diff --git a/include/nil/blueprint/components/hashes/sha256/plonk/sha512.hpp b/include/nil/blueprint/components/hashes/sha256/plonk/sha512.hpp index 1526d3cea..b3c27504d 100644 --- a/include/nil/blueprint/components/hashes/sha256/plonk/sha512.hpp +++ b/include/nil/blueprint/components/hashes/sha256/plonk/sha512.hpp @@ -39,28 +39,25 @@ namespace nil { namespace blueprint { namespace components { - template + template class sha512; - template - class sha512, W0, - W1, W2, W3, W4, W5, W6, W7, W8> { + template + class sha512, 9>: + public component, + 9, 2, 5> { - typedef zk::snark::plonk_constraint_system - ArithmetizationType; + using ArithmetizationType = crypto3::zk::snark::plonk_constraint_system; + using component_type = component; - using var = zk::snark::plonk_variable; - - using sha512_process_component = - sha512_process; + using sha512_process_component = sha512_process; // using decomposition_component = // decomposition; public: + using var = typename component_type::var; + constexpr static const std::size_t gates_amount = 5; - constexpr static const std::size_t selector_seed = 0x0f14; constexpr static const std::size_t rows_amount_creating_input_words_component = 15; // constexpr static const std::size_t rows_amount = @@ -71,7 +68,7 @@ namespace nil { std::array y; }; - struct params_type { + struct input_type { var_ec_point R; var_ec_point A; std::array M; @@ -80,28 +77,50 @@ namespace nil { struct result_type { std::array output_state; - result_type(const std::size_t &start_row_index) { - output_state = {var(W0, start_row_index + rows_amount - 3, false), - var(W1, start_row_index + rows_amount - 3, false), - var(W2, start_row_index + rows_amount - 3, false), - var(W3, start_row_index + rows_amount - 3, false), - var(W0, start_row_index + rows_amount - 1, false), - var(W1, start_row_index + rows_amount - 1, false), - var(W2, start_row_index + rows_amount - 1, false), - var(W3, start_row_index + rows_amount - 1, false)}; + result_type(const sha512 &component, const std::size_t &start_row_index) { + output_state = {var(component.W(0), start_row_index + rows_amount - 3, false), + var(component.W(1), start_row_index + rows_amount - 3, false), + var(component.W(2), start_row_index + rows_amount - 3, false), + var(component.W(3), start_row_index + rows_amount - 3, false), + var(component.W(0), start_row_index + rows_amount - 1, false), + var(component.W(1), start_row_index + rows_amount - 1, false), + var(component.W(2), start_row_index + rows_amount - 1, false), + var(component.W(3), start_row_index + rows_amount - 1, false)}; } }; - static result_type generate_circuit(blueprint &bp, - blueprint_public_assignment_table &assignment, - const params_type & params, - const std::size_t start_row_index) { - auto selector_iterator = assignment.find_selector(selector_seed); + template + sha512(ContainerType witness): + component_type(witness, {}, {}){}; + + template + sha512(WitnessContainerType witness, ConstantContainerType constant, PublicInputContainerType public_input): + component_type(witness, constant, public_input){}; + + sha512(std::initializer_list witnesses, + std::initializer_list constants, + std::initializer_list public_inputs): + component_type(witnesses, constants, public_inputs){}; + }; + + template + using plonk_sha512 = sha512, 9>; + + template + typename plonk_sha512::result_type + generate_circuit( + const plonk_sha512 &component, + circuit> &bp, + assignment> &assignment, + const typename plonk_sha512::input_type &instance_input, + const std::uint32_t start_row_index) { + + auto selector_iterator = assignment.find_selector(component); std::size_t first_selector_index; - if (selector_iterator == assignment.selectors_end()) { - first_selector_index = assignment.allocate_selector(selector_seed, gates_amount); - generate_gates(bp, assignment, first_selector_index); + if (selector_iterator == assignment.selectors_end()){ + first_selector_index = assignment.allocate_selector(component, component.gates_amount); + generate_gates(component, bp, assignment, instance_input, first_selector_index); } else { first_selector_index = selector_iterator->second; } @@ -153,41 +172,48 @@ namespace nil { */ - generate_copy_constraints(bp, assignment, params, start_row_index); - return result_type(start_row_index); - + generate_copy_constraints(component, bp, assignment, instance_input, start_row_index); + return typename plonk_sha512::result_type(component, start_row_index); } - static result_type generate_assignments(blueprint_assignment_table &assignment, - const params_type ¶ms, - std::size_t component_start_row) { - std::size_t row = component_start_row; + template + typename plonk_sha512::result_type + generate_assignments( + const plonk_sha512 &component, + assignment> &assignment, + const typename plonk_sha512::input_type &instance_input, + const std::uint32_t start_row_index) { + + using ArithmetizationType = crypto3::zk::snark::plonk_constraint_system; + using var = typename sha512::var; + + std::size_t row = start_row_index; std::array RAM = { - typename BlueprintFieldType::integral_type(assignment.var_value(params.R.x[0]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.R.x[1]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.R.x[2]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.R.x[3]).data), - - typename BlueprintFieldType::integral_type(assignment.var_value(params.R.y[0]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.R.y[1]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.R.y[2]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.R.y[3]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.R.x[0]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.R.x[1]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.R.x[2]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.R.x[3]).data), + + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.R.y[0]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.R.y[1]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.R.y[2]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.R.y[3]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.A.x[0]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.A.x[1]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.A.x[2]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.A.x[3]).data), - - typename BlueprintFieldType::integral_type(assignment.var_value(params.A.y[0]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.A.y[1]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.A.y[2]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.A.y[3]).data), - - typename BlueprintFieldType::integral_type(assignment.var_value(params.M[0]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.M[1]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.M[2]).data), - typename BlueprintFieldType::integral_type(assignment.var_value(params.M[3]).data) + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.A.x[0]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.A.x[1]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.A.x[2]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.A.x[3]).data), + + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.A.y[0]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.A.y[1]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.A.y[2]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.A.y[3]).data), + + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.M[0]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.M[1]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.M[2]).data), + typename BlueprintFieldType::integral_type(var_value(assignment, instance_input.M[3]).data) }; @@ -250,12 +276,12 @@ namespace nil { range_chunks[2] = (RAM[0] >> 44) & mask20; range_chunks[3] = (RAM[0] >> 64) & 0b11; - assignment.witness(W0)[row_witness - 1] = RAM[0]; - assignment.witness(W0)[row_witness - 0] = input_words_values[0]; - assignment.witness(W1)[row_witness - 1] = range_chunks[0]; - assignment.witness(W1)[row_witness - 0] = range_chunks[1]; - assignment.witness(W1)[row_witness + 1] = range_chunks[2]; - assignment.witness(W0)[row_witness + 1] = range_chunks[3]; + assignment.witness(component.W(0), row_witness - 1) = RAM[0]; + assignment.witness(component.W(0), row_witness - 0) = input_words_values[0]; + assignment.witness(component.W(1), row_witness - 1) = range_chunks[0]; + assignment.witness(component.W(1), row_witness - 0) = range_chunks[1]; + assignment.witness(component.W(1), row_witness + 1) = range_chunks[2]; + assignment.witness(component.W(0), row_witness + 1) = range_chunks[3]; // W2,1 W3,1 W3,0 W3, -1 @@ -265,12 +291,12 @@ namespace nil { range_chunks[6] = (RAM[1] >> 44) & mask18; range_chunks[7] = (RAM[1] >> 62) & 15; - assignment.witness(W2)[row_witness - 1] = RAM[1]; - assignment.witness(W2)[row_witness - 0] = input_words_values[1]; - assignment.witness(W3)[row_witness - 1] = range_chunks[4]; - assignment.witness(W3)[row_witness - 0] = range_chunks[5]; - assignment.witness(W3)[row_witness + 1] = range_chunks[6]; - assignment.witness(W2)[row_witness + 1] = range_chunks[7]; + assignment.witness(component.W(2), row_witness - 1) = RAM[1]; + assignment.witness(component.W(2), row_witness - 0) = input_words_values[1]; + assignment.witness(component.W(3), row_witness - 1) = range_chunks[4]; + assignment.witness(component.W(3), row_witness - 0) = range_chunks[5]; + assignment.witness(component.W(3), row_witness + 1) = range_chunks[6]; + assignment.witness(component.W(2), row_witness + 1) = range_chunks[7]; @@ -283,12 +309,12 @@ namespace nil { range_chunks[10] = (RAM[2] >> 44) & mask16; range_chunks[11] = (RAM[2] >> 60) & 0b111111; - assignment.witness(W4)[row_witness - 1] = RAM[2]; - assignment.witness(W4)[row_witness - 0] = input_words_values[2]; - assignment.witness(W5)[row_witness - 1] = range_chunks[8]; - assignment.witness(W5)[row_witness - 0] = range_chunks[9]; - assignment.witness(W5)[row_witness + 1] = range_chunks[10]; - assignment.witness(W4)[row_witness + 1] = range_chunks[11]; + assignment.witness(component.W(4), row_witness - 1) = RAM[2]; + assignment.witness(component.W(4), row_witness - 0) = input_words_values[2]; + assignment.witness(component.W(5), row_witness - 1) = range_chunks[8]; + assignment.witness(component.W(5), row_witness - 0) = range_chunks[9]; + assignment.witness(component.W(5), row_witness + 1) = range_chunks[10]; + assignment.witness(component.W(4), row_witness + 1) = range_chunks[11]; @@ -298,11 +324,11 @@ namespace nil { range_chunks[13] = (RAM[3] >> 22) & mask22; range_chunks[14] = (RAM[3] >> 44) & mask13; - assignment.witness(W6)[row_witness - 1] = RAM[3]; - assignment.witness(W6)[row_witness - 0] = input_words_values[3]; - assignment.witness(W7)[row_witness - 1] = range_chunks[12]; - assignment.witness(W7)[row_witness - 0] = range_chunks[13]; - assignment.witness(W7)[row_witness + 1] = range_chunks[14]; + assignment.witness(component.W(6), row_witness - 1) = RAM[3]; + assignment.witness(component.W(6), row_witness - 0) = input_words_values[3]; + assignment.witness(component.W(7), row_witness - 1) = range_chunks[12]; + assignment.witness(component.W(7), row_witness - 0) = range_chunks[13]; + assignment.witness(component.W(7), row_witness + 1) = range_chunks[14]; @@ -316,16 +342,16 @@ namespace nil { range_chunks[18] = (RAM[4] >> 44) & mask21; range_chunks[19] = (RAM[4] >> 65) & 1; - assignment.witness(W6)[row_witness-3 + 1] = range_chunks[15]; - assignment.witness(W8)[row_witness - 1] = range_chunks[15]; + assignment.witness(component.W(6), row_witness-3 + 1) = range_chunks[15]; + assignment.witness(component.W(8), row_witness - 1) = range_chunks[15]; - assignment.witness(W0)[row_witness - 1] = RAM[4]; - assignment.witness(W0)[row_witness - 0] = input_words_values[4]; - assignment.witness(W1)[row_witness - 1] = range_chunks[16]; - assignment.witness(W1)[row_witness - 0] = range_chunks[17]; - assignment.witness(W1)[row_witness + 1] = range_chunks[18]; - assignment.witness(W0)[row_witness + 1] = range_chunks[19]; + assignment.witness(component.W(0), row_witness - 1) = RAM[4]; + assignment.witness(component.W(0), row_witness - 0) = input_words_values[4]; + assignment.witness(component.W(1), row_witness - 1) = range_chunks[16]; + assignment.witness(component.W(1), row_witness - 0) = range_chunks[17]; + assignment.witness(component.W(1), row_witness + 1) = range_chunks[18]; + assignment.witness(component.W(0), row_witness + 1) = range_chunks[19]; // W2,1 W3,1 W3,0 W3, -1 @@ -335,12 +361,12 @@ namespace nil { range_chunks[22] = (RAM[5] >> 44) & mask19; range_chunks[23] = (RAM[5] >> 63) & 0b111; - assignment.witness(W2)[row_witness - 1] = RAM[5]; - assignment.witness(W2)[row_witness - 0] = input_words_values[5]; - assignment.witness(W3)[row_witness - 1] = range_chunks[20]; - assignment.witness(W3)[row_witness - 0] = range_chunks[21]; - assignment.witness(W3)[row_witness + 1] = range_chunks[22]; - assignment.witness(W2)[row_witness + 1] = range_chunks[23]; + assignment.witness(component.W(2), row_witness - 1) = RAM[5]; + assignment.witness(component.W(2), row_witness - 0) = input_words_values[5]; + assignment.witness(component.W(3), row_witness - 1) = range_chunks[20]; + assignment.witness(component.W(3), row_witness - 0) = range_chunks[21]; + assignment.witness(component.W(3), row_witness + 1) = range_chunks[22]; + assignment.witness(component.W(2), row_witness + 1) = range_chunks[23]; @@ -351,12 +377,12 @@ namespace nil { range_chunks[26] = (RAM[6] >> 44) & mask17; range_chunks[27] = (RAM[6] >> 61) & 0b11111; - assignment.witness(W4)[row_witness - 1] = RAM[6]; - assignment.witness(W4)[row_witness - 0] = input_words_values[6]; - assignment.witness(W5)[row_witness - 1] = range_chunks[24]; - assignment.witness(W5)[row_witness - 0] = range_chunks[25]; - assignment.witness(W5)[row_witness + 1] = range_chunks[26]; - assignment.witness(W4)[row_witness + 1] = range_chunks[27]; + assignment.witness(component.W(4), row_witness - 1) = RAM[6]; + assignment.witness(component.W(4), row_witness - 0) = input_words_values[6]; + assignment.witness(component.W(5), row_witness - 1) = range_chunks[24]; + assignment.witness(component.W(5), row_witness - 0) = range_chunks[25]; + assignment.witness(component.W(5), row_witness + 1) = range_chunks[26]; + assignment.witness(component.W(4), row_witness + 1) = range_chunks[27]; @@ -366,11 +392,11 @@ namespace nil { range_chunks[29] = (RAM[7] >> 22) & mask22; range_chunks[30] = (RAM[7] >> 44) & mask13; - assignment.witness(W6)[row_witness - 1] = RAM[7]; - assignment.witness(W6)[row_witness - 0] = input_words_values[7]; - assignment.witness(W7)[row_witness - 1] = range_chunks[28]; - assignment.witness(W7)[row_witness - 0] = range_chunks[29]; - assignment.witness(W7)[row_witness + 1] = range_chunks[30]; + assignment.witness(component.W(6), row_witness - 1) = RAM[7]; + assignment.witness(component.W(6), row_witness - 0) = input_words_values[7]; + assignment.witness(component.W(7), row_witness - 1) = range_chunks[28]; + assignment.witness(component.W(7), row_witness - 0) = range_chunks[29]; + assignment.witness(component.W(7), row_witness + 1) = range_chunks[30]; row_witness += 3; @@ -383,14 +409,14 @@ namespace nil { range_chunks[33] = (RAM[8] >> 22) & mask22; range_chunks[34] = (RAM[8] >> 44) & mask22; - assignment.witness(W6)[row_witness-3 + 1] = range_chunks[31]; + assignment.witness(component.W(6), row_witness-3 + 1) = range_chunks[31]; - assignment.witness(W0)[row_witness - 1] = RAM[8]; - assignment.witness(W0)[row_witness - 0] = input_words_values[8]; - assignment.witness(W1)[row_witness - 1] = range_chunks[31]; - assignment.witness(W1)[row_witness - 0] = range_chunks[32]; - assignment.witness(W1)[row_witness + 1] = range_chunks[33]; - assignment.witness(W0)[row_witness + 1] = range_chunks[34]; + assignment.witness(component.W(0), row_witness - 1) = RAM[8]; + assignment.witness(component.W(0), row_witness - 0) = input_words_values[8]; + assignment.witness(component.W(1), row_witness - 1) = range_chunks[31]; + assignment.witness(component.W(1), row_witness - 0) = range_chunks[32]; + assignment.witness(component.W(1), row_witness + 1) = range_chunks[33]; + assignment.witness(component.W(0), row_witness + 1) = range_chunks[34]; @@ -401,12 +427,12 @@ namespace nil { range_chunks[37] = (RAM[9] >> 44) & mask20; range_chunks[38] = (RAM[9] >> 64) & 0b11; - assignment.witness(W2)[row_witness - 1] = RAM[9]; - assignment.witness(W2)[row_witness - 0] = input_words_values[9]; - assignment.witness(W3)[row_witness - 1] = range_chunks[35]; - assignment.witness(W3)[row_witness - 0] = range_chunks[36]; - assignment.witness(W3)[row_witness + 1] = range_chunks[37]; - assignment.witness(W2)[row_witness + 1] = range_chunks[38]; + assignment.witness(component.W(2), row_witness - 1) = RAM[9]; + assignment.witness(component.W(2), row_witness - 0) = input_words_values[9]; + assignment.witness(component.W(3), row_witness - 1) = range_chunks[35]; + assignment.witness(component.W(3), row_witness - 0) = range_chunks[36]; + assignment.witness(component.W(3), row_witness + 1) = range_chunks[37]; + assignment.witness(component.W(2), row_witness + 1) = range_chunks[38]; @@ -417,12 +443,12 @@ namespace nil { range_chunks[41] = (RAM[10] >> 44) & mask18; range_chunks[42] = (RAM[10] >> 62) & 0b1111; - assignment.witness(W4)[row_witness - 1] = RAM[10]; - assignment.witness(W4)[row_witness - 0] = input_words_values[10]; - assignment.witness(W5)[row_witness - 1] = range_chunks[39]; - assignment.witness(W5)[row_witness - 0] = range_chunks[40]; - assignment.witness(W5)[row_witness + 1] = range_chunks[41]; - assignment.witness(W4)[row_witness + 1] = range_chunks[42]; + assignment.witness(component.W(4), row_witness - 1) = RAM[10]; + assignment.witness(component.W(4), row_witness - 0) = input_words_values[10]; + assignment.witness(component.W(5), row_witness - 1) = range_chunks[39]; + assignment.witness(component.W(5), row_witness - 0) = range_chunks[40]; + assignment.witness(component.W(5), row_witness + 1) = range_chunks[41]; + assignment.witness(component.W(4), row_witness + 1) = range_chunks[42]; @@ -432,11 +458,11 @@ namespace nil { range_chunks[44] = (RAM[11] >> 22) & mask22; range_chunks[45] = (RAM[11] >> 44) & mask13; - assignment.witness(W6)[row_witness - 1] = RAM[11]; - assignment.witness(W6)[row_witness - 0] = input_words_values[11]; - assignment.witness(W7)[row_witness - 1] = range_chunks[43]; - assignment.witness(W7)[row_witness - 0] = range_chunks[44]; - assignment.witness(W7)[row_witness + 1] = range_chunks[45]; + assignment.witness(component.W(6), row_witness - 1) = RAM[11]; + assignment.witness(component.W(6), row_witness - 0) = input_words_values[11]; + assignment.witness(component.W(7), row_witness - 1) = range_chunks[43]; + assignment.witness(component.W(7), row_witness - 0) = range_chunks[44]; + assignment.witness(component.W(7), row_witness + 1) = range_chunks[45]; row_witness += 3; @@ -448,14 +474,14 @@ namespace nil { range_chunks[48] = (RAM[12] >> 22) & mask22; range_chunks[49] = (RAM[12] >> 44) & mask22; - assignment.witness(W6)[row_witness-3 + 1] = range_chunks[46]; + assignment.witness(component.W(6), row_witness-3 + 1) = range_chunks[46]; - assignment.witness(W0)[row_witness - 1] = RAM[12]; - assignment.witness(W0)[row_witness - 0] = input_words_values[12]; - assignment.witness(W1)[row_witness - 1] = range_chunks[46]; - assignment.witness(W1)[row_witness - 0] = range_chunks[47]; - assignment.witness(W1)[row_witness + 1] = range_chunks[48]; - assignment.witness(W0)[row_witness + 1] = range_chunks[49]; + assignment.witness(component.W(0), row_witness - 1) = RAM[12]; + assignment.witness(component.W(0), row_witness - 0) = input_words_values[12]; + assignment.witness(component.W(1), row_witness - 1) = range_chunks[46]; + assignment.witness(component.W(1), row_witness - 0) = range_chunks[47]; + assignment.witness(component.W(1), row_witness + 1) = range_chunks[48]; + assignment.witness(component.W(0), row_witness + 1) = range_chunks[49]; @@ -467,13 +493,13 @@ namespace nil { range_chunks[53] = (RAM[13] >> 44) & mask21; range_chunks[54] = (RAM[13] >> 65) & 1; - assignment.witness(W2)[row_witness - 1] = RAM[13]; - assignment.witness(W2)[row_witness - 0] = input_words_values[13]; - assignment.witness(W8)[row_witness - 1] = range_chunks[50]; - assignment.witness(W3)[row_witness - 1] = range_chunks[51]; - assignment.witness(W3)[row_witness - 0] = range_chunks[52]; - assignment.witness(W3)[row_witness + 1] = range_chunks[53]; - assignment.witness(W2)[row_witness + 1] = range_chunks[54]; + assignment.witness(component.W(2), row_witness - 1) = RAM[13]; + assignment.witness(component.W(2), row_witness - 0) = input_words_values[13]; + assignment.witness(component.W(8), row_witness - 1) = range_chunks[50]; + assignment.witness(component.W(3), row_witness - 1) = range_chunks[51]; + assignment.witness(component.W(3), row_witness - 0) = range_chunks[52]; + assignment.witness(component.W(3), row_witness + 1) = range_chunks[53]; + assignment.witness(component.W(2), row_witness + 1) = range_chunks[54]; @@ -485,12 +511,12 @@ namespace nil { range_chunks[57] = (RAM[14] >> 44) & mask19; range_chunks[58] = (RAM[14] >> 63) & 0b111; - assignment.witness(W4)[row_witness - 1] = RAM[14]; - assignment.witness(W4)[row_witness - 0] = input_words_values[14]; - assignment.witness(W5)[row_witness - 1] = range_chunks[55]; - assignment.witness(W5)[row_witness - 0] = range_chunks[56]; - assignment.witness(W5)[row_witness + 1] = range_chunks[57]; - assignment.witness(W4)[row_witness + 1] = range_chunks[58]; + assignment.witness(component.W(4), row_witness - 1) = RAM[14]; + assignment.witness(component.W(4), row_witness - 0) = input_words_values[14]; + assignment.witness(component.W(5), row_witness - 1) = range_chunks[55]; + assignment.witness(component.W(5), row_witness - 0) = range_chunks[56]; + assignment.witness(component.W(5), row_witness + 1) = range_chunks[57]; + assignment.witness(component.W(4), row_witness + 1) = range_chunks[58]; @@ -501,11 +527,11 @@ namespace nil { range_chunks[60] = (RAM[15] >> 22) & mask22; range_chunks[61] = (RAM[15] >> 44) & mask13; - assignment.witness(W6)[row_witness - 1] = RAM[15]; - assignment.witness(W6)[row_witness - 0] = input_words_values[15]; - assignment.witness(W7)[row_witness - 1] = range_chunks[59]; - assignment.witness(W7)[row_witness - 0] = range_chunks[60]; - assignment.witness(W7)[row_witness + 1] = range_chunks[61]; + assignment.witness(component.W(6), row_witness - 1) = RAM[15]; + assignment.witness(component.W(6), row_witness - 0) = input_words_values[15]; + assignment.witness(component.W(7), row_witness - 1) = range_chunks[59]; + assignment.witness(component.W(7), row_witness - 0) = range_chunks[60]; + assignment.witness(component.W(7), row_witness + 1) = range_chunks[61]; row_witness += 3; @@ -519,14 +545,14 @@ namespace nil { range_chunks[64] = (RAM[16] >> 22) & mask22; range_chunks[65] = (RAM[16] >> 44) & mask22; - assignment.witness(W6)[row_witness-3 + 1] = range_chunks[62]; + assignment.witness(component.W(6), row_witness-3 + 1) = range_chunks[62]; - assignment.witness(W0)[row_witness - 1] = RAM[16]; - assignment.witness(W0)[row_witness - 0] = input_words_values[16]; - assignment.witness(W1)[row_witness - 1] = range_chunks[62]; - assignment.witness(W1)[row_witness - 0] = range_chunks[63]; - assignment.witness(W1)[row_witness + 1] = range_chunks[64]; - assignment.witness(W0)[row_witness + 1] = range_chunks[65]; + assignment.witness(component.W(0), row_witness - 1) = RAM[16]; + assignment.witness(component.W(0), row_witness - 0) = input_words_values[16]; + assignment.witness(component.W(1), row_witness - 1) = range_chunks[62]; + assignment.witness(component.W(1), row_witness - 0) = range_chunks[63]; + assignment.witness(component.W(1), row_witness + 1) = range_chunks[64]; + assignment.witness(component.W(0), row_witness + 1) = range_chunks[65]; @@ -536,12 +562,12 @@ namespace nil { range_chunks[67] = (RAM[17] >> 2) & mask20; range_chunks[68] = (RAM[17] >> 22) & mask22; range_chunks[69] = (RAM[17] >> 44) & mask22; - assignment.witness(W2)[row_witness - 1] = RAM[17]; - assignment.witness(W2)[row_witness - 0] = input_words_values[17]; - assignment.witness(W3)[row_witness - 1] = range_chunks[66]; - assignment.witness(W3)[row_witness - 0] = range_chunks[67]; - assignment.witness(W3)[row_witness + 1] = range_chunks[68]; - assignment.witness(W2)[row_witness + 1] = range_chunks[69]; + assignment.witness(component.W(2), row_witness - 1) = RAM[17]; + assignment.witness(component.W(2), row_witness - 0) = input_words_values[17]; + assignment.witness(component.W(3), row_witness - 1) = range_chunks[66]; + assignment.witness(component.W(3), row_witness - 0) = range_chunks[67]; + assignment.witness(component.W(3), row_witness + 1) = range_chunks[68]; + assignment.witness(component.W(2), row_witness + 1) = range_chunks[69]; @@ -553,12 +579,12 @@ namespace nil { range_chunks[72] = (RAM[18] >> 44) & mask20; range_chunks[73] = (RAM[18] >> 64) & 0b11; - assignment.witness(W4)[row_witness - 1] = RAM[18]; - assignment.witness(W4)[row_witness - 0] = input_words_values[18]; - assignment.witness(W5)[row_witness - 1] = range_chunks[70]; - assignment.witness(W5)[row_witness - 0] = range_chunks[71]; - assignment.witness(W5)[row_witness + 1] = range_chunks[72]; - assignment.witness(W4)[row_witness + 1] = range_chunks[73]; + assignment.witness(component.W(4), row_witness - 1) = RAM[18]; + assignment.witness(component.W(4), row_witness - 0) = input_words_values[18]; + assignment.witness(component.W(5), row_witness - 1) = range_chunks[70]; + assignment.witness(component.W(5), row_witness - 0) = range_chunks[71]; + assignment.witness(component.W(5), row_witness + 1) = range_chunks[72]; + assignment.witness(component.W(4), row_witness + 1) = range_chunks[73]; @@ -569,12 +595,12 @@ namespace nil { range_chunks[75] = (RAM[19] >> 22) & mask22; range_chunks[76] = (RAM[19] >> 44) & mask14; - assignment.witness(W6)[row_witness - 1] = RAM[19]; - assignment.witness(W6)[row_witness - 0] = input_words_values[19]; - assignment.witness(W7)[row_witness - 1] = range_chunks[74]; - assignment.witness(W7)[row_witness - 0] = range_chunks[75]; - assignment.witness(W7)[row_witness + 1] = range_chunks[76]; - assignment.witness(W8)[row_witness + 1] = 1; + assignment.witness(component.W(6), row_witness - 1) = RAM[19]; + assignment.witness(component.W(6), row_witness - 0) = input_words_values[19]; + assignment.witness(component.W(7), row_witness - 1) = range_chunks[74]; + assignment.witness(component.W(7), row_witness - 0) = range_chunks[75]; + assignment.witness(component.W(7), row_witness + 1) = range_chunks[76]; + assignment.witness(component.W(8), row_witness + 1) = 1; @@ -585,63 +611,70 @@ namespace nil { for(std::size_t j = 0; j < 4; j++) { for(std::size_t i = 0; i < 4; i++) { - input_words_vars_1[4*j + i] = var(2*i, row + 1 + 3*j, false); + input_words_vars_1[4*j + i] = var(component.W(2*i), row + 1 + 3*j, false); } } for(std::size_t i = 0; i < 4; i++) { - input_words_vars_2[i] = var(2*i, row + 1 + 12, false); + input_words_vars_2[i] = var(component.W(2*i), row + 1 + 12, false); } - assignment.constant(0)[component_start_row + 8] = 0; - assignment.constant(0)[component_start_row + 9] = 252 + 1024; + assignment.constant(component.C(0), start_row_index + 8) = 0; + assignment.constant(component.C(0), start_row_index + 9) = 252 + 1024; for (std::size_t i = 4; i < 15; i++) { - input_words_vars_2[i] = var(0, component_start_row + 8, false, var::column_type::constant); + input_words_vars_2[i] = var(component.C(0), start_row_index + 8, false, var::column_type::constant); } - input_words_vars_2[15] = var(0, component_start_row + 9, false, var::column_type::constant); + input_words_vars_2[15] = var(component.C(0), start_row_index + 9, false, var::column_type::constant); - row = component_start_row + rows_amount_creating_input_words_component; + row = start_row_index + component.rows_amount_creating_input_words_component; std::array constants = { 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1, 0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179}; for (int i = 0; i < 8; i++) { - assignment.constant(0)[component_start_row + i] = constants[i]; + assignment.constant(component.C(0), start_row_index + i) = constants[i]; } - std::array constants_var = {var(0, component_start_row, false, var::column_type::constant), - var(0, component_start_row + 1, false, var::column_type::constant), - var(0, component_start_row + 2, false, var::column_type::constant), - var(0, component_start_row + 3, false, var::column_type::constant), - var(0, component_start_row + 4, false, var::column_type::constant), - var(0, component_start_row + 5, false, var::column_type::constant), - var(0, component_start_row + 6, false, var::column_type::constant), - var(0, component_start_row + 7, false, var::column_type::constant)}; - typename sha512_process_component::params_type sha_params = {constants_var, input_words_vars_1}; - auto sha_output = sha512_process_component::generate_assignments(assignment, sha_params, row).output_state; - row += sha512_process_component::rows_amount; + std::array constants_var = {var(component.C(0), start_row_index, false, var::column_type::constant), + var(component.C(0), start_row_index + 1, false, var::column_type::constant), + var(component.C(0), start_row_index + 2, false, var::column_type::constant), + var(component.C(0), start_row_index + 3, false, var::column_type::constant), + var(component.C(0), start_row_index + 4, false, var::column_type::constant), + var(component.C(0), start_row_index + 5, false, var::column_type::constant), + var(component.C(0), start_row_index + 6, false, var::column_type::constant), + var(component.C(0), start_row_index + 7, false, var::column_type::constant)}; + + using ArithmetizationType = crypto3::zk::snark::plonk_constraint_system; + typename sha512_process::input_type sha512_process_input = {constants_var, input_words_vars_1}; + + sha512_process sha512_process_instance( + {component.W(0), component.W(1), component.W(2), component.W(3), component.W(4), + component.W(5), component.W(6), component.W(7), component.W(8)},{component.C(0)},{}); + + typename sha512_process::result_type sha_output = generate_assignments(sha512_process_instance, assignment, sha512_process_input, row); + row += sha512_process::rows_amount; //TODO /*for (std::size_t i = 0; i < 8; i++) { - assignment.witness(i)[row] = input_words_values[16 + i]; - assignment.witness(i)[row+1] = input_words_values[16 + i+8]; + assignment.witness(i), row) = input_words_values[16 + i]; + assignment.witness(i), row+1) = input_words_values[16 + i+8]; input_words_vars_2[i] = var(i, row, false); input_words_vars_2[i+8] = var(i, row+1, false); }*/ // row = row + 2; - sha_params = {sha_output, input_words_vars_2}; + sha512_process_input = {sha_output.output_state, input_words_vars_2}; /*std::array input_words2 = { 1 << 31, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 << 9}; for (int i = 0; i < 16; i++) { - assignment.constant(0)[component_start_row + 8 + i] = input_words2[i]; + assignment.constant(0), component_start_row + 8 + i) = input_words2[i]; } std::vector input_words2_var = {var(0, row + 8, false, var::column_type::constant), var(0, row + 9, false, var::column_type::constant), @@ -661,76 +694,83 @@ namespace nil { var(0, row + 23, false, var::column_type::constant)}; typename sha512_process_component::params_type sha_params2 = {sha_output.output_state, input_words2_var}; */ - - sha512_process_component::generate_assignments(assignment, sha_params, row); - return result_type(component_start_row); + + sha_output = generate_assignments(sha512_process_instance, assignment, sha512_process_input, row); + row += sha512_process::rows_amount; + return typename plonk_sha512::result_type(component, start_row_index); } - private: - static void generate_gates(blueprint &bp, - blueprint_public_assignment_table &assignment, - const std::size_t &first_selector_index) { + template + void generate_gates( + const plonk_sha512 &component, + circuit> &bp, + assignment> &assignment, + const typename plonk_sha512::input_type &instance_input, + const std::size_t first_selector_index) { + + using ArithmetizationType = crypto3::zk::snark::plonk_constraint_system; + using var = typename sha512::var; typename BlueprintFieldType::integral_type one = 1; auto constraint_ram_0 = bp.add_constraint( - var(W0, -1) - (var(W1, -1) + var(W1, 0) * (one << 22) + var(W1, 1) * (one << 44) + var(W0, 1) * (one << 64))); + var(component.W(0), -1) - (var(component.W(1), -1) + var(component.W(1), 0) * (one << 22) + var(component.W(1), 1) * (one << 44) + var(component.W(0), 1) * (one << 64))); auto constraint_word_0 = bp.add_constraint( - var(W0, 0) - (var(W1, -1) + var(W1, 0) * (one << 22) + var(W1, 1) * (one << 44))); + var(component.W(0), 0) - (var(component.W(1), -1) + var(component.W(1), 0) * (one << 22) + var(component.W(1), 1) * (one << 44))); // W2,1 W3,1 W3,0 W3, -1 // 1234|567890123456789012.3456789012345678901234.5678901234567890123456 auto constraint_ram_1 = bp.add_constraint( - var(W2, -1) - (var(W3, -1) + var(W3, 0) * (one << 22) + var(W3, 1) * (one << 44) + var(W2, 1) * (one << 62))); + var(component.W(2), -1) - (var(component.W(3), -1) + var(component.W(3), 0) * (one << 22) + var(component.W(3), 1) * (one << 44) + var(component.W(2), 1) * (one << 62))); auto constraint_word_1 = bp.add_constraint( - var(W2, 0) - (var(W0, 1) + var(W3, -1) * (one << 2) + var(W3, 0) * (one << 24) + var(W3, 1) * (one << 46))); + var(component.W(2), 0) - (var(component.W(0), 1) + var(component.W(3), -1) * (one << 2) + var(component.W(3), 0) * (one << 24) + var(component.W(3), 1) * (one << 46))); // W4,1 W5,1 W5,0 W5, -1 // 123456|7890123456789012.3456789012345678901234.5678901234567890123456 auto constraint_ram_2 = bp.add_constraint( - var(W4, -1) - (var(W5, -1) + var(W5, 0) * (one << 22) + var(W5, 1) * (one << 44) + var(W4, 1) * (one << 60))); + var(component.W(4), -1) - (var(component.W(5), -1) + var(component.W(5), 0) * (one << 22) + var(component.W(5), 1) * (one << 44) + var(component.W(4), 1) * (one << 60))); auto constraint_word_2 = bp.add_constraint( - var(W4, 0) - (var(W2, 1) + var(W5, -1) * (one << 4) + var(W5, 0) * (one << (4 + 22)) + var(W5, 1) * (one << (4 + 44)))); + var(component.W(4), 0) - (var(component.W(2), 1) + var(component.W(5), -1) * (one << 4) + var(component.W(5), 0) * (one << (4 + 22)) + var(component.W(5), 1) * (one << (4 + 44)))); // W7, 1 W7, 0 W7, -1 // 1234567890123.4567890123456789012345.6789012345678901234567 auto constraint_ram_3 = bp.add_constraint( - var(W6, -1) - (var(W7, -1) + var(W7, 0) * (one << 22) + var(W7, 1) * (one << 44))); + var(component.W(6), -1) - (var(component.W(7), -1) + var(component.W(7), 0) * (one << 22) + var(component.W(7), 1) * (one << 44))); auto constraint_word_3 = bp.add_constraint( - var(W6, 0) - (var(W4, 1) + var(W7, -1) * (one << 6) + var(W7, 0) * (one << (6 + 22)) + var(W7, 1) * (one << (6 + 44)) + var(W6, 1) * (one << 63))); + var(component.W(6), 0) - (var(component.W(4), 1) + var(component.W(7), -1) * (one << 6) + var(component.W(7), 0) * (one << (6 + 22)) + var(component.W(7), 1) * (one << (6 + 44)) + var(component.W(6), 1) * (one << 63))); bp.add_gate(first_selector_index, {constraint_ram_0, constraint_ram_1, constraint_ram_2, constraint_ram_3, constraint_word_0, constraint_word_1, constraint_word_2, constraint_word_3}); // W0,1 W1,1 W1,0 W1,-1 W8,-1 // 1|234567890123456789012.3456789012345678901234.567890123456789012345|6 auto constraint_ram_4 = bp.add_constraint( - var(W0, -1) - (var(W8, -1) + var(W1, -1) * (1 << 1) + var(W1, 0) * (one << 22) + var(W1, 1) * (one << 44) + var(W0, 1) * (one << 65))); + var(component.W(0), -1) - (var(component.W(8), -1) + var(component.W(1), -1) * (1 << 1) + var(component.W(1), 0) * (one << 22) + var(component.W(1), 1) * (one << 44) + var(component.W(0), 1) * (one << 65))); auto constraint_word_4 = bp.add_constraint( - var(W0, 0) - (var(W1, -1) + var(W1, 0) * (one << (22-1)) + var(W1, 1) * (one << (22 + 22 - 1)))); + var(component.W(0), 0) - (var(component.W(1), -1) + var(component.W(1), 0) * (one << (22-1)) + var(component.W(1), 1) * (one << (22 + 22 - 1)))); // W2,1 W3,1 W3,0 W3, -1 // 123|4567890123456789012.3456789012345678901234.5678901234567890123456 auto constraint_ram_5 = bp.add_constraint( - var(W2, -1) - (var(W3, -1) + var(W3, 0) * (one << 22) + var(W3, 1) * (one << 44) + var(W2, 1) * (one << 63))); + var(component.W(2), -1) - (var(component.W(3), -1) + var(component.W(3), 0) * (one << 22) + var(component.W(3), 1) * (one << 44) + var(component.W(2), 1) * (one << 63))); auto constraint_word_5 = bp.add_constraint( - var(W2, 0) - (var(W0, 1) + var(W3, -1) * (1 << 1) + var(W3, 0) * (one << (22 + 1)) + var(W3, 1) * (one << (44 + 1)))); + var(component.W(2), 0) - (var(component.W(0), 1) + var(component.W(3), -1) * (1 << 1) + var(component.W(3), 0) * (one << (22 + 1)) + var(component.W(3), 1) * (one << (44 + 1)))); // W4,1 W5,1 W5,0 W5, -1 // 12345|67890123456789012.3456789012345678901234.5678901234567890123456 auto constraint_ram_6 = bp.add_constraint( - var(W4, -1) - (var(W5, -1) + var(W5, 0) * (one << 22) + var(W5, 1) * (one << 44) + var(W4, 1) * (one << 61))); + var(component.W(4), -1) - (var(component.W(5), -1) + var(component.W(5), 0) * (one << 22) + var(component.W(5), 1) * (one << 44) + var(component.W(4), 1) * (one << 61))); auto constraint_word_6 = bp.add_constraint( - var(W4, 0) - (var(W2, 1) + var(W5, -1) * (one << 3) + var(W5, 0) * (one << (3 + 22)) + var(W5, 1) * (one << (3 + 44)))); + var(component.W(4), 0) - (var(component.W(2), 1) + var(component.W(5), -1) * (one << 3) + var(component.W(5), 0) * (one << (3 + 22)) + var(component.W(5), 1) * (one << (3 + 44)))); // W7, 1 W7, 0 W7, -1 // 1234567890123.4567890123456789012345.6789012345678901234567 auto constraint_ram_7 = bp.add_constraint( - var(W6, -1) - (var(W7, -1) + var(W7, 0) * (one << 22) + var(W7, 1) * (one << 44))); + var(component.W(6), -1) - (var(component.W(7), -1) + var(component.W(7), 0) * (one << 22) + var(component.W(7), 1) * (one << 44))); auto constraint_word_7 = bp.add_constraint( - var(W6, 0) - (var(4, 1) + var(W7, -1) * (one << 5) + var(W7, 0) * (one << (5 + 22)) + var(W7, 1) * (one << (5 + 44)) + var(W6, 1) * (one << 62))); + var(component.W(6), 0) - (var(component.W(4), 1) + var(component.W(7), -1) * (one << 5) + var(component.W(7), 0) * (one << (5 + 22)) + var(component.W(7), 1) * (one << (5 + 44)) + var(component.W(6), 1) * (one << 62))); bp.add_gate(first_selector_index + 1, {constraint_ram_4, constraint_ram_5, constraint_ram_6, constraint_ram_7, constraint_word_4, constraint_word_5, constraint_word_6, constraint_word_7}); @@ -741,30 +781,30 @@ namespace nil { // W0,1 W1,1 W1,0 W1,-1 // |1234567890123456789012.3456789012345678901234.56789012345678901234|56 auto constraint_ram_8 = bp.add_constraint( - var(W0, -1) - (var(W1, -1) + var(W1, 0) * (1 << 2) + var(W1, 1) * (one << 22) + var(W0, 1) * (one << 44))); + var(component.W(0), -1) - (var(component.W(1), -1) + var(component.W(1), 0) * (1 << 2) + var(component.W(1), 1) * (one << 22) + var(component.W(0), 1) * (one << 44))); auto constraint_word_8 = bp.add_constraint( - var(W0, 0) - (var(W1, 0) + var(W1, 1) * (one << 20) + var(W0, 1) * (one << 42))); + var(component.W(0), 0) - (var(component.W(1), 0) + var(component.W(1), 1) * (one << 20) + var(component.W(0), 1) * (one << 42))); // W2,1 W3,1 W3,0 W3, -1 // 12|34567890123456789012.3456789012345678901234.5678901234567890123456 auto constraint_ram_9 = bp.add_constraint( - var(W2, -1) - (var(W3, -1) + var(W3, 0) * (one << 22) + var(W3, 1) * (one << 44) + var(W2, 1) * (one << 64))); + var(component.W(2), -1) - (var(component.W(3), -1) + var(component.W(3), 0) * (one << 22) + var(component.W(3), 1) * (one << 44) + var(component.W(2), 1) * (one << 64))); auto constraint_word_9 = bp.add_constraint( - var(W2, 0) - (var(W3, -1) + var(W3, 0) * (one << 22) + var(W3, 1) * (one << 44))); + var(component.W(2), 0) - (var(component.W(3), -1) + var(component.W(3), 0) * (one << 22) + var(component.W(3), 1) * (one << 44))); // W4,1 W5,1 W5,0 W5, -1 // 1234|567890123456789012.3456789012345678901234.5678901234567890123456 auto constraint_ram_10 = bp.add_constraint( - var(W4, -1) - (var(W5, -1) + var(W5, 0) * (one << 22) + var(W5, 1) * (one << 44) + var(W4, 1) * (one << 62))); + var(component.W(4), -1) - (var(component.W(5), -1) + var(component.W(5), 0) * (one << 22) + var(component.W(5), 1) * (one << 44) + var(component.W(4), 1) * (one << 62))); auto constraint_word_10 = bp.add_constraint( - var(W4, 0) - (var(W2, 1) + var(W5, -1) * (one << 2) + var(W5, 0) * (one << 24) + var(W5, 1) * (one << 46))); + var(component.W(4), 0) - (var(component.W(2), 1) + var(component.W(5), -1) * (one << 2) + var(component.W(5), 0) * (one << 24) + var(component.W(5), 1) * (one << 46))); // W7, 1 W7, 0 W7, -1 // 1234567890123.4567890123456789012345.6789012345678901234567 auto constraint_ram_11 = bp.add_constraint( - var(W6, -1) - (var(W7, -1) + var(W7, 0) * (one << 22) + var(W7, 1) * (one << 44))); + var(component.W(6), -1) - (var(component.W(7), -1) + var(component.W(7), 0) * (one << 22) + var(component.W(7), 1) * (one << 44))); auto constraint_word_11 = bp.add_constraint( - var(W6, 0) - (var(W4, 1) + var(W7, -1) * (one << 4) + var(W7, 0) * (one << (4 + 22)) + var(W7, 1) * (one << (4 + 44)) + var(W6, 1) * (one << 61))); + var(component.W(6), 0) - (var(component.W(4), 1) + var(component.W(7), -1) * (one << 4) + var(component.W(7), 0) * (one << (4 + 22)) + var(component.W(7), 1) * (one << (4 + 44)) + var(component.W(6), 1) * (one << 61))); bp.add_gate(first_selector_index + 2, {constraint_ram_8, constraint_ram_9, constraint_ram_10, constraint_ram_11, constraint_word_8, constraint_word_9, constraint_word_10, constraint_word_11}); @@ -775,30 +815,30 @@ namespace nil { // W0,1 W1,1 W1,0 (W1,-1 & W6,1-3) // 1234567890123456789012.3456789012345678901234.5678901234567890123|456 auto constraint_ram_12 = bp.add_constraint( - var(W0, -1) - (var(W1, -1) + var(W1, 0) * (one << 3) + var(W1, 1) * (one << 22) + var(W0, 1) * (one << 44))); + var(component.W(0), -1) - (var(component.W(1), -1) + var(component.W(1), 0) * (one << 3) + var(component.W(1), 1) * (one << 22) + var(component.W(0), 1) * (one << 44))); auto constraint_word_12 = bp.add_constraint( - var(W0, 0) - (var(W1, 0) + var(W1, 1) * (one << 19) + var(W0, 1) * (one << (19+22)) + var(W8, -1) * (one << 63))); + var(component.W(0), 0) - (var(component.W(1), 0) + var(component.W(1), 1) * (one << 19) + var(component.W(0), 1) * (one << (19+22)) + var(component.W(8), -1) * (one << 63))); // W2,1 W3,1 W3,0 W3, -1 W8, -1 // 1|234567890123456789012.3456789012345678901234.567890123456789012345|6 auto constraint_ram_13 = bp.add_constraint( - var(W2, -1) - (var(W8, -1) + var(W3, -1) * (1 << 1) + var(W3, 0) * (one << 22) + var(W3, 1) * (one << 44) + var(W2, 1) * (one << 65))); + var(component.W(2), -1) - (var(component.W(8), -1) + var(component.W(3), -1) * (1 << 1) + var(component.W(3), 0) * (one << 22) + var(component.W(3), 1) * (one << 44) + var(component.W(2), 1) * (one << 65))); auto constraint_word_13 = bp.add_constraint( - var(W2, 0) - (var(W3, -1) + var(W3, 0) * (one << (22-1)) + var(W3, 1) * (one << (22 + 22 - 1)))); + var(component.W(2), 0) - (var(component.W(3), -1) + var(component.W(3), 0) * (one << (22-1)) + var(component.W(3), 1) * (one << (22 + 22 - 1)))); // W4,1 W5,1 W5,0 W5, -1 // 123|4567890123456789012.3456789012345678901234.5678901234567890123456 auto constraint_ram_14 = bp.add_constraint( - var(W4, -1) - (var(W5, -1) + var(W5, 0) * (one << 22) + var(W5, 1) * (one << 44) + var(W4, 1) * (one << 63))); + var(component.W(4), -1) - (var(component.W(5), -1) + var(component.W(5), 0) * (one << 22) + var(component.W(5), 1) * (one << 44) + var(component.W(4), 1) * (one << 63))); auto constraint_word_14 = bp.add_constraint( - var(W4, 0) - (var(W2, 1) + var(W5, -1) * (1 << 1) + var(W5, 0) * (one << (22 + 1)) + var(W5, 1) * (one << (44 + 1)))); + var(component.W(4), 0) - (var(component.W(2), 1) + var(component.W(5), -1) * (1 << 1) + var(component.W(5), 0) * (one << (22 + 1)) + var(component.W(5), 1) * (one << (44 + 1)))); // W7, 1 W7, 0 W7, -1 // 1234567890123.4567890123456789012345.6789012345678901234567 auto constraint_ram_15 = bp.add_constraint( - var(W6, -1) - (var(W7, -1) + var(W7, 0) * (one << 22) + var(W7, 1) * (one << 44))); + var(component.W(6), -1) - (var(component.W(7), -1) + var(component.W(7), 0) * (one << 22) + var(component.W(7), 1) * (one << 44))); auto constraint_word_15 = bp.add_constraint( - var(W6, 0) - (var(W4, 1) + var(W7, -1) * (one << 3) + var(W7, 0) * (one << (3 + 22)) + var(W7, 1) * (one << (3 + 44)) + var(W6, 1) * (one << 60))); + var(component.W(6), 0) - (var(component.W(4), 1) + var(component.W(7), -1) * (one << 3) + var(component.W(7), 0) * (one << (3 + 22)) + var(component.W(7), 1) * (one << (3 + 44)) + var(component.W(6), 1) * (one << 60))); bp.add_gate(first_selector_index + 3, {constraint_ram_12, constraint_ram_13, constraint_ram_14, constraint_ram_15, constraint_word_12, constraint_word_13, constraint_word_14, constraint_word_15}); @@ -809,63 +849,64 @@ namespace nil { // W0,1 W1,1 W1,0 (W1,-1 & W6,1-3) // 1234567890123456789012.3456789012345678901234.567890123456789012|3456 auto constraint_ram_16 = bp.add_constraint( - var(W0, -1) - (var(W1, -1) + var(W1, 0) * (one << 4) + var(W1, 1) * (one << 22) + var(W0 ,1) * (one << 44))); + var(component.W(0), -1) - (var(component.W(1), -1) + var(component.W(1), 0) * (one << 4) + var(component.W(1), 1) * (one << 22) + var(component.W(0), 1) * (one << 44))); auto constraint_word_16 = bp.add_constraint( - var(W0, 0) - (var(W1, 0) + var(W1, 1) * (one << 18) + var(W0 ,1) * (one << (18+22)) + var(W3, -1) * (one << 62))); + var(component.W(0), 0) - (var(component.W(1), 0) + var(component.W(1), 1) * (one << 18) + var(component.W(0), 1) * (one << (18+22)) + var(component.W(3), -1) * (one << 62))); // W2,1 W3,1 W3,0 W3, -1 // |1234567890123456789012.3456789012345678901234.56789012345678901234|56 auto constraint_ram_17 = bp.add_constraint( - var(W2, -1) - (var(W3, -1) + var(W3, 0) * (one << 2) + var(W3, 1) * (one << 22) + var(W2, 1) * (one << 44))); + var(component.W(2), -1) - (var(component.W(3), -1) + var(component.W(3), 0) * (one << 2) + var(component.W(3), 1) * (one << 22) + var(component.W(2), 1) * (one << 44))); auto constraint_word_17 = bp.add_constraint( - var(W2, 0) - (var(W3, 0) + var(W3, 1) * (one << 20) + var(W2, 1) * (one << 42))); + var(component.W(2), 0) - (var(component.W(3), 0) + var(component.W(3), 1) * (one << 20) + var(component.W(2), 1) * (one << 42))); // W4,1 W5,1 W5,0 W5, -1 // 12|34567890123456789012.3456789012345678901234.5678901234567890123456 auto constraint_ram_18 = bp.add_constraint( - var(W4, -1) - (var(W5, -1) + var(W5, 0) * (one << 22) + var(W5, 1) * (one << 44) + var(W4, 1) * (one << 64))); + var(component.W(4), -1) - (var(component.W(5), -1) + var(component.W(5), 0) * (one << 22) + var(component.W(5), 1) * (one << 44) + var(component.W(4), 1) * (one << 64))); auto constraint_word_18 = bp.add_constraint( - var(W4, 0) - (var(W5, -1) + var(W5, 0) * (one << 22) + var(W5, 1) * (one << 44))); + var(component.W(4), 0) - (var(component.W(5), -1) + var(component.W(5), 0) * (one << 22) + var(component.W(5), 1) * (one << 44))); // W7, 1 W7, 0 W7, -1 // 12345678901234.5678901234567890123456.7890123456789012345678 auto constraint_ram_19 = bp.add_constraint( - var(W6, -1) - (var(W7, -1) + var(W7, 0) * (one << 22) + var(W7, 1) * (one << 44))); + var(component.W(6), -1) - (var(component.W(7), -1) + var(component.W(7), 0) * (one << 22) + var(component.W(7), 1) * (one << 44))); auto constraint_word_19 = bp.add_constraint( - var(W6, 0) - (var(W4, 1) + var(W7, -1) * (one << 2) + var(W7, 0) * (one << (2 + 22)) + var(W7, 1) * (one << (2 + 44)) + var(W8, 1) * (one << 60))); + var(component.W(6), 0) - (var(component.W(4), 1) + var(component.W(7), -1) * (one << 2) + var(component.W(7), 0) * (one << (2 + 22)) + var(component.W(7), 1) * (one << (2 + 44)) + var(component.W(8), 1) * (one << 60))); bp.add_gate(first_selector_index + 4, {constraint_ram_16, constraint_ram_17, constraint_ram_18, constraint_ram_19, constraint_word_16, constraint_word_17, constraint_word_18, constraint_word_19}); } + template + void generate_copy_constraints( + const plonk_sha512 &component, + circuit> &bp, + assignment> &assignment, + const typename plonk_sha512::input_type &instance_input, + const std::uint32_t start_row_index) { - static void generate_copy_constraints(blueprint &bp, - blueprint_public_assignment_table &assignment, - const params_type ¶ms, - const std::size_t &component_start_row) { - std::size_t row = component_start_row; + using ArithmetizationType = crypto3::zk::snark::plonk_constraint_system; + using var = typename sha512::var; + + std::size_t row = start_row_index; for(std::size_t i = 0; i < 4; i++) { - bp.add_copy_constraint ( { var(2*i, row + 0, false), params.R.x[i] } ); - bp.add_copy_constraint ( { var(2*i, row + 3, false), params.R.y[i] } ); - bp.add_copy_constraint ( { var(2*i, row + 6, false), params.A.x[i] } ); - bp.add_copy_constraint ( { var(2*i, row + 9, false), params.A.y[i] } ); - bp.add_copy_constraint ( { var(2*i, row + 12, false), params.M[i] } ); + bp.add_copy_constraint ( { var(component.W(2*i), row + 0, false), instance_input.R.x[i] } ); + bp.add_copy_constraint ( { var(component.W(2*i), row + 3, false), instance_input.R.y[i] } ); + bp.add_copy_constraint ( { var(component.W(2*i), row + 6, false), instance_input.A.x[i] } ); + bp.add_copy_constraint ( { var(component.W(2*i), row + 9, false), instance_input.A.y[i] } ); + bp.add_copy_constraint ( { var(component.W(2*i), row + 12, false), instance_input.M[i] } ); } - - - bp.add_copy_constraint( { var(W6, (row+4) - 3 + 1, false), var(W8, (row+4) - 1, false) }); + bp.add_copy_constraint( { var(component.W(6), (row+4) - 3 + 1, false), var(component.W(8), (row+4) - 1, false) }); for(std::size_t i = 0; i < 3; i++){ std::size_t current_row = row + 1 + 6 + 3*i; - bp.add_copy_constraint( { var(W6, (current_row - 3) + 1, false), var(W1, current_row - 1, false) }); + bp.add_copy_constraint( { var(component.W(6), (current_row - 3) + 1, false), var(component.W(1), current_row - 1, false) }); } - - } - }; } // namespace components } // namespace blueprint diff --git a/test/hashes/plonk/sha512.cpp b/test/hashes/plonk/sha512.cpp index 9c8182de1..8201dd3bb 100644 --- a/test/hashes/plonk/sha512.cpp +++ b/test/hashes/plonk/sha512.cpp @@ -47,12 +47,9 @@ using namespace nil; -BOOST_AUTO_TEST_SUITE(blueprint_plonk_test_suite) - -BOOST_AUTO_TEST_CASE(blueprint_plonk_sha512) { - - using curve_type = algebra::curves::pallas; - using BlueprintFieldType = typename curve_type::base_field_type; +//////////////////////////////////////// +template +void test_sha512(std::vector public_input){ constexpr std::size_t WitnessColumns = 9; constexpr std::size_t PublicInputColumns = 5; @@ -65,17 +62,53 @@ BOOST_AUTO_TEST_CASE(blueprint_plonk_sha512) { crypto3::zk::snark::plonk_arithmetization_params; using ArithmetizationType = crypto3::zk::snark::plonk_constraint_system; using AssignmentType = blueprint::assignment; + + using component_type = blueprint::components::sha512; + using var = crypto3::zk::snark::plonk_variable; - using component_type = blueprint::components::sha512; - using ed25519_type = algebra::curves::ed25519; + std::array e_R_x = { + var(0, 0, false, var::column_type::public_input), var(0, 1, false, var::column_type::public_input), + var(0, 2, false, var::column_type::public_input), var(0, 3, false, var::column_type::public_input)}; + std::array e_R_y = { + var(0, 4, false, var::column_type::public_input), var(0, 5, false, var::column_type::public_input), + var(0, 6, false, var::column_type::public_input), var(0, 7, false, var::column_type::public_input)}; + std::array pk_x = { + var(0, 8, false, var::column_type::public_input), var(0, 9, false, var::column_type::public_input), + var(0, 10, false, var::column_type::public_input), var(0, 11, false, var::column_type::public_input)}; + std::array pk_y = { + var(0, 12, false, var::column_type::public_input), var(0, 13, false, var::column_type::public_input), + var(0, 14, false, var::column_type::public_input), var(0, 15, false, var::column_type::public_input)}; + std::array M = { + var(0, 16, false, var::column_type::public_input), var(0, 17, false, var::column_type::public_input), + var(0, 18, false, var::column_type::public_input), var(0, 19, false, var::column_type::public_input)}; + typename component_type::input_type instance_input = {{e_R_x, e_R_y}, {pk_x, pk_y}, M}; + + + auto result_check = [](AssignmentType &assignment, + typename component_type::result_type &real_res) {}; + + component_type component_instance({0, 1, 2, 3, 4, 5, 6, 7, 8},{0, 1},{0, 1, 2, 3, 4}); + + nil::crypto3::test_component (component_instance, public_input, result_check, instance_input); +} + +BOOST_AUTO_TEST_SUITE(blueprint_plonk_test_suite) + +BOOST_AUTO_TEST_CASE(blueprint_plonk_sha512) { + auto start = std::chrono::high_resolution_clock::now(); + + using curve_type = crypto3::algebra::curves::pallas; + using BlueprintFieldType = typename curve_type::base_field_type; + + using ed25519_type = crypto3::algebra::curves::ed25519; - ed25519_type::template g1_type::value_type B = - ed25519_type::template g1_type::value_type::one(); - ed25519_type::template g1_type::value_type R = 2 * B; - ed25519_type::scalar_field_type::value_type b = algebra::random_element(); - ed25519_type::template g1_type::value_type T = b * R; + ed25519_type::template g1_type::value_type B = + ed25519_type::template g1_type::value_type::one(); + ed25519_type::template g1_type::value_type R = 2 * B; + ed25519_type::scalar_field_type::value_type b = crypto3::algebra::random_element(); + ed25519_type::template g1_type::value_type T = b * R; ed25519_type::base_field_type::integral_type Tx = ed25519_type::base_field_type::integral_type(T.X.data); ed25519_type::base_field_type::integral_type Ty = ed25519_type::base_field_type::integral_type(T.Y.data); @@ -103,26 +136,12 @@ BOOST_AUTO_TEST_CASE(blueprint_plonk_sha512) { mask, mask, (mask >> 8)}; - std::array e_R_x = { - var(0, 0, false, var::column_type::public_input), var(0, 1, false, var::column_type::public_input), - var(0, 2, false, var::column_type::public_input), var(0, 3, false, var::column_type::public_input)}; - std::array e_R_y = { - var(0, 4, false, var::column_type::public_input), var(0, 5, false, var::column_type::public_input), - var(0, 6, false, var::column_type::public_input), var(0, 7, false, var::column_type::public_input)}; - std::array pk_x = { - var(0, 8, false, var::column_type::public_input), var(0, 9, false, var::column_type::public_input), - var(0, 10, false, var::column_type::public_input), var(0, 11, false, var::column_type::public_input)}; - std::array pk_y = { - var(0, 12, false, var::column_type::public_input), var(0, 13, false, var::column_type::public_input), - var(0, 14, false, var::column_type::public_input), var(0, 15, false, var::column_type::public_input)}; - std::array M = { - var(0, 16, false, var::column_type::public_input), var(0, 17, false, var::column_type::public_input), - var(0, 18, false, var::column_type::public_input), var(0, 19, false, var::column_type::public_input)}; - typename component_type::params_type params = {{e_R_x, e_R_y}, {pk_x, pk_y}, M}; + + + test_sha512(public_input); - auto result_check = [](AssignmentType &assignment, component_type::result_type &real_res) {}; - test_component(params, public_input, - result_check); + auto duration = std::chrono::duration_cast(std::chrono::high_resolution_clock::now() - start); + std::cout << "sha512_test: " << duration.count() << "ms" << std::endl; } BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file