Barretenberg: src/barretenberg/solidity_helpers/circuits/ecdsa_circuit.hpp Source File

#pragma once

#include "barretenberg/crypto/ecdsa/ecdsa.hpp"

#include "barretenberg/crypto/hashers/hashers.hpp"

#include "barretenberg/crypto/sha256/sha256.hpp"

#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"

#include "barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp"

#include "barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp"

#include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp"

#include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp"

#include "barretenberg/stdlib/primitives/bool/bool.hpp"

#include "barretenberg/stdlib/primitives/curves/secp256k1.hpp"

#include "barretenberg/stdlib/primitives/field/field.hpp"

#include "barretenberg/stdlib/primitives/witness/witness.hpp"

#include "barretenberg/stdlib/special_public_inputs/special_public_inputs.hpp"


namespace bb {


class EcdsaCircuit {

  public:

    using Builder = bb::UltraCircuitBuilder;

    using field_ct = stdlib::field_t<Builder>;

    using bool_ct = stdlib::bool_t<Builder>;

    using public_witness_ct = stdlib::public_witness_t<Builder>;

    using byte_array_ct = stdlib::byte_array<Builder>;

    using curve = stdlib::secp256k1<Builder>;

    using IO = stdlib::recursion::honk::DefaultIO<Builder>;


    static constexpr size_t NUM_PUBLIC_INPUTS = 6;


    static Builder generate(uint256_t public_inputs[])

    {

        Builder builder;


        // IN CIRCUIT

        // Create an input buffer from public inputs (treating each as a single byte)

        typename curve::byte_array_ct input_buffer(&builder, std::vector<uint8_t>());

        for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) {

            field_ct byte_value = public_witness_ct(&builder, public_inputs[i]);

            // Constrain to be a single byte and create byte_array

            typename curve::byte_array_ct single_byte(byte_value, 1);

            input_buffer.write(single_byte);

        }


        // This is the message that we would like to confirm

        std::string message_string(NUM_PUBLIC_INPUTS, '\0');

        for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) {

            message_string[i] = static_cast<char>(static_cast<uint8_t>(public_inputs[i]));

        }

        auto message = typename curve::byte_array_ct(&builder, message_string);


        // Assert that the public inputs buffer matches the message we want

        for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) {

            input_buffer[i].assert_equal(message[i]);

        }


        // UNCONSTRAINED: create a random keypair to sign with

        crypto::ecdsa_key_pair<typename curve::fr, typename curve::g1> account;

        account.private_key = curve::fr::random_element();

        account.public_key = curve::g1::one * account.private_key;


        // UNCONSTRAINED: create a sig

        crypto::ecdsa_signature signature = crypto::

            ecdsa_construct_signature<crypto::Sha256Hasher, typename curve::fq, typename curve::fr, typename curve::g1>(

                message_string, account);


        // UNCONSTRAINED: verify the created signature

        bool dry_run = crypto::

            ecdsa_verify_signature<crypto::Sha256Hasher, typename curve::fq, typename curve::fr, typename curve::g1>(

                message_string, account.public_key, signature);

        if (!dry_run) {

            throw_or_abort("[non circuit]: Sig verification failed");

        }


        // IN CIRCUIT: create a witness with the pub key in our circuit

        typename curve::g1_bigfr_ct public_key = curve::g1_bigfr_ct::from_witness(&builder, account.public_key);


        std::vector<uint8_t> rr(signature.r.begin(), signature.r.end());

        std::vector<uint8_t> ss(signature.s.begin(), signature.s.end());


        // IN CIRCUIT: create a witness with the sig in our circuit

        stdlib::ecdsa_signature<Builder> sig{ typename curve::byte_array_ct(&builder, rr),

                                              typename curve::byte_array_ct(&builder, ss) };


        // Compute H(m) natively and pass as witness (mirrors ACIR which takes pre-hashed message)

        auto hash_arr = crypto::sha256(std::vector<uint8_t>(message_string.begin(), message_string.end()));

        stdlib::byte_array<Builder> hashed_message(&builder, std::vector<uint8_t>(hash_arr.begin(), hash_arr.end()));


        // IN CIRCUIT: verify the signature

        typename curve::bool_ct signature_result = stdlib::ecdsa_verify_signature<Builder,

                                                                                  curve,

                                                                                  typename curve::fq_ct,

                                                                                  typename curve::bigfr_ct,

                                                                                  typename curve::g1_bigfr_ct>(

            // hashed_message, public_key, sig);

            hashed_message,

            public_key,

            sig);


        // Assert the signature is true

        signature_result.assert_equal(bool_ct(true));


        IO::add_default(builder);


        return builder;

    }


};


} // namespace bb

bigfield.hpp

biggroup.hpp

bb::EcdsaCircuit
Definition ecdsa_circuit.hpp:18

bb::EcdsaCircuit::NUM_PUBLIC_INPUTS
static constexpr size_t NUM_PUBLIC_INPUTS
Definition ecdsa_circuit.hpp:28

bb::EcdsaCircuit::bool_ct
stdlib::bool_t< Builder > bool_ct
Definition ecdsa_circuit.hpp:22

bb::EcdsaCircuit::Builder
bb::UltraCircuitBuilder Builder
Definition ecdsa_circuit.hpp:20

bb::EcdsaCircuit::public_witness_ct
stdlib::public_witness_t< Builder > public_witness_ct
Definition ecdsa_circuit.hpp:23

bb::EcdsaCircuit::curve
stdlib::secp256k1< Builder > curve
Definition ecdsa_circuit.hpp:25

bb::EcdsaCircuit::generate
static Builder generate(uint256_t public_inputs[])
Definition ecdsa_circuit.hpp:30

bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:40

bb::group::one
static constexpr element one
Definition group.hpp:46

bb::numeric::uint256_t
Definition uint256.hpp:32

bb::stdlib::bool_t
Implements boolean logic in-circuit.
Definition bool.hpp:60

bb::stdlib::bool_t::assert_equal
void assert_equal(const bool_t &rhs, std::string const &msg="bool_t::assert_equal") const
Implements copy constraint for bool_t elements.
Definition bool.cpp:433

bb::stdlib::byte_array
Represents a dynamic array of bytes in-circuit.
Definition byte_array.hpp:29

bb::stdlib::byte_array::write
byte_array & write(byte_array const &other)
Appends the contents of another byte_array (other) to the end of this one.
Definition byte_array.cpp:263

bb::stdlib::field_t< Builder >

bb::stdlib::public_witness_t
Definition witness.hpp:59

bb::stdlib::recursion::honk::DefaultIO
Manages the data that is propagated on the public inputs of an application/function circuit.
Definition special_public_inputs.hpp:154

bb::stdlib::recursion::honk::DefaultIO::add_default
static void add_default(Builder &builder)
Add default public inputs when they are not present.
Definition special_public_inputs.hpp:200

builder
AluTraceBuilder builder
Definition alu.test.cpp:124

ecdsa.hpp

sha256.hpp

grumpkin.hpp

hashers.hpp

bb::crypto::sha256
Sha256Hash sha256(const ByteContainer &input)
SHA-256 hash function (FIPS 180-4)
Definition sha256.cpp:150

bb::stdlib::ecdsa_verify_signature
bool_t< Builder > ecdsa_verify_signature(const stdlib::byte_array< Builder > &hashed_message, const G1 &public_key, const ecdsa_signature< Builder > &sig)
Verify ECDSA signature. Returns bool_t(true/false) depending on whether the signature is valid or not...
Definition ecdsa_impl.hpp:67

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::UltraCircuitBuilder
UltraCircuitBuilder_< UltraExecutionTraceBlocks > UltraCircuitBuilder
Definition circuit_builders_fwd.hpp:18

ecdsa.hpp

ecdsa_impl.hpp

bool.hpp

secp256k1.hpp

field.hpp

special_public_inputs.hpp

bb::crypto::ecdsa_key_pair
Definition ecdsa.hpp:22

bb::crypto::ecdsa_key_pair::public_key
G1::affine_element public_key
Definition ecdsa.hpp:24

bb::crypto::ecdsa_key_pair::private_key
Fr private_key
Definition ecdsa.hpp:23

bb::crypto::ecdsa_signature
Definition ecdsa.hpp:30

bb::crypto::ecdsa_signature::r
std::array< uint8_t, 32 > r
Definition ecdsa.hpp:31

bb::crypto::ecdsa_signature::s
std::array< uint8_t, 32 > s
Definition ecdsa.hpp:32

bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:783

bb::stdlib::ecdsa_signature
Definition ecdsa.hpp:14

bb::stdlib::secp256k1
Definition secp256k1.hpp:17

bb::stdlib::secp256k1::byte_array_ct
byte_array< Builder > byte_array_ct
Definition secp256k1.hpp:42

bb::stdlib::secp256k1::fq_ct
bigfield< Builder, typename ::bb::secp256k1::FqParams > fq_ct
Definition secp256k1.hpp:45

bb::stdlib::secp256k1::g1_bigfr_ct
element< Builder, fq_ct, bigfr_ct, g1 > g1_bigfr_ct
Definition secp256k1.hpp:48

bb::stdlib::secp256k1::bigfr_ct
bigfield< Builder, typename ::bb::secp256k1::FrParams > bigfr_ct
Definition secp256k1.hpp:46

throw_or_abort
void throw_or_abort(std::string const &err)
Definition throw_or_abort.hpp:6

witness.hpp