feat(avm): constrain sha256 #11048
feat(avm): constrain sha256 #11048
Conversation
This stack of pull requests is managed by Graphite. Learn more about stacking. |
IlyasRidhuan
force-pushed
the
ir/01-03-feat_constrain_sha256
branch
from
edd1c61 to
1f4a5bf
Compare
IlyasRidhuan
requested review from
jeanmon,
fcarreiro and
Maddiaa0
as code owners
IlyasRidhuan
requested review from
fcarreiro and
dbanks12
and removed request for
fcarreiro and
Maddiaa0
IlyasRidhuan
force-pushed
the
ir/01-03-feat_constrain_sha256
branch
from
1f4a5bf to
87cef77
Compare
| sel * (1 - sel) = 0; | ||
| // For the XOR lookups | ||
| pol commit xor_sel; | ||
| perform_round * (xor_sel - 2) = 0; |
There was a problem hiding this comment.
We should introduce constant for op_id of OR, AND, XOR and use it instead of hardcoded '2'.
| perform_round * (xor_sel - 2) = 0; | ||
| // For the AND lookups | ||
| pol commit and_sel; | ||
| and_sel = 0; |
There was a problem hiding this comment.
Same as above.
Maybe add a note that, once we support constant in a tuple member of a lookup, we will not need to define this column anymore.
|
|
||
| // Counter | ||
| pol commit rounds_remaining; | ||
| start * (rounds_remaining - 64) + perform_round * (rounds_remaining - rounds_remaining' - 1) = 0; |
There was a problem hiding this comment.
Please define a constant for 64.
| }; | ||
|
|
||
| template <typename DestRow> | ||
| void merge_into(DestRow& dest, FixedSha256ConstantsTable::Sha256ConstantsRow const& src, uint32_t multiplicity) |
There was a problem hiding this comment.
| void merge_into(DestRow& dest, FixedSha256ConstantsTable::Sha256ConstantsRow const& src, uint32_t multiplicity) | |
| void merge_into(DestRow& dest, const FixedSha256ConstantsTable::Sha256ConstantsRow& src, uint32_t multiplicity) |
| }; | ||
|
|
||
| template <typename DestRow> | ||
| void merge_into(DestRow& dest, FixedSha256ConstantsTable::Sha256ConstantsRow const& src, uint32_t multiplicity) |
There was a problem hiding this comment.
| void merge_into(DestRow& dest, FixedSha256ConstantsTable::Sha256ConstantsRow const& src, uint32_t multiplicity) | |
| void merge_into(DestRow& dest, const FixedSha256ConstantsTable::Sha256ConstantsRow& src, uint32_t multiplicity) |
| return output; | ||
| } | ||
|
|
||
| static std::tuple<uint32_t, uint32_t> bit_limbs(uint32_t const& a, uint8_t const b) |
There was a problem hiding this comment.
| static std::tuple<uint32_t, uint32_t> bit_limbs(uint32_t const& a, uint8_t const b) | |
| static std::tuple<uint32_t, uint32_t> bit_limbs(const uint32_t a, const uint8_t b) |
| { | ||
|
|
||
| for (size_t i = 0; i < sha256_trace.size(); i++) { | ||
| auto const& src = sha256_trace.at(i); |
There was a problem hiding this comment.
| auto const& src = sha256_trace.at(i); | |
| const auto& src = sha256_trace.at(i); |
IlyasRidhuan
force-pushed
the
ir/01-03-feat_constrain_sha256
branch
from
87cef77 to
eb03f46
Compare
IlyasRidhuan
force-pushed
the
ir/01-03-feat_constrain_sha256
branch
from
eb03f46 to
8c6e5a8
Compare
IlyasRidhuan
changed the base branch from
master
to
ir/01-21-fix_hardcode_value_in_constants
IlyasRidhuan
force-pushed
the
ir/01-03-feat_constrain_sha256
branch
3 times, most recently
from
1f891fb to
c6ffba9
Compare
IlyasRidhuan
force-pushed
the
ir/01-03-feat_constrain_sha256
branch
from
c6ffba9 to
c3f7087
Compare
IlyasRidhuan
force-pushed
the
ir/01-03-feat_constrain_sha256
branch
from
c3f7087 to
6f9fbd0
Compare
barretenberg/cpp/src/barretenberg/vm2/constraining/relations/sha256.test.cpp
Show resolved
Hide resolved
barretenberg/cpp/src/barretenberg/vm2/constraining/relations/sha256.test.cpp
Show resolved
Hide resolved
barretenberg/cpp/src/barretenberg/vm2/constraining/relations/sha256.test.cpp
Show resolved
Hide resolved
|
|
||
| check_relation<sha256>(rows); | ||
| } | ||
|
|
There was a problem hiding this comment.
No negative tests now or no negative tests ever? :)
| } | ||
|
|
||
| // Computes and returns the message schedule (w) value for that round, and inserts witness data into the trace. | ||
| uint32_t Sha256TraceBuilder::compute_w_with_witness(std::array<uint32_t, 16> prev_w_helpers, TraceContainer& trace) |
There was a problem hiding this comment.
I will consider taking the trace in the constructor so that we can eventually avoid passing it everywhere.
| namespace sha256; | ||
|
|
||
| // Memory ops | ||
| pol commit state_offset; |
There was a problem hiding this comment.
We are not indenting in the other files, since there is only 1 namespace expected, does it make sense?
There was a problem hiding this comment.
i like the indentation - i feel like it makes things easier to read tbh
| // Load 8 elements representing the state from memory. | ||
| for (uint32_t i = 0; i < 8; ++i) { | ||
| auto memory_value = memory.get(state_addr + i).value; | ||
| /*Check Tag is U32 */ |
There was a problem hiding this comment.
missing " ", same below in the other check tag
| // Load 16 elements representing the input from memory. | ||
| for (uint32_t i = 0; i < 16; ++i) { | ||
| auto memory_value = memory.get(input_addr + i).value; | ||
| /*Check Tag is U32 */ |
There was a problem hiding this comment.
Is this an error handling TODO? Do you need to check the tags here? if yes please make explicit
There was a problem hiding this comment.
I'll add the TODO, the tag check is dependent on where we expect to enforce it (i.e in the memory trace or in the calling trace).
I guess we havent landed on what the approach will be yet
| MemoryAddress output_addr) override; | ||
|
|
||
| private: | ||
| EventEmitterInterface<Sha256CompressionEvent>& events; |
There was a problem hiding this comment.
Please add a TODO that we should be using "deduplicating events" here. I'll build the infra at some point.
Sorry, that was wrong. This is memory aware.
Most of the sha256 constraints. The main things missing are:
We'll delay this until vm2 re-design