Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
aes128_constraint.cpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Complete, auditors: [Khashayar], commit: 21476601b111f046f023474465598843e4cfd8ac}
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#include "aes128_constraint.hpp"
8#include "barretenberg/dsl/acir_format/acir_format.hpp"
9#include "barretenberg/stdlib/encryption/aes128/aes128.hpp"
10#include <cstdint>
11#include <cstdio>
12#include <span>
13
14using namespace bb;
15
16namespace acir_format {
17
18template <typename Builder> void create_aes128_constraints(Builder& builder, const AES128Constraint& constraint)
19{
20
21 using field_ct = bb::stdlib::field_t<Builder>;
22 // Packs 16 bytes from the inputs (plaintext, iv, key) into a field element
23 // Note that noir-stdlib already pads the inputs in accordance with PKCS7 padding scheme.
24 BB_ASSERT(constraint.inputs.size() % 16 == 0, "Inputs must be a multiple of 16");
25 const auto convert_input = [&](std::span<const WitnessOrConstant<bb::fr>, std::dynamic_extent> inputs,
26 Builder& builder) {
27 field_ct converted = 0;
28 for (size_t i = 0; i < 16; ++i) {
29 converted *= 256;
30 field_ct byte = to_field_ct(inputs[i], builder);
31 // Noir enforces bytes to be in the range [0, 255] by type declarations, however, if inputs are taken
32 // from
33 // ACIR directly, these ranges should be enforced by the range constraint. In case these range
34 // constraints already exist we won't be paying for the extra constraint.
35 byte.create_range_constraint(8);
36 converted += byte;
37 }
38 return converted;
39 };
40
41 // Packs 16 bytes from the outputs (witness indexes) into a field element for comparison
42 const auto convert_output = [&](std::span<const uint32_t, 16> outputs) {
43 field_ct converted = 0;
44 for (const auto& output : outputs) {
45 converted *= 256;
46 field_ct byte = field_ct::from_witness_index(&builder, output);
47 // Noir enforces bytes to be in the range [0, 255] by type declarations, however, if inputs are taken from
48 // ACIR directly, these ranges should be enforced by the range constraint. In case these range constraints
49 // already exist we won't be paying for the extra constraint.
50 byte.create_range_constraint(8);
51 converted += byte;
52 }
53 return converted;
54 };
55
56 // Perform the conversions from array of bytes to field elements
57 std::vector<field_ct> converted_inputs;
58 for (size_t i = 0; i < constraint.inputs.size(); i += 16) {
59 field_ct to_add;
60
61 to_add = convert_input(
62 std::span<const WitnessOrConstant<bb::fr>, std::dynamic_extent>{ &constraint.inputs[i], 16 }, builder);
63
64 converted_inputs.emplace_back(to_add);
65 }
66
67 std::vector<field_ct> converted_outputs;
68 for (size_t i = 0; i < constraint.outputs.size(); i += 16) {
69 std::span<const uint32_t, 16> outputs{ &constraint.outputs[i], 16 };
70 converted_outputs.emplace_back(convert_output(outputs));
71 }
72
73 const std::vector<field_ct> output_bytes = bb::stdlib::aes128::encrypt_buffer_cbc<Builder>(
74 converted_inputs, convert_input(constraint.iv, builder), convert_input(constraint.key, builder));
75
76 for (size_t i = 0; i < output_bytes.size(); ++i) {
77 output_bytes[i].assert_equal(converted_outputs[i]);
78 }
79}
80
81template void create_aes128_constraints<UltraCircuitBuilder>(UltraCircuitBuilder& builder,
82 const AES128Constraint& constraint);
83
84template void create_aes128_constraints<MegaCircuitBuilder>(MegaCircuitBuilder& builder,
85 const AES128Constraint& constraint);
86
87} // namespace acir_format
acir_format.hpp
aes128_constraint.hpp
BB_ASSERT
#define BB_ASSERT(expression,...)
Definition assert.hpp:70
bb::MegaCircuitBuilder_
Definition mega_circuit_builder.hpp:19
bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:40
bb::stdlib::field_t< Builder >
bb::stdlib::field_t< Builder >::from_witness_index
static field_t from_witness_index(Builder *ctx, uint32_t witness_index)
Definition field.cpp:67
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
inputs
AvmProvingInputs inputs
Definition hinting_dbs.test.cpp:45
acir_format
Definition acir_format.cpp:30
acir_format::create_aes128_constraints< MegaCircuitBuilder >
template void create_aes128_constraints< MegaCircuitBuilder >(MegaCircuitBuilder &builder, const AES128Constraint &constraint)
acir_format::create_aes128_constraints< UltraCircuitBuilder >
template void create_aes128_constraints< UltraCircuitBuilder >(UltraCircuitBuilder &builder, const AES128Constraint &constraint)
acir_format::create_aes128_constraints
void create_aes128_constraints(Builder &builder, const AES128Constraint &constraint)
Definition aes128_constraint.cpp:18
acir_format::to_field_ct
bb::stdlib::field_t< Builder > to_field_ct(const WitnessOrConstant< typename Builder::FF > &input, Builder &builder)
Definition witness_constant.hpp:39
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
acir_format::AES128Constraint
Definition aes128_constraint.hpp:16
acir_format::AES128Constraint::iv
std::array< WitnessOrConstant< bb::fr >, 16 > iv
Definition aes128_constraint.hpp:18
acir_format::AES128Constraint::outputs
std::vector< uint32_t > outputs
Definition aes128_constraint.hpp:20
acir_format::AES128Constraint::inputs
std::vector< WitnessOrConstant< bb::fr > > inputs
Definition aes128_constraint.hpp:17
acir_format::AES128Constraint::key
std::array< WitnessOrConstant< bb::fr >, 16 > key
Definition aes128_constraint.hpp:19
acir_format::WitnessOrConstant
Definition witness_constant.hpp:12