right_optimized: +Bytes.test_rotate_left_optimized: Constraints: 16 -Bytes.test_rotate_right: -Proof size: 2.19 KB -Proof hash: 0a83800a71cfb1dddc7ca560da2b52cce8d2e44f82bf422bbd80961ef487d049 -Prover_pp hash: 9cdf2c659d98acf4d640a5418800c572c09ab2dda05e1ad8b93e351481b2ef38 -Verifier_pp hash: 6f80833ab9690412b0c46840f2dbdd5f4213e345aa2cac9e646522b441a4a97d +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: fb5fb51cde4141529a5b5dc84489a56c7d41c7f8b8329ac627858885be6c26ce +Prover_pp hash: 7c0bbd35ade3a761d8dc963fb0881e53aef3cb598ce4196860f62335cef654b0 +Verifier_pp hash: 6867485b8e1d3617916326b8b81dd2184e4312f7a929f1e00bb7928cf17b896a -Bytes.test_rotate_right: +Bytes.test_rotate_left: Constraints: 24 -Bytes.test_rotate_right_optimized: +Bytes.test_rotate_left_optimized: Constraints: 16 -Bytes.test_rotate_right: -Proof size: 2.19 KB -Proof hash: 6dd266ee641e8a2c006242c213ee1ba7984159ce9cd70b274380d2ffad128b72 -Prover_pp hash: e021584dbc5447d2f0c20641d625ad15ab207d7e6a6b9a2fd65ecde1a8004dbc -Verifier_pp hash: dc4cfad4602f0ebeba68ed4b8e8d4cac61dd1988a7cf2d766da868b4b389a087 +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 687d5f70ee25b01d2d6ed9c09df3b99fbfc702bd5c75787334b74d614ea09936 +Prover_pp hash: 7e009cfdf8430c96dbd9e38aa3ca78dc0ed8aa1a3b0b465350b352c9a0825096 +Verifier_pp hash: 13dceb5ef2c06af575728c80e3f00cc3e59d8ed3a8c0748ea6998e1c97cb4f74 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 2a90ec46cb53a24569fe72186e03ffe18b74a61a90194ceca9c083befa370866 +Prover_pp hash: 92eab7537bf298be30108ca891ed94ebfbb552c73a47c460b0a47ac386d42080 +Verifier_pp hash: 9d463c75d4e94f86ebf0e805e349d46155bf614373d0ac2f7b4f1fab98628d3a + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 3cf658da203aa6fa3f11dd0bec8bf55d62119a25be4f1ab5e3ca55b655d8fe2d +Prover_pp hash: d817e64ad69193823d9ac284853ac0b2b369a79e23921d2393e68042cc62f061 +Verifier_pp hash: ad801b078ed57eab7e65b315e50bdc9fee88d4833d8cdc830e5c224aece4ea78 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 14afe320b4b8f914a7910113e6a2dc5ab419a93f36e02d5bbcffc7818c06a215 +Prover_pp hash: f04754a0c3c5ad45c859eb938415c608cc9bbca344c8cdddce488fc979c4bfe4 +Verifier_pp hash: 1094f1eaf293d02e6ac4a7b685027d57b3ca998ec104d34ad1d4fed10adf0d3d + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 71973f51d73e106c9f6b41126cd2028a7e3bbab7738e728383725c946cc36a77 +Prover_pp hash: 4f92ed1e0726da2d370ec7b2ff2880e7fa50de1d73a72168d74f21f4e283968d +Verifier_pp hash: bc9aa9ef2358f904a4e5d2e5b4e40415eac161c462ac622fda41f73fd1486bf8 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: dda98bb3e17b69816ac6f6d629c412a1e54a049af2ef38c03a636b14e9c9d103 +Prover_pp hash: 2fa9ec9c745bd244fe3e026187b9efe413cd12200c49601b976eff4205b00252 +Verifier_pp hash: 0c1204d444bc928f6b4ca9026021db089f8f444e042b2431a9d8015d8f98b125 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 898127538e1bc964b440094ff84e7bf5ae454be208304fb300b2c5a4f57876a2 +Prover_pp hash: ea0ec168597988338f2afe51b60ed4845c0bc577b57b888b9ad8c76745a85734 +Verifier_pp hash: 89115910e76019705b946db7393f6b7b15f75bbbd51998e9be999d66e75fd970 + +Bytes.test_rotate_left: +Constraints: 24 + +Bytes.test_rotate_left_optimized: +Constraints: 16 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: fb5fb51cde4141529a5b5dc84489a56c7d41c7f8b8329ac627858885be6c26ce +Prover_pp hash: 7c0bbd35ade3a761d8dc963fb0881e53aef3cb598ce4196860f62335cef654b0 +Verifier_pp hash: 6867485b8e1d3617916326b8b81dd2184e4312f7a929f1e00bb7928cf17b896a + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: f8d4bdfd099edbc56656761709ae30abdfac8285a87360374d36a598da779adf +Prover_pp hash: 2f0d0c451c20795e00a7a92d0705b6fbb5e1e1c72f37baa7b35248f7dee77d9a +Verifier_pp hash: 03b8d4c79ba479dd6125ff4d7d828a41b3f11ded6eb87915f4d5f1df1b01da72 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 0614a725f54afa5f2e9052d15247de8e055855c3ee22f9b66efabaa696d59b2b +Prover_pp hash: 9a37945f904263b1f8ffdb3237c56892899e7332bd696af3a84bdc54908562fa +Verifier_pp hash: 2281a1adfbe8ce782485f92cc406d9bfc36654aeafb4d8d2373623402f358090 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 3790abdd28af62cbe187e4ac93209c6c3169528722a73ea024796e2e209bce80 +Prover_pp hash: 0a92b79403b8d6fa45417373fb1b0a4ccd3472727028b728386c9d67c4f4838d +Verifier_pp hash: 6fb255e519c8c9778abfb48f3e4e8a13a4cdd1a9c9ede010cfb44858593c1204 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 1135e0b39bcacb2acdf38e580ce430cbf9f31e9a3a1a8f4acca35b9c29889559 +Prover_pp hash: 5a66bff89f6c525174a7921fc68b5e0aeb8e707036dbfb0f23d9f7ee33514515 +Verifier_pp hash: a3a4aef201a8b21e69f1c05df50c28d80741c67151c84be272d48209c2203735 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: a51b5a61dc7a093fbb1b2f6a93bf8368d196f12ad03cea66f098d649c8d513e6 +Prover_pp hash: 94ced95ceed1a09d45bac94465ce3c61becdd7b9615cfa8fcb9594396dc8e1f1 +Verifier_pp hash: a90b14b01e7cd14e447a4aaecff24138a476a706f6ddeb2c0e105abb3abd92cf + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 34d36893620f7c19427f6556a7b94ccb5d16a0f4252a32bb1dbf09ac18ba311b +Prover_pp hash: a65bbc74779d9fbcb7d9be03f7cc45be476b87b873c8b49f4bf82b2c94e8054e +Verifier_pp hash: ac5151d04e60970c6e19d12ece71732b5f7e1de2f675fbf3611764cac6041da9 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: bd064d7c421983c685245cea14b9440d55b3d6aa754b2bfc96d2c39703f835c0 +Prover_pp hash: 651db4f06a98326536dfbfd0667b2247baa2fe0c6e6e754af6d7876d3f2c6b50 +Verifier_pp hash: 38177c5492fe0cd50e4f9089ff25fb541338373f83d88ef897426d21151637e3 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 9e103ec32166f8b750466a0efa8e22fd540ee4ffc76ef950f527ebe805a023fa +Prover_pp hash: 4cc502ebea6ae3a5d33aa55e79fdc8d4a2befad4e4a5dd5205c3e321cbc385a9 +Verifier_pp hash: f61f6cfa63607e7ebf18737352bc0a9a8aecd290146cb681414c2b80fb6185c1 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 67ddb00bb4da528ea04c2889016e382f90e4f9245a8988b5ed03446b8f620c6c +Prover_pp hash: b717857366f9b655a7dd0a08fbdd3042c1804d48f566fa849d51cab04543b66c +Verifier_pp hash: 711de258a13bc9a2cae739b74f28830f776a8a18eff97b9464ff9127cc570387 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 4c9ef514eeebd4144b7abe40e99302acbee8f25ef1ee57d12a44674828c3ef7d +Prover_pp hash: 9a37945f904263b1f8ffdb3237c56892899e7332bd696af3a84bdc54908562fa +Verifier_pp hash: 2281a1adfbe8ce782485f92cc406d9bfc36654aeafb4d8d2373623402f358090 + +Bytes.test_rotate_left: +Constraints: 48 + +Bytes.test_rotate_left_optimized: +Constraints: 32 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 5a6649ee26650dc3f5dd0bc7436b3ed4d5ad37ebdd870f5745a3ca874ddeebc3 +Prover_pp hash: 9a37945f904263b1f8ffdb3237c56892899e7332bd696af3a84bdc54908562fa +Verifier_pp hash: 2281a1adfbe8ce782485f92cc406d9bfc36654aeafb4d8d2373623402f358090 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 91dd6ed4ef70d30ad70762544defafd941675b5159d07e6f3b12d8887368f17d +Prover_pp hash: 63158c91b701cacbbb46291a2932cf521edf596186f11a43163f367a58fb2234 +Verifier_pp hash: 28a61598b505381c2a0be09a2a1d9329b19c510ae833c1c6932f24f372b1a5d9 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 97c97b22d3220ee8a21cb726d7f7a964e4911e5cea8fdf1139284bc3ae8dd198 +Prover_pp hash: 69ad91b8457bfa9ff7a77ce42b91ceb159981a29f91970c6575e5d5045be9894 +Verifier_pp hash: 25595cae82052c12c8d43c28c280f649d540bfa8bef758bacd56b3c3525facc2 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 8b0e42c3c2ed9da485d24e26f9e43e7301e631eb07091c7e3a5b1f2a6fbd1e3b +Prover_pp hash: 5a466c9df9e1a0999da2306278bfb80b280442adc471b237c2f7a4a009ab508e +Verifier_pp hash: 41fbd05bb41ab092b8c5067c422a64fa6b318dee3e7011613ff47e5a6a383458 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: c7c36de433472fd79de4b041573023ffcc8221f17f9955dd21fbb50dd1807152 +Prover_pp hash: 179407f4b51ff0e1bf33cc2a78c095b34bf533a9464e3faa4cc1b2afd2d8112d +Verifier_pp hash: 11687baed376051f1cd628822d5bf22dd3cb8b82c0d786baaf265c2d7518641c + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 36d0d5ffee7da3e195da50d534e80e37d9b650fd37e6260e60ecf826e9c34fd5 +Prover_pp hash: 3a040bb8f936372a418f850a5a59f819110a0cfce9e0d02601d5786b858def24 +Verifier_pp hash: 71e22ba3b968a37bd0d4399f16206272f905ada99e3ff80ed5f9fcbbaf2963d9 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: f297d64368efc223bb2fe65d9759623cc198d13bbaca2fdd2215a6500c498712 +Prover_pp hash: e6c5be0092818e1845012543d3eba29c54473eba7061698e2662c0a46adfb3b0 +Verifier_pp hash: 73d22d434963aa3799916285fe730cfd4fa5e1d263024c4f653d2d0cec1cbc94 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: a73efda88e4a5b1b40e0f30832b1e244a41d9cc9fc42cdedb0b2c048ed9a369e +Prover_pp hash: 2b1be6708d45358569a3ee9687f1fdfd50f8258b538cd593d346ac5fbe20db59 +Verifier_pp hash: 15ca0a5935afb6ed0d3e7caad96d55addee8844ebbe5f15f8529b335eee2aa5c + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: dc6d1286934f79e89a66ac608b1f0d7891eb9556dfb84bf0c76c57d17eba7bcf +Prover_pp hash: ba8a4c047f7d2522037e1663f75745f4fdb4c7b5cb6e962086e925e552a02533 +Verifier_pp hash: 9bd2ae76946c3f134d22ce6b1b7d6b358f997d2c2fbfc9c40cd5a2e0723deffa + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 979b6103905f9639867f26d287929c1d227873c7bd4421abac2f5736246ccd34 +Prover_pp hash: c90f89489786d344552293b723279c2da60f02d33b530d495c0f1794ca20a6cb +Verifier_pp hash: 02f3a7b7956855f23a316cd23523dd878b30615a77fe9da810443432cdbc1315 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 9e376f7670eec253b13fec41722391a22755deb9595ea26dd252c98d238414e7 +Prover_pp hash: 69ad91b8457bfa9ff7a77ce42b91ceb159981a29f91970c6575e5d5045be9894 +Verifier_pp hash: 25595cae82052c12c8d43c28c280f649d540bfa8bef758bacd56b3c3525facc2 + +Bytes.test_rotate_left: +Constraints: 72 + +Bytes.test_rotate_left_optimized: +Constraints: 48 + +Bytes.test_rotate_left: +Proof size: 2.16 KB +Proof hash: 8a90546057a74064281856622f28cffafd808e952671359441c3c4bde4f9da0c +Prover_pp hash: 69ad91b8457bfa9ff7a77ce42b91ceb159981a29f91970c6575e5d5045be9894 +Verifier_pp hash: 25595cae82052c12c8d43c28c280f649d540bfa8bef758bacd56b3c3525facc2 + +Bytes.test_rotate_right: +Constraints: 24 + +Bytes.test_rotate_right_optimized: +Constraints: 16 + +Bytes.test_rotate_right: +Proof size: 2.19 KB +Proof hash: 0a83800a71cfb1dddc7ca560da2b52cce8d2e44f82bf422bbd80961ef487d049 +Prover_pp hash: 9cdf2c659d98acf4d640a5418800c572c09ab2dda05e1ad8b93e351481b2ef38 +Verifier_pp hash: 6f80833ab9690412b0c46840f2dbdd5f4213e345aa2cac9e646522b441a4a97d + +Bytes.test_rotate_right: +Constraints: 24 + +Bytes.test_rotate_right_optimized: +Constraints: 16 + +Bytes.test_rotate_right: +Proof size: 2.19 KB +Proof hash: 6dd266ee641e8a2c006242c213ee1ba7984159ce9cd70b274380d2ffad128b72 +Prover_pp hash: e021584dbc5447d2f0c20641d625ad15ab207d7e6a6b9a2fd65ecde1a8004dbc +Verifier_pp hash: dc4cfad4602f0ebeba68ed4b8e8d4cac61dd1988a7cf2d766da868b4b389a087 Bytes.test_rotate_right: Constraints: 24 @@ -3016,6 +3754,330 @@ Proof hash: a32ccf2664fff47fd9f36cdd5faf66612179f996ad2a21eacd22316179d11391 Prover_pp hash: 06582bef8b41bd1159b717445724571d28cc6e06bb2d35710c786508d3663c1c Verifier_pp hash: baf369ea5bf71bf95d70f4b486b65d55b66b2267438907c50c0158206d1936cd +Bytes.test_not: +Constraints: 32 + +Bytes.test_not_optimized: +Constraints: 16 + +Bytes.test_not: +Proof size: 2.02 KB +Proof hash: 8fbcebfc4f85fe4afea1ff76f7ea8ba4d81abadab4f434ddcfea9645846110d4 +Prover_pp hash: ef8e16a3be60cc89963071eb716424cf91c11d53f66ff5b9f234c08f79ee406f +Verifier_pp hash: 051691f0fd6bfc7481fe2e719da09b6710f3ef3eda42c0383d2fc7e080a70543 + +Bytes.test_not: +Constraints: 32 + +Bytes.test_not_optimized: +Constraints: 16 + +Bytes.test_not: +Proof size: 2.02 KB +Proof hash: 68c4ab0a98235495b6018ce9a86b4b582a78aeefef0861443ffa6870b2731830 +Prover_pp hash: ef8e16a3be60cc89963071eb716424cf91c11d53f66ff5b9f234c08f79ee406f +Verifier_pp hash: 051691f0fd6bfc7481fe2e719da09b6710f3ef3eda42c0383d2fc7e080a70543 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Proof size: 2.05 KB +Proof hash: d63f04df4c532eb72cab3e2a1482cb2bad209cd2c7e6872d8c6e7d1e19151561 +Prover_pp hash: 9905d2e0637a8146ff2e1a7d62b71233ce8c71202373d28d106a5a27c765170f +Verifier_pp hash: edc0919715ac70c978b5c120f552774b33b6c7bfcd315e46b78d123727e87675 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Proof size: 2.05 KB +Proof hash: e904079c906f79dd6b81df595db9e37e57bdb9b673398652fcfec9083956775d +Prover_pp hash: 9905d2e0637a8146ff2e1a7d62b71233ce8c71202373d28d106a5a27c765170f +Verifier_pp hash: edc0919715ac70c978b5c120f552774b33b6c7bfcd315e46b78d123727e87675 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Proof size: 2.05 KB +Proof hash: c8beac2e73a67a19c9cd1d408d55c9341fabd1d0f6f2e040301afe19aebc680a +Prover_pp hash: 9905d2e0637a8146ff2e1a7d62b71233ce8c71202373d28d106a5a27c765170f +Verifier_pp hash: edc0919715ac70c978b5c120f552774b33b6c7bfcd315e46b78d123727e87675 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Proof size: 2.05 KB +Proof hash: 54245e8d4147abd974a9bcd935f4134a11d7579a389ef74a1be5efaac12981dd +Prover_pp hash: 9905d2e0637a8146ff2e1a7d62b71233ce8c71202373d28d106a5a27c765170f +Verifier_pp hash: edc0919715ac70c978b5c120f552774b33b6c7bfcd315e46b78d123727e87675 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Proof size: 2.05 KB +Proof hash: f567d7aa82afece9a0141a85480a8b8894cae84c90e7c6ed7d9568afd69eea44 +Prover_pp hash: 9905d2e0637a8146ff2e1a7d62b71233ce8c71202373d28d106a5a27c765170f +Verifier_pp hash: edc0919715ac70c978b5c120f552774b33b6c7bfcd315e46b78d123727e87675 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Proof size: 2.05 KB +Proof hash: 6e1abd198500ff5db0b5d0030e8d8fc8299e0304c262d65854ca30d776cbde2a +Prover_pp hash: 9905d2e0637a8146ff2e1a7d62b71233ce8c71202373d28d106a5a27c765170f +Verifier_pp hash: edc0919715ac70c978b5c120f552774b33b6c7bfcd315e46b78d123727e87675 + +Bytes.test_band: +Constraints: 40 + +Bytes.test_band_optimized: +Constraints: 24 + +Bytes.test_band: +Proof size: 2.05 KB +Proof hash: c9699a6025acccd40c6f17812c9de6d7bdf97eb25b4d070d4944ffaf69ecded3 +Prover_pp hash: 9905d2e0637a8146ff2e1a7d62b71233ce8c71202373d28d106a5a27c765170f +Verifier_pp hash: edc0919715ac70c978b5c120f552774b33b6c7bfcd315e46b78d123727e87675 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Proof size: 2.14 KB +Proof hash: 530c787fbea989c755c81b94b6c1d27148bc25bfa59dbdfee7b227a77a57006a +Prover_pp hash: bb204add606ef06032e5ef3e6aa36aa9fc2fa7930cc0e728e648ba3af198d1a8 +Verifier_pp hash: 53beb51a6b0c31a131f88f40c0bbaf8e903da058f985fdc51be07523f719eb6a + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Proof size: 2.14 KB +Proof hash: 5278ebaed342524e68f2d8c68831d5926842010e9b74baa762bb36e600784e18 +Prover_pp hash: fbff544ff8cb28f2b917205bef3d2d9e030acb764399ecfa7cca44a0346d0bfb +Verifier_pp hash: 589adbbd448fa4bae64c9dd5dff1979bfbaf9f8b44d412d182e984864befd17a + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Proof size: 2.14 KB +Proof hash: bae83294756192f64dd71a8c9d72bcfc127c194d130ea447a48d38f65d51f8e4 +Prover_pp hash: 5e90a4e86634f9fc5f9e6d95786e60087b295996ba19fb53964fa09d84850bdb +Verifier_pp hash: dab9b5acb09b85cac7d003b850328f7f66746719960b3801a0ca3d5fc4b250d7 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Proof size: 2.14 KB +Proof hash: d1761a007da3131045b6f8adda2f67d8867a42cb30e4315f6719c46b2ec6c5fe +Prover_pp hash: 6e67bbda1a051c282a1f44652f19b56c53390aa3fd1b3c304cb73bd226322adf +Verifier_pp hash: 1c26947564f88c233b2e433cf9977a17aa5af2e5da741e2c6c2881a1b77a3239 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Proof size: 2.14 KB +Proof hash: 03306a0ef42ccd03224a42328f5722b6228b1366e967a8f5b6c4fd5d838bce4d +Prover_pp hash: 049f4730a02553340dcbc653eabe25242f6fa05ea876108dcca29d38b9f00f55 +Verifier_pp hash: 0668177691419e8b5d59da40185df4bfb7d0d53cf9b5143a3543552214df3b5d + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Proof size: 2.14 KB +Proof hash: 69987502daf679f74cb877089048b0f1197187d87794fb2dba77e6328106cded +Prover_pp hash: 43e0119eb839ea86fab4ef288b4900688c5e8396b62224cf0263f8f8e7c80887 +Verifier_pp hash: 12eb503d4360984d7d51aa359b3342fca0821d9fcaac067bcd4fc1f06f3d5ff6 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Proof size: 2.14 KB +Proof hash: d9c13d405885d06017a639b49b7f5a7040c4df16afaa678651c26040377e96d6 +Prover_pp hash: 17cb6f33e34318f9024bcf2384a72824f9f7d5efca00790544a765c627666af6 +Verifier_pp hash: 6a454247b3933b1def04a7078429e439a367f547f5fff5b4e72f2837b4895643 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Proof size: 2.14 KB +Proof hash: 16433608e7c9d382e0f9b35c6f704a789d5cc40e37050288bab4bd7ea33f8726 +Prover_pp hash: 7d41a0bd19a760fcc2e65abf00734a41d57b2c688a90c694845727bc9ee11349 +Verifier_pp hash: b49ef8da617acb448b01e3dc5453ba55ced1434883e282400612c321747801c1 + +Bytes.test_shift_left: +Constraints: 25 + +Bytes.test_shift_left_optimized: +Constraints: 16 + +Bytes.test_shift_left: +Proof size: 2.14 KB +Proof hash: ba3a3b01b01f50359f90b6f793c5e7ef5d15f59613b1dfabbf91ba3f82720288 +Prover_pp hash: 759e8ec32245dfb302fdc8c99720357216b2e5289934a0dc24e4506171965fd9 +Verifier_pp hash: de9b3a982849cdc2fa2c47b15a54c6cca867523d7b117c23c1576e6f46539783 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Proof size: 2.16 KB +Proof hash: d17a1abefb2de8aea090b437cb8a0c04f28e8f9ac20620074ce28d2e4433f7ec +Prover_pp hash: 3699e7668ed695b4d9302e05b16043008a4b85114e15f8b931bacc20f302261e +Verifier_pp hash: 63f66ddd5c18afeabf59a65ee92bebed148061246648b64aa332c3f0db9a2dbc + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Proof size: 2.16 KB +Proof hash: 7e41b54f3598b104fbe6e286a21b830d760cb11cb7e08656edc722f73d5ac385 +Prover_pp hash: 5a2325cffb52fabe2f76cf1c97c60a6156acd767dbefdffb928404ed176470f9 +Verifier_pp hash: cd48ebbb3c0c703c9f995df3d5774d4377f8ef7d56877e2b4943d82f681babf7 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Proof size: 2.16 KB +Proof hash: 6e0004da2aee0bd1ecaa6f8f8580b1bf4424959efaafc8d9f3607f739be8629a +Prover_pp hash: 35b13827697634401279b335947956df7aca9655d6a15fcf30c7c806f2d03211 +Verifier_pp hash: 9bc23f3a556c4519999bcb53f8379fb93f8741282ddbce41fce1646de716aa5a + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Proof size: 2.16 KB +Proof hash: 1d58543e06a2407f47afbe197399239eec81461f2e9bbdec0b3c05da7371fb86 +Prover_pp hash: 3f266b88f031a5937cca0f567be1d91aaed23454f4224add139c72cbfc423ba5 +Verifier_pp hash: 5b8df38f1bd6ecdba690ea84e7fb193f8b3d824c5ed3a0731aaa81b6797b1771 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Proof size: 2.16 KB +Proof hash: 4e5c018ac51539b816b2d7f7b9c9959aad0949bd7fee1e58754972b93b00a692 +Prover_pp hash: 87af6ad7db50f6ba248fc2d62b582a64ce8610b0c6b60b03f888c279f8e0b8c1 +Verifier_pp hash: e086c7132a63bbdbe4499f3834bb4399780631e403a314c46205b5ac5e6ce605 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Proof size: 2.16 KB +Proof hash: a4d1e2f0b2f7af5197d332b4c9c62c5c69a313b539572712f40c87229cd09804 +Prover_pp hash: 2e323b595140522abe0361558e5d780646a48972b69da763393fda45cdcc036b +Verifier_pp hash: dee00e41bd35924b93247b68e1b13dfbf10b841940987d4bed309ecc1ab2429a + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Proof size: 2.16 KB +Proof hash: bf47619c2ced5b881af3e67228f4e31b53b17ba96237f4dbec776a84e092a172 +Prover_pp hash: b2b729d723c3488d9c1f1af1c1d8104b667383afda06d58e07961c4ae5a05f5c +Verifier_pp hash: 66306d2ceb0573ff77977d7fa8299eb0257627ec0ec4528a98f2e313ced24c34 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Proof size: 2.16 KB +Proof hash: 04a1766ffc2ba473f0e9f82385d030eaa73913fe9846622e79da6f706f0f7df2 +Prover_pp hash: d661778f76b8973b9d421135d27a47c254331ad20d40f69a49d26b315f2d3bdd +Verifier_pp hash: 26ce4001b724516d33ef7cff343f98d8cb07c79f68d7c8c444851325c37c3578 + +Bytes.test_shift_right: +Constraints: 25 + +Bytes.test_shift_right_optimized: +Constraints: 16 + +Bytes.test_shift_right: +Proof size: 2.16 KB +Proof hash: c082e9a0235823d6d02e498a1b1f5f21719e53cde113ceb4a277eaea8cedb8b5 +Prover_pp hash: 4e9fdc89d4b6a6c74565860ae93365185db71fb0a411b2928527fa898765d45c +Verifier_pp hash: 3c7d67c299d703ff12388330285999b86e993504d85dd73995c47f839635d222 + Blake.test_mixing: Constraints: 2638 @@ -3286,6 +4348,186 @@ Proof hash: d4e67c9e3a8cd3b7bea784d119320bf0ebe4c6415327cb2a37bf4e0cde00770a Prover_pp hash: 6dff5c4fbf7987fb36eb497f046c8e3a4c265f0dcc1a24e5010884d994c36a02 Verifier_pp hash: 2597a0d42b7eaf73d51685426c7c1ee113263251a79679d7cf7dfdea42c42980 +SHA256.test_ch: +Constraints: 72 + +SHA256.test_ch_optimized: +Constraints: 56 + +SHA256.test_maj: +Constraints: 80 + +SHA256.test_maj_optimized: +Constraints: 56 + +SHA256.test_sigma0: +Constraints: 161 + +SHA256.test_sigma0_optimized: +Constraints: 97 + +SHA256.test_sigma1: +Constraints: 161 + +SHA256.test_sigma1_optimized: +Constraints: 97 + +SHA256.test_sum0: +Constraints: 160 + +SHA256.test_sum0_optimized: +Constraints: 96 + +SHA256.test_sum1: +Constraints: 160 + +SHA256.test_sum1_optimized: +Constraints: 96 + +SHA256.test_padding: +Constraints: 1536 + +SHA256.test_padding_optimized: +Constraints: 536 + +SHA256.test_initial_hash: +Constraints: 320 + +SHA256.test_initial_hash_optimized: +Constraints: 32 + +SHA256.test_digestabc: +Constraints: 259416 + +SHA256.test_digestabc_optimized: +Constraints: 130136 + +SHA256.test_digestabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq: +Constraints: 518064 + +SHA256.test_digestabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq_optimized: +Constraints: 259344 + +SHA256.test_ch: +Constraints: 72 + +SHA256.test_ch_optimized: +Constraints: 56 + +SHA256.test_ch: +Proof size: 2.12 KB +Proof hash: 1cc93873f837fb0e6d844d52ea74839dbeb10193382792c6898888b95344183f +Prover_pp hash: 55612358cfbf75640cb0851d4a601d9dfd3a93a9a9a7682130a65703d64a68d9 +Verifier_pp hash: 1c00e90e0cf641c1d10ad29979714c8820b0e02cbf2a3584271c9e6c181cda77 + +SHA256.test_maj: +Constraints: 80 + +SHA256.test_maj_optimized: +Constraints: 56 + +SHA256.test_maj: +Proof size: 2.10 KB +Proof hash: 4938f20b4b7eb67c132769ddc3c644b5ff674e64a2d0df094ef7d54f2b7ce8e4 +Prover_pp hash: bf3eb755db0ef5bc3ce6fc09f8f0c2b3888d2b526ebbcea272445afe82f20dd6 +Verifier_pp hash: 1efa4943c2bd465cb05e930f26233788c927f4ad7a4f2c78f12f94a7cd6a5b93 + +SHA256.test_sigma0: +Constraints: 161 + +SHA256.test_sigma0_optimized: +Constraints: 97 + +SHA256.test_sigma0: +Proof size: 2.18 KB +Proof hash: 2ebdc15d92727641d14f235b41a7b5678dd52ccde56dc75afe2bfd02d53c5fde +Prover_pp hash: 7c52f79e148eb5dfe6c30239a0eb542a2960ea54e354661b0bbf7be7501124dd +Verifier_pp hash: 18fd2c7041e1713dde1b0f3598a456d9012b99e51864c9f4ef36317bcc937b3f + +SHA256.test_sigma1: +Constraints: 161 + +SHA256.test_sigma1_optimized: +Constraints: 97 + +SHA256.test_sigma1: +Proof size: 2.18 KB +Proof hash: 77cd45c22a313a41264f8b84448ae22b588a176b3c42dce1b54e9d9fb846bccd +Prover_pp hash: 7764a84c5a50cb476e8d9995eada72c2bba6c5ca2a8952f19a4b672559b260f8 +Verifier_pp hash: 079ae50a5d96c14a16d527724aadadd629a5b613cccc99545a7a1d181acde5ea + +SHA256.test_sum0: +Constraints: 160 + +SHA256.test_sum0_optimized: +Constraints: 96 + +SHA256.test_sum0: +Proof size: 2.12 KB +Proof hash: 8b43669496a4820c8b5b425b5342d922744248aa9103500315d2c76d96bc6e44 +Prover_pp hash: be0e2fd0b56c679c66dc66022ee2780fa5e8040beeda7ca73a1998de20c20155 +Verifier_pp hash: 794dc398e120e75acd79ac3fa12f0fb295a916aa14d4cf871b239a3fb87b52c8 + +SHA256.test_sum1: +Constraints: 160 + +SHA256.test_sum1_optimized: +Constraints: 96 + +SHA256.test_sum1: +Proof size: 2.12 KB +Proof hash: 19b284ea982881180c6c8db88f2e4a4689e62aa2d542205ca4446f9abaaeb4d4 +Prover_pp hash: 30c03ee07d99945bb3c7d3dd71df4fc2fa1d6495b6da00e379978fc804740a32 +Verifier_pp hash: 6bdb86b9241dfe5025045173d7d296cec6b3afaabe552ccc2516b16406891ea7 + +SHA256.test_padding: +Constraints: 1536 + +SHA256.test_padding_optimized: +Constraints: 536 + +SHA256.test_padding: +Proof size: 2.15 KB +Proof hash: d2e8fd78def773977189d6ee7a1fa36e1c86517fa8350cabad2f90d8f3612ad0 +Prover_pp hash: c127bc31c1b15efb50b98402ef8daedd257f1afa0357ffa8e087490a8f2c1ec2 +Verifier_pp hash: 08ed9ecaa5a69e914ca4132f15e9cb0593f7d89bfde8e1026740c4ce6aa43f67 + +SHA256.test_initial_hash: +Constraints: 320 + +SHA256.test_initial_hash_optimized: +Constraints: 32 + +SHA256.test_initial_hash: +Proof size: 2.21 KB +Proof hash: 4ad73e3576c363d636f55c9842a6d0aab59b540fcfb95d4f5834ded40f19bdaf +Prover_pp hash: 45a8bce05b38e2dcca51f8810dfc454807ef85da1765da8f2518354505532996 +Verifier_pp hash: 913c4b09f4fa4529da0806498a47ea3973409dc3dd23ded6facf38cf02748701 + +SHA256.test_digestabc: +Constraints: 259416 + +SHA256.test_digestabc_optimized: +Constraints: 130136 + +SHA256.test_digestabc: +Proof size: 2.31 KB +Proof hash: 38f0872c4884134094d62dec0666c9686133f4ea550ac6366706de9e32271c01 +Prover_pp hash: 5a962e3c9dc742e07d5842f33ddbd087e523f390a18dd12be93cec11d2457f6e +Verifier_pp hash: c176e1c91c96b494d08733d1a51177b6ba9e9a947746f09fa720433f890781d5 + +SHA256.test_digestabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq: +Constraints: 518064 + +SHA256.test_digestabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq_optimized: +Constraints: 259344 + +SHA256.test_digestabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq: +Proof size: 3.71 KB +Proof hash: dfcd46e2e810c3f2f4bb7465631358de25cced4ca024fce3d0faa5f7d4b29fa6 +Prover_pp hash: 7b96043035824ee2c550052fab255689baf834088573c356ba59502dba24456c +Verifier_pp hash: 8ad533fc8c0f8b86abf0f315091c4ff031c94602ad97e39a0bc786568952eff2 + Anemoi.test_round.valid: Constraints: 20 -- GitLab