Barretenberg: src/barretenberg/vm2/simulation/lib/contract_crypto.cpp Source File

#include "barretenberg/vm2/simulation/lib/contract_crypto.hpp"


#include "barretenberg/crypto/poseidon2/poseidon2.hpp"

#include "barretenberg/crypto/poseidon2/poseidon2_params.hpp"

#include "barretenberg/vm2/common/aztec_constants.hpp"


namespace bb::avm2::simulation {


using poseidon2 = crypto::Poseidon2<crypto::Poseidon2Bn254ScalarFieldParams>;


std::vector<FF> encode_bytecode(std::span<const uint8_t> bytecode)

{

    size_t bytecode_len = bytecode.size();


    auto bytecode_field_at = [&](size_t i) -> FF {

        // We need to read uint256_ts because reading FFs messes up the order of the bytes.

        uint256_t as_int = 0;

        if (bytecode_len - i >= 32) {

            as_int = from_buffer<uint256_t>(bytecode, i);

        } else {

            std::vector<uint8_t> tail(bytecode.begin() + static_cast<ssize_t>(i), bytecode.end());

            tail.resize(32, 0);

            as_int = from_buffer<uint256_t>(tail, 0);

        }

        return as_int >> 8;

    };


    std::vector<FF> contract_bytecode_fields;

    auto number_of_fields = (bytecode_len + 30) / 31;

    contract_bytecode_fields.reserve(number_of_fields);


    for (uint32_t i = 0; i < bytecode_len; i += 31) {

        FF bytecode_field = bytecode_field_at(i);

        contract_bytecode_fields.push_back(bytecode_field);

    }


    return contract_bytecode_fields;

}


// Takes the size of the bytecode in bytes and computes the field prepended to the public bytecode

// commitment hash.


FF compute_public_bytecode_first_field(size_t bytecode_size)

{

    // Note: Shifting by 32 (4 bytes). This value was chosen to keep the value of the first field small, avoiding having

    // to change types further down the stack. The maximum first field is currently:

    // Fr<0x00000000000000000000000000000000000000000000000000016b480f8411f1> From: max fields in bytes = 3000 * 31 =

    // 16b48, Dom sep = f8411f1

    static_assert(DOM_SEP__PUBLIC_BYTECODE <= UINT32_MAX, "Public bytecode domain separator must fit in 32 bits");

    return uint256_t(DOM_SEP__PUBLIC_BYTECODE) + uint256_t(bytecode_size << 32);

}


FF compute_public_bytecode_commitment(std::span<const uint8_t> bytecode)

{

    std::vector<FF> inputs = { compute_public_bytecode_first_field(bytecode.size()) };

    auto bytecode_as_fields = encode_bytecode(bytecode);

    inputs.insert(inputs.end(), bytecode_as_fields.begin(), bytecode_as_fields.end());

    return poseidon2::hash(inputs);

}


FF compute_contract_class_id(const FF& artifact_hash, const FF& private_fn_root, const FF& public_bytecode_commitment)

{

    return poseidon2::hash({ DOM_SEP__CONTRACT_CLASS_ID, artifact_hash, private_fn_root, public_bytecode_commitment });

}


FF hash_public_keys(const PublicKeys& public_keys)

{

    std::vector<FF> public_keys_hash_fields = public_keys.to_fields();


    std::vector<FF> public_key_hash_vec{ DOM_SEP__PUBLIC_KEYS_HASH };

    for (size_t i = 0; i < public_keys_hash_fields.size(); i += 2) {

        public_key_hash_vec.push_back(public_keys_hash_fields[i]);

        public_key_hash_vec.push_back(public_keys_hash_fields[i + 1]);

        // is_infinity will be removed from address preimage, asumming false.

        public_key_hash_vec.push_back(FF::zero());

    }

    return poseidon2::hash({ public_key_hash_vec });

}


FF compute_contract_address(const ContractInstance& contract_instance)

{

    FF salted_initialization_hash = poseidon2::hash({ DOM_SEP__PARTIAL_ADDRESS,

                                                      contract_instance.salt,

                                                      contract_instance.initialization_hash,

                                                      contract_instance.deployer });

    FF partial_address = poseidon2::hash(

        { DOM_SEP__PARTIAL_ADDRESS, contract_instance.original_contract_class_id, salted_initialization_hash });


    FF public_keys_hash = hash_public_keys(contract_instance.public_keys);

    FF h = poseidon2::hash({ DOM_SEP__CONTRACT_ADDRESS_V1, public_keys_hash, partial_address });

    // This is safe since BN254_Fr < GRUMPKIN_Fr so we know there is no modulo reduction

    grumpkin::fr h_fq = grumpkin::fr(h);

    BB_ASSERT(contract_instance.public_keys.incoming_viewing_key.on_curve(),

              "Incoming viewing key is not on the curve when computing contract address");

    return (grumpkin::g1::affine_one * h_fq + contract_instance.public_keys.incoming_viewing_key).x;

}


FF compute_calldata_hash(std::span<const FF> calldata)

{

    std::vector<FF> calldata_with_sep = { DOM_SEP__PUBLIC_CALLDATA };

    for (const auto& value : calldata) {

        // Note: Using `insert` breaks GCC.

        calldata_with_sep.push_back(value);

    }

    return poseidon2::hash(calldata_with_sep);

}


} // namespace bb::avm2::simulation

BB_ASSERT
#define BB_ASSERT(expression,...)
Definition assert.hpp:70

bytecode
std::shared_ptr< Napi::ThreadSafeFunction > bytecode
Definition avm_simulate_napi.cpp:131

aztec_constants.hpp

DOM_SEP__PARTIAL_ADDRESS
#define DOM_SEP__PARTIAL_ADDRESS
Definition aztec_constants.hpp:269

DOM_SEP__PUBLIC_BYTECODE
#define DOM_SEP__PUBLIC_BYTECODE
Definition aztec_constants.hpp:266

DOM_SEP__PUBLIC_CALLDATA
#define DOM_SEP__PUBLIC_CALLDATA
Definition aztec_constants.hpp:272

DOM_SEP__PUBLIC_KEYS_HASH
#define DOM_SEP__PUBLIC_KEYS_HASH
Definition aztec_constants.hpp:268

DOM_SEP__CONTRACT_ADDRESS_V1
#define DOM_SEP__CONTRACT_ADDRESS_V1
Definition aztec_constants.hpp:270

DOM_SEP__CONTRACT_CLASS_ID
#define DOM_SEP__CONTRACT_CLASS_ID
Definition aztec_constants.hpp:267

bb::avm2::calldata
Definition calldata.hpp:33

bb::crypto::Poseidon2< crypto::Poseidon2Bn254ScalarFieldParams >

bb::crypto::Poseidon2< crypto::Poseidon2Bn254ScalarFieldParams >::hash
static FF hash(const std::vector< FF > &input)
Hashes a vector of field elements.

bb::group_elements::affine_element::on_curve
constexpr bool on_curve() const noexcept
Definition affine_element_impl.hpp:125

bb::group::affine_one
static constexpr affine_element affine_one
Definition group.hpp:48

bb::numeric::uint256_t
Definition uint256.hpp:32

value
FF value
Definition indexed_tree_check.test.cpp:67

contract_crypto.hpp

poseidon2.hpp

inputs
AvmProvingInputs inputs
Definition hinting_dbs.test.cpp:45

bb::avm2::simulation
AVM range check gadget for witness generation.
Definition address_derivation_event.hpp:6

bb::avm2::simulation::compute_public_bytecode_commitment
FF compute_public_bytecode_commitment(std::span< const uint8_t > bytecode)
Definition contract_crypto.cpp:52

bb::avm2::simulation::hash_public_keys
FF hash_public_keys(const PublicKeys &public_keys)
Definition contract_crypto.cpp:65

bb::avm2::simulation::encode_bytecode
std::vector< FF > encode_bytecode(std::span< const uint8_t > bytecode)
Definition contract_crypto.cpp:11

bb::avm2::simulation::compute_contract_class_id
FF compute_contract_class_id(const FF &artifact_hash, const FF &private_fn_root, const FF &public_bytecode_commitment)
Definition contract_crypto.cpp:60

bb::avm2::simulation::compute_public_bytecode_first_field
FF compute_public_bytecode_first_field(size_t bytecode_size)
Definition contract_crypto.cpp:42

bb::avm2::simulation::compute_calldata_hash
FF compute_calldata_hash(std::span< const FF > calldata)
Definition contract_crypto.cpp:97

bb::avm2::simulation::compute_contract_address
FF compute_contract_address(const ContractInstance &contract_instance)
Definition contract_crypto.cpp:79

bb::avm2::FF
AvmFlavorSettings::FF FF
Definition field.hpp:10

bb::grumpkin::fr
bb::fq fr
Definition grumpkin.hpp:21

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

poseidon2_params.hpp

bb::avm2::ContractInstance
Definition aztec_types.hpp:116

bb::avm2::ContractInstance::initialization_hash
FF initialization_hash
Definition aztec_types.hpp:121

bb::avm2::ContractInstance::deployer
AztecAddress deployer
Definition aztec_types.hpp:118

bb::avm2::ContractInstance::public_keys
PublicKeys public_keys
Definition aztec_types.hpp:122

bb::avm2::ContractInstance::original_contract_class_id
ContractClassId original_contract_class_id
Definition aztec_types.hpp:120

bb::avm2::ContractInstance::salt
FF salt
Definition aztec_types.hpp:117

bb::avm2::PublicKeys
Definition aztec_types.hpp:87

bb::avm2::PublicKeys::incoming_viewing_key
AffinePoint incoming_viewing_key
Definition aztec_types.hpp:89

bb::avm2::PublicKeys::to_fields
std::vector< FF > to_fields() const
Definition aztec_types.hpp:93

bb::field< Bn254FqParams >

bb::field< bb::Bn254FrParams >::zero
static constexpr field zero()
Definition field_declarations.hpp:277