Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(avm): sha256 round read #12032

Merged
merged 1 commit into from
Feb 21, 2025
Merged

feat(avm): sha256 round read #12032

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 8 additions & 10 deletions barretenberg/cpp/pil/vm2/sha256.pil
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,8 @@ namespace sha256;
pol commit sel;
sel * (1 - sel) = 0;

// TODO: This skippable condition makes verification fail.
// Re-check after https://github.com/AztecProtocol/aztec-packages/pull/10598 is merged.
// #[skippable_if]
// sel = 0;
#[skippable_if]
sel = 0;

// These are needed while we can't use constant values in lookups.
// For the XOR lookups
Expand All @@ -61,8 +59,10 @@ namespace sha256;
// Start Row
pol commit start;
start * (1 - start) = 0;
// If the current row is latched and the next row is "on", the next row is the start of the new computation
start' - (latch * sel') = 0;
// If the current row is latched (or the first row) and the next row is "on", the next row is the start of the new computation
// We add the first row conditions so we dont need to latch the first row.
// TODO: Revisit this condition once we agree on how to handle the first_row <> latch interaction
start' - ((latch + precomputed.first_row) * sel') = 0;

// Selector to stop after 64 rounds
pol commit latch;
Expand All @@ -71,9 +71,7 @@ namespace sha256;
// We perform a compression operation if we are not at a latched row
pol commit perform_round;
perform_round - (sel * (1 - latch)) = 0;
// Temp while we don't have the lookups enabled
pol commit dummy_zero;
dummy_zero = 0;

pol LAST = sel * latch;

// Counter
Expand Down Expand Up @@ -268,7 +266,7 @@ namespace sha256;
// Lookup round constants
pol commit round_constant;
#[ROUND_CONSTANT]
sel {round_count, round_constant}
perform_round {round_count, round_constant}
in
precomputed.sel_sha256_compression {precomputed.clk, precomputed.sha256_compression_round_constant};

Expand Down
63 changes: 59 additions & 4 deletions barretenberg/cpp/src/barretenberg/vm2/constraining/relations/sha256.test.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,13 @@

#include "barretenberg/vm2/constraining/testing/check_relation.hpp"
#include "barretenberg/vm2/generated/flavor_settings.hpp"
#include "barretenberg/vm2/generated/relations/lookups_sha256.hpp"
#include "barretenberg/vm2/generated/relations/sha256.hpp"
#include "barretenberg/vm2/simulation/events/event_emitter.hpp"
#include "barretenberg/vm2/simulation/memory.hpp"
#include "barretenberg/vm2/testing/macros.hpp"
#include "barretenberg/vm2/tracegen/lib/lookup_into_indexed_by_clk.hpp"
#include "barretenberg/vm2/tracegen/precomputed_trace.hpp"
#include "barretenberg/vm2/tracegen/sha256_trace.hpp"
// Temporary imports, see comment in test.
#include "barretenberg/vm2/common/memory_types.hpp"
Expand All @@ -22,10 +25,22 @@ namespace {

using ::testing::ReturnRef;
using ::testing::StrictMock;

using simulation::EventEmitter;
using simulation::Memory;
using simulation::MemoryEvent;
using simulation::NoopEventEmitter;
using simulation::Sha256;
using simulation::Sha256CompressionEvent;

using tracegen::TestTraceContainer;

using FF = AvmFlavorSettings::FF;
using C = Column;
using sha256 = bb::avm2::sha256<FF>;
using tracegen::LookupIntoIndexedByClk;

using lookup_sha256_round_relation = bb::avm2::lookup_sha256_round_constant_relation<FF>;

TEST(Sha256ConstrainingTest, EmptyRow)
{
Expand All @@ -41,13 +56,13 @@ TEST(Sha256ConstrainingTest, EmptyRow)
// TOOD: Replace this with a hardcoded test vector and write a negative test
TEST(Sha256ConstrainingTest, Basic)
{
simulation::NoopEventEmitter<simulation::MemoryEvent> emitter;
simulation::Memory mem(/*space_id=*/0, emitter);
NoopEventEmitter<MemoryEvent> emitter;
Memory mem(/*space_id=*/0, emitter);
StrictMock<simulation::MockContext> context;
EXPECT_CALL(context, get_memory()).WillRepeatedly(ReturnRef(mem));

simulation::EventEmitter<simulation::Sha256CompressionEvent> sha256_event_emitter;
simulation::Sha256 sha256_gadget(sha256_event_emitter);
EventEmitter<Sha256CompressionEvent> sha256_event_emitter;
Sha256 sha256_gadget(sha256_event_emitter);

std::array<uint32_t, 8> state = { 0, 1, 2, 3, 4, 5, 6, 7 };
MemoryAddress state_addr = 0;
Expand All @@ -66,6 +81,7 @@ TEST(Sha256ConstrainingTest, Basic)
sha256_gadget.compression(context, state_addr, input_addr, dst_addr);
sha256_gadget.compression(context, state_addr, input_addr, dst_addr);
TestTraceContainer trace;
trace.set(C::precomputed_first_row, 0, 1);
tracegen::Sha256TraceBuilder builder(trace);

const auto sha256_event_container = sha256_event_emitter.dump_events();
Expand All @@ -74,5 +90,44 @@ TEST(Sha256ConstrainingTest, Basic)
check_relation<sha256>(trace);
}

TEST(Sha256ConstrainingTest, Interaction)
{
NoopEventEmitter<MemoryEvent> emitter;
Memory mem(/*space_id=*/0, emitter);
StrictMock<simulation::MockContext> context;
EXPECT_CALL(context, get_memory()).WillRepeatedly(ReturnRef(mem));

EventEmitter<Sha256CompressionEvent> sha256_event_emitter;
Sha256 sha256_gadget(sha256_event_emitter);

std::array<uint32_t, 8> state = { 0, 1, 2, 3, 4, 5, 6, 7 };
MemoryAddress state_addr = 0;
for (uint32_t i = 0; i < 8; ++i) {
mem.set(state_addr + i, state[i], MemoryTag::U32);
}

std::array<uint32_t, 16> input = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 };
MemoryAddress input_addr = 8;
for (uint32_t i = 0; i < 16; ++i) {
mem.set(input_addr + i, input[i], MemoryTag::U32);
}
MemoryAddress dst_addr = 25;

sha256_gadget.compression(context, state_addr, input_addr, dst_addr);

TestTraceContainer trace;
tracegen::Sha256TraceBuilder builder(trace);
tracegen::PrecomputedTraceBuilder precomputed_builder;
// Build just enough clk rows for the lookup
precomputed_builder.process_misc(trace, 65);
precomputed_builder.process_sha256_round_constants(trace);

builder.process(sha256_event_emitter.get_events());
LookupIntoIndexedByClk<lookup_sha256_round_relation::Settings>().process(trace);

check_relation<sha256>(trace);
check_interaction<lookup_sha256_round_relation>(trace);
}

} // namespace
} // namespace bb::avm2::constraining
6 changes: 3 additions & 3 deletions barretenberg/cpp/src/barretenberg/vm2/generated/columns.hpp
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions barretenberg/cpp/src/barretenberg/vm2/generated/flavor.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,12 +78,12 @@ class AvmFlavor {
static constexpr bool HasZK = false;

static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 16;
static constexpr size_t NUM_WITNESS_ENTITIES = 695;
static constexpr size_t NUM_WITNESS_ENTITIES = 694;
static constexpr size_t NUM_SHIFTED_ENTITIES = 83;
static constexpr size_t NUM_WIRES = NUM_WITNESS_ENTITIES + NUM_PRECOMPUTED_ENTITIES;
// We have two copies of the witness entities, so we subtract the number of fixed ones (they have no shift), one for
// the unshifted and one for the shifted
static constexpr size_t NUM_ALL_ENTITIES = 794;
static constexpr size_t NUM_ALL_ENTITIES = 793;

// Need to be templated for recursive verifier
template <typename FF_>
Expand Down
8 changes: 4 additions & 4 deletions barretenberg/cpp/src/barretenberg/vm2/generated/relations/lookups_sha256.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ class lookup_sha256_round_constant_settings {
static constexpr size_t WRITE_TERM_DEGREE = 0;

// Columns using the Column enum.
static constexpr Column SRC_SELECTOR = Column::sha256_sel;
static constexpr Column SRC_SELECTOR = Column::sha256_perform_round;
static constexpr Column DST_SELECTOR = Column::precomputed_sel_sha256_compression;
static constexpr Column COUNTS = Column::lookup_sha256_round_constant_counts;
static constexpr Column INVERSES = Column::lookup_sha256_round_constant_inv;
Expand All @@ -39,14 +39,14 @@ class lookup_sha256_round_constant_settings {

template <typename AllEntities> static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in)
{
return (in._sha256_sel() == 1 || in._precomputed_sel_sha256_compression() == 1);
return (in._sha256_perform_round() == 1 || in._precomputed_sel_sha256_compression() == 1);
}

template <typename Accumulator, typename AllEntities>
static inline auto compute_inverse_exists(const AllEntities& in)
{
using View = typename Accumulator::View;
const auto is_operation = View(in._sha256_sel());
const auto is_operation = View(in._sha256_perform_round());
const auto is_table_entry = View(in._precomputed_sel_sha256_compression());
return (is_operation + is_table_entry - is_operation * is_table_entry);
}
Expand All @@ -65,7 +65,7 @@ class lookup_sha256_round_constant_settings {
{
return std::forward_as_tuple(in._lookup_sha256_round_constant_inv(),
in._lookup_sha256_round_constant_counts(),
in._sha256_sel(),
in._sha256_perform_round(),
in._precomputed_sel_sha256_compression(),
in._sha256_round_count(),
in._sha256_round_constant(),
Expand Down
Loading
Loading