Barretenberg: src/barretenberg/solidity_helpers/circuits/ecdsa_circuit.hpp Source File

#pragma once

#include "barretenberg/crypto/ecdsa/ecdsa.hpp"

#include "barretenberg/crypto/hashers/hashers.hpp"

#include "barretenberg/crypto/sha256/sha256.hpp"

#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"

#include "barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp"

#include "barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp"

#include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp"

#include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp"

#include "barretenberg/stdlib/primitives/bool/bool.hpp"

#include "barretenberg/stdlib/primitives/curves/secp256k1.hpp"

#include "barretenberg/stdlib/primitives/field/field.hpp"

#include "barretenberg/stdlib/primitives/witness/witness.hpp"

#include "barretenberg/stdlib/special_public_inputs/special_public_inputs.hpp"


namespace bb {


class EcdsaCircuit {

  public:

    using Builder = bb::UltraCircuitBuilder;

    using field_ct = stdlib::field_t<Builder>;

    using bool_ct = stdlib::bool_t<Builder>;

    using public_witness_ct = stdlib::public_witness_t<Builder>;

    using byte_array_ct = stdlib::byte_array<Builder>;

    using curve = stdlib::secp256k1<Builder>;

    using base_field = typename curve::BaseField;

    using scalar_field = typename curve::ScalarField;

    using base_field_native = typename curve::BaseFieldNative;

    using scalar_field_native = typename curve::ScalarFieldNative;

    using group_native = typename curve::GroupNative;

    using group = typename curve::Group;

    using IO = stdlib::recursion::honk::DefaultIO<Builder>;


    static constexpr size_t NUM_PUBLIC_INPUTS = 6;


    static Builder generate(uint256_t public_inputs[])

    {

        Builder builder;


        // IN CIRCUIT

        // Create an input buffer from public inputs (treating each as a single byte)

        byte_array_ct input_buffer(&builder, std::vector<uint8_t>());

        for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) {

            field_ct byte_value = public_witness_ct(&builder, public_inputs[i]);

            // Constrain to be a single byte and create byte_array

            byte_array_ct single_byte(byte_value, 1);

            input_buffer.write(single_byte);

        }


        // This is the message that we would like to confirm

        std::string message_string(NUM_PUBLIC_INPUTS, '\0');

        for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) {

            message_string[i] = static_cast<char>(static_cast<uint8_t>(public_inputs[i]));

        }

        auto message = byte_array_ct(&builder, message_string);


        // Assert that the public inputs buffer matches the message we want

        for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) {

            input_buffer[i].assert_equal(message[i]);

        }


        // UNCONSTRAINED: create a random keypair to sign with

        crypto::ecdsa_key_pair<scalar_field_native, group_native> account;

        account.private_key = curve::ScalarFieldNative::random_element();

        account.public_key = curve::GroupNative::one * account.private_key;


        // UNCONSTRAINED: create a sig

        crypto::ecdsa_signature signature = crypto::

            ecdsa_construct_signature<crypto::Sha256Hasher, base_field_native, scalar_field_native, group_native>(

                message_string, account);


        // UNCONSTRAINED: verify the created signature

        bool dry_run =

            crypto::ecdsa_verify_signature<crypto::Sha256Hasher, base_field_native, scalar_field_native, group_native>(

                message_string, account.public_key, signature);

        if (!dry_run) {

            throw_or_abort("[non circuit]: Sig verification failed");

        }


        // IN CIRCUIT: create a witness with the pub key in our circuit

        group public_key = group::from_witness(&builder, account.public_key);


        std::vector<uint8_t> rr(signature.r.begin(), signature.r.end());

        std::vector<uint8_t> ss(signature.s.begin(), signature.s.end());


        // IN CIRCUIT: create a witness with the sig in our circuit

        stdlib::ecdsa_signature<Builder> sig{ byte_array_ct(&builder, rr), byte_array_ct(&builder, ss) };


        // Compute H(m) natively and pass as witness (mirrors ACIR which takes pre-hashed message)

        auto hash_arr = crypto::sha256(std::vector<uint8_t>(message_string.begin(), message_string.end()));

        byte_array_ct hashed_message(&builder, std::vector<uint8_t>(hash_arr.begin(), hash_arr.end()));


        // IN CIRCUIT: verify the signature

        bool_ct signature_result = stdlib::ecdsa_verify_signature<Builder, curve, base_field, scalar_field, group>(

            // hashed_message, public_key, sig);

            hashed_message,

            public_key,

            sig);


        // Assert the signature is true

        signature_result.assert_equal(bool_ct(true));


        IO::add_default(builder);


        return builder;

    }


};


} // namespace bb

bigfield.hpp

biggroup.hpp

bb::EcdsaCircuit
Definition ecdsa_circuit.hpp:18

bb::EcdsaCircuit::NUM_PUBLIC_INPUTS
static constexpr size_t NUM_PUBLIC_INPUTS
Definition ecdsa_circuit.hpp:34

bb::EcdsaCircuit::bool_ct
stdlib::bool_t< Builder > bool_ct
Definition ecdsa_circuit.hpp:22

bb::EcdsaCircuit::base_field_native
typename curve::BaseFieldNative base_field_native
Definition ecdsa_circuit.hpp:28

bb::EcdsaCircuit::group_native
typename curve::GroupNative group_native
Definition ecdsa_circuit.hpp:30

bb::EcdsaCircuit::scalar_field_native
typename curve::ScalarFieldNative scalar_field_native
Definition ecdsa_circuit.hpp:29

bb::EcdsaCircuit::group
typename curve::Group group
Definition ecdsa_circuit.hpp:31

bb::EcdsaCircuit::public_witness_ct
stdlib::public_witness_t< Builder > public_witness_ct
Definition ecdsa_circuit.hpp:23

bb::EcdsaCircuit::byte_array_ct
stdlib::byte_array< Builder > byte_array_ct
Definition ecdsa_circuit.hpp:24

bb::EcdsaCircuit::base_field
typename curve::BaseField base_field
Definition ecdsa_circuit.hpp:26

bb::EcdsaCircuit::scalar_field
typename curve::ScalarField scalar_field
Definition ecdsa_circuit.hpp:27

bb::EcdsaCircuit::generate
static Builder generate(uint256_t public_inputs[])
Definition ecdsa_circuit.hpp:36

bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:40

bb::numeric::uint256_t
Definition uint256.hpp:32

bb::stdlib::bool_t
Implements boolean logic in-circuit.
Definition bool.hpp:60

bb::stdlib::bool_t::assert_equal
void assert_equal(const bool_t &rhs, std::string const &msg="bool_t::assert_equal") const
Implements copy constraint for bool_t elements.
Definition bool.cpp:433

bb::stdlib::byte_array
Represents a dynamic array of bytes in-circuit.
Definition byte_array.hpp:29

bb::stdlib::byte_array::write
byte_array & write(byte_array const &other)
Appends the contents of another byte_array (other) to the end of this one.
Definition byte_array.cpp:263

bb::stdlib::field_t< Builder >

bb::stdlib::public_witness_t
Definition witness.hpp:59

bb::stdlib::recursion::honk::DefaultIO
Manages the data that is propagated on the public inputs of an application/function circuit.
Definition special_public_inputs.hpp:154

bb::stdlib::recursion::honk::DefaultIO::add_default
static void add_default(Builder &builder)
Add default public inputs when they are not present.
Definition special_public_inputs.hpp:200

builder
AluTraceBuilder builder
Definition alu.test.cpp:124

ecdsa.hpp

sha256.hpp

grumpkin.hpp

hashers.hpp

bb::crypto::sha256
Sha256Hash sha256(const ByteContainer &input)
SHA-256 hash function (FIPS 180-4)
Definition sha256.cpp:150

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::UltraCircuitBuilder
UltraCircuitBuilder_< UltraExecutionTraceBlocks > UltraCircuitBuilder
Definition circuit_builders_fwd.hpp:18

ecdsa.hpp

ecdsa_impl.hpp

bool.hpp

secp256k1.hpp

field.hpp

special_public_inputs.hpp

bb::crypto::ecdsa_key_pair
Definition ecdsa.hpp:22

bb::crypto::ecdsa_key_pair::public_key
G1::affine_element public_key
Definition ecdsa.hpp:24

bb::crypto::ecdsa_key_pair::private_key
Fr private_key
Definition ecdsa.hpp:23

bb::crypto::ecdsa_signature
Definition ecdsa.hpp:30

bb::crypto::ecdsa_signature::r
std::array< uint8_t, 32 > r
Definition ecdsa.hpp:31

bb::crypto::ecdsa_signature::s
std::array< uint8_t, 32 > s
Definition ecdsa.hpp:32

bb::stdlib::ecdsa_signature
Definition ecdsa.hpp:14

bb::stdlib::secp256k1
Definition secp256k1.hpp:17

bb::stdlib::secp256k1::BaseFieldNative
::bb::secp256k1::fq BaseFieldNative
Definition secp256k1.hpp:23

bb::stdlib::secp256k1::ScalarField
bigfield< CircuitType, typename ::bb::secp256k1::FrParams > ScalarField
Definition secp256k1.hpp:29

bb::stdlib::secp256k1::ScalarFieldNative
::bb::secp256k1::fr ScalarFieldNative
Definition secp256k1.hpp:22

bb::stdlib::secp256k1::BaseField
bigfield< CircuitType, typename ::bb::secp256k1::FqParams > BaseField
Definition secp256k1.hpp:30

bb::stdlib::secp256k1::GroupNative
::bb::secp256k1::g1 GroupNative
Definition secp256k1.hpp:24

bb::stdlib::secp256k1::Group
element< CircuitType, BaseField, ScalarField, GroupNative > Group
Definition secp256k1.hpp:31

throw_or_abort
void throw_or_abort(std::string const &err)
Definition throw_or_abort.hpp:6

witness.hpp