Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
Classes | Typedefs | Functions
aes128_constraint.test.cpp File Reference
#include "aes128_constraint.hpp"
#include "acir_format.hpp"
#include "barretenberg/circuit_checker/circuit_checker.hpp"
#include "barretenberg/crypto/aes128/aes128.hpp"
#include "barretenberg/dsl/acir_format/test_class.hpp"
#include "barretenberg/dsl/acir_format/utils.hpp"
#include "barretenberg/numeric/random/engine.hpp"
#include <cstdint>
#include <gtest/gtest.h>
#include <vector>

Go to the source code of this file.

Classes

class  AES128TestingFunctions< Builder_, IsPlaintextConstant, IsKeyConstant, IsIVConstant >
 Testing functions to generate the AES128Test test suite. More...
 
class  AES128TestingFunctions< Builder_, IsPlaintextConstant, IsKeyConstant, IsIVConstant >::InvalidWitness
 
class  AES128TestAllWitness< Builder >
 
class  AES128TestConstantPlaintext< Builder >
 
class  AES128TestConstantKey< Builder >
 
class  AES128TestConstantIV< Builder >
 
class  AES128TestAllConstant< Builder >
 
class  AES128RangeConstraintTest
 

Typedefs

using BuilderTypes = testing::Types< UltraCircuitBuilder, MegaCircuitBuilder >
 

Functions

 TYPED_TEST_SUITE (AES128TestAllWitness, BuilderTypes)
 
 TYPED_TEST (AES128TestAllWitness, GenerateVKFromConstraints)
 
 TYPED_TEST (AES128TestAllWitness, Tampering)
 
 TYPED_TEST_SUITE (AES128TestConstantPlaintext, BuilderTypes)
 
 TYPED_TEST (AES128TestConstantPlaintext, GenerateVKFromConstraints)
 
 TYPED_TEST (AES128TestConstantPlaintext, Tampering)
 
 TYPED_TEST_SUITE (AES128TestConstantKey, BuilderTypes)
 
 TYPED_TEST (AES128TestConstantKey, GenerateVKFromConstraints)
 
 TYPED_TEST (AES128TestConstantKey, Tampering)
 
 TYPED_TEST_SUITE (AES128TestConstantIV, BuilderTypes)
 
 TYPED_TEST (AES128TestConstantIV, GenerateVKFromConstraints)
 
 TYPED_TEST (AES128TestConstantIV, Tampering)
 
 TYPED_TEST_SUITE (AES128TestAllConstant, BuilderTypes)
 
 TYPED_TEST (AES128TestAllConstant, GenerateVKFromConstraints)
 
 TYPED_TEST (AES128TestAllConstant, Tampering)
 
 TEST_F (AES128RangeConstraintTest, PlaintextOutOfRangeFails)
 Test that plaintext byte values > 255 cause circuit failure at the RANGE CONSTRAINT, not at the lookup tables.
 
 TEST_F (AES128RangeConstraintTest, KeyOutOfRangeFails)
 Test that key byte values > 255 cause circuit failure at the RANGE CONSTRAINT.
 
 TEST_F (AES128RangeConstraintTest, IVOutOfRangeFails)
 Test that IV byte values > 255 cause circuit failure at the RANGE CONSTRAINT.
 
 TEST_F (AES128RangeConstraintTest, OutputOutOfRangeFails)
 Test that output byte values > 255 cause circuit failure at the RANGE CONSTRAINT.
 

Typedef Documentation

◆ BuilderTypes

using BuilderTypes = testing::Types<UltraCircuitBuilder, MegaCircuitBuilder>

Definition at line 244 of file aes128_constraint.test.cpp.

Function Documentation

◆ TEST_F() [1/4]

TEST_F ( AES128RangeConstraintTest  ,
IVOutOfRangeFails   
)

Test that IV byte values > 255 cause circuit failure at the RANGE CONSTRAINT.

Same logic with correct byte ordering: 256 in LSB position overflows to adjacent byte.

Definition at line 588 of file aes128_constraint.test.cpp.

◆ TEST_F() [2/4]

TEST_F ( AES128RangeConstraintTest  ,
KeyOutOfRangeFails   
)

Test that key byte values > 255 cause circuit failure at the RANGE CONSTRAINT.

Same logic as PlaintextOutOfRangeFails with correct byte ordering:

  • 256 in LSB position (index 15) overflows to 1 in position 14

Definition at line 543 of file aes128_constraint.test.cpp.

◆ TEST_F() [3/4]

TEST_F ( AES128RangeConstraintTest  ,
OutputOutOfRangeFails   
)

Test that output byte values > 255 cause circuit failure at the RANGE CONSTRAINT.

For outputs, we provide witnesses that pack to the same value using LSB overflow: If valid output is [..., X, Y], then [..., X-1, Y+256] packs to the same value: (X-1)*256^1 + (Y+256)*256^0 = X*256 - 256 + Y + 256 = X*256 + Y

Definition at line 635 of file aes128_constraint.test.cpp.

◆ TEST_F() [4/4]

TEST_F ( AES128RangeConstraintTest  ,
PlaintextOutOfRangeFails   
)

Test that plaintext byte values > 255 cause circuit failure at the RANGE CONSTRAINT, not at the lookup tables.

This tests the "overflow attack" scenario with correct byte ordering:

  • Packing is big-endian: byte[0] is MSB (×256^15), byte[15] is LSB (×256^0)
  • Attacker provides plaintext [..., 0, 256] (256 in LSB position 15)
  • packed = 256 * 256^0 = 256
  • When sliced: 256 % 256 = 0, 256 / 256 = 1 → slices = [0, 1, 0, ...]
  • This corresponds to valid plaintext [..., 1, 0] (1 in position 14)

The range constraint should catch this attack.

Definition at line 488 of file aes128_constraint.test.cpp.

◆ TYPED_TEST() [1/10]

TYPED_TEST ( AES128TestAllConstant  ,
GenerateVKFromConstraints   
)

Definition at line 349 of file aes128_constraint.test.cpp.

◆ TYPED_TEST() [2/10]

TYPED_TEST ( AES128TestAllConstant  ,
Tampering   
)

Definition at line 355 of file aes128_constraint.test.cpp.

◆ TYPED_TEST() [3/10]

TYPED_TEST ( AES128TestAllWitness  ,
GenerateVKFromConstraints   
)

Definition at line 258 of file aes128_constraint.test.cpp.

◆ TYPED_TEST() [4/10]

TYPED_TEST ( AES128TestAllWitness  ,
Tampering   
)

Definition at line 264 of file aes128_constraint.test.cpp.

◆ TYPED_TEST() [5/10]

TYPED_TEST ( AES128TestConstantIV  ,
GenerateVKFromConstraints   
)

Definition at line 326 of file aes128_constraint.test.cpp.

◆ TYPED_TEST() [6/10]

TYPED_TEST ( AES128TestConstantIV  ,
Tampering   
)

Definition at line 332 of file aes128_constraint.test.cpp.

◆ TYPED_TEST() [7/10]

TYPED_TEST ( AES128TestConstantKey  ,
GenerateVKFromConstraints   
)

Definition at line 303 of file aes128_constraint.test.cpp.

◆ TYPED_TEST() [8/10]

TYPED_TEST ( AES128TestConstantKey  ,
Tampering   
)

Definition at line 309 of file aes128_constraint.test.cpp.

◆ TYPED_TEST() [9/10]

TYPED_TEST ( AES128TestConstantPlaintext  ,
GenerateVKFromConstraints   
)

Definition at line 280 of file aes128_constraint.test.cpp.

◆ TYPED_TEST() [10/10]

TYPED_TEST ( AES128TestConstantPlaintext  ,
Tampering   
)

Definition at line 286 of file aes128_constraint.test.cpp.

◆ TYPED_TEST_SUITE() [1/5]

TYPED_TEST_SUITE ( AES128TestAllConstant  ,
BuilderTypes   
)

◆ TYPED_TEST_SUITE() [2/5]

TYPED_TEST_SUITE ( AES128TestAllWitness  ,
BuilderTypes   
)

◆ TYPED_TEST_SUITE() [3/5]

TYPED_TEST_SUITE ( AES128TestConstantIV  ,
BuilderTypes   
)

◆ TYPED_TEST_SUITE() [4/5]

TYPED_TEST_SUITE ( AES128TestConstantKey  ,
BuilderTypes   
)

◆ TYPED_TEST_SUITE() [5/5]

TYPED_TEST_SUITE ( AES128TestConstantPlaintext  ,
BuilderTypes   
)