From 6eef7aa253d720d102206fcd3cdb3763431dd003 Mon Sep 17 00:00:00 2001 From: Bartosz Nowak Date: Wed, 31 Jul 2024 12:20:58 +0200 Subject: [PATCH 1/7] update changes --- src/air/public_input.cairo | 5 +++-- src/common/blake2s_u8.cairo | 10 ---------- src/common/hasher.cairo | 6 ++++-- src/common/tests/test_blake2s_u8.cairo | 16 ++-------------- src/stark.cairo | 2 +- 5 files changed, 10 insertions(+), 29 deletions(-) diff --git a/src/air/public_input.cairo b/src/air/public_input.cairo index b89b475b9..0ada83ebf 100644 --- a/src/air/public_input.cairo +++ b/src/air/public_input.cairo @@ -65,7 +65,7 @@ trait PublicInputTrait { } // Computes the hash of the public input, which is used as the initial seed for the Fiat-Shamir heuristic. -fn get_public_input_hash(public_input: @PublicInput) -> felt252 { +fn get_public_input_hash(public_input: @PublicInput, n_verifier_friendly_commitment_layers: felt252) -> felt252 { // Main page hash. let mut main_page_hash_state = PedersenTrait::new(0); let mut i: u32 = 0; @@ -81,6 +81,7 @@ fn get_public_input_hash(public_input: @PublicInput) -> felt252 { let main_page_hash = main_page_hash_state.finalize(); let mut hash_data = ArrayTrait::::new(); + hash_data.append(n_verifier_friendly_commitment_layers); hash_data.append(*public_input.log_n_steps); hash_data.append(*public_input.range_check_min); hash_data.append(*public_input.range_check_max); @@ -193,7 +194,7 @@ mod tests { #[available_gas(9999999999)] fn test_get_public_input_hash() { let public_input = get(); - let hash = get_public_input_hash(@public_input); + let hash = get_public_input_hash(@public_input, 20); assert( hash == 0xaf91f2c71f4a594b1575d258ce82464475c82d8fb244142d0db450491c1b52, 'Hash invalid' diff --git a/src/common/blake2s_u8.cairo b/src/common/blake2s_u8.cairo index 71be4cf98..63a0f765e 100644 --- a/src/common/blake2s_u8.cairo +++ b/src/common/blake2s_u8.cairo @@ -7,16 +7,6 @@ fn blake2s(data: Array) -> u256 { blake2s_final(state) } -// A 160 LSB truncated version of blake2s. -// hash: -// blake2s(x, y) & ~((1<<96) - 1). -fn truncated_blake2s(data: Array) -> felt252 { - // Truncate hash - convert value to felt, by taking the least significant 160 bits. - (blake2s(data).flip_endianness() % 0x10000000000000000000000000000000000000000) - .try_into() - .unwrap() -} - // internals: fn load32(p0: u8, p1: u8, p2: u8, p3: u8) -> u32 { diff --git a/src/common/hasher.cairo b/src/common/hasher.cairo index a8827ac3b..a90e3b883 100644 --- a/src/common/hasher.cairo +++ b/src/common/hasher.cairo @@ -11,7 +11,9 @@ use cairo_verifier::common::{ // blake2s_u8(data) // } // fn hash_truncated(data: Array) -> felt252 { -// truncated_blake2s(data) +// (blake2s(data).flip_endianness() & 0x00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF) +// .try_into() +// .unwrap() // } // fn hash(data: Array) -> u256 { // blake2s(data) @@ -28,7 +30,7 @@ fn hash_n_bytes(mut data: Array, n: u8, hash_len: bool) -> u256 { } fn hash_truncated(mut data: Array) -> felt252 { (keccak::cairo_keccak(ref data, 0, 0) - .flip_endianness() % 0x10000000000000000000000000000000000000000) + .flip_endianness() & 0x00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF) .try_into() .unwrap() } diff --git a/src/common/tests/test_blake2s_u8.cairo b/src/common/tests/test_blake2s_u8.cairo index 39e315e80..972979778 100644 --- a/src/common/tests/test_blake2s_u8.cairo +++ b/src/common/tests/test_blake2s_u8.cairo @@ -1,5 +1,5 @@ use cairo_verifier::common::{ - array_append::ArrayAppendTrait, blake2s_u8::{blake2s, truncated_blake2s, load32} + array_append::ArrayAppendTrait, blake2s_u8::{blake2s, load32} }; fn get_arr_v1(n: u32) -> Array { @@ -88,16 +88,4 @@ fn test_blake2s_v2() { ) == 0x5229f5d506302edae36f9cac3f5d176cd9b6aa8420da6d74d7956789099faf70, 'invalid hash (2)' ); -} - -#[test] -#[available_gas(9999999999)] -fn test_truncated_blake2s() { - let mut data = ArrayTrait::::new(); - data.append_big_endian(1157029198022238202306346125123666191662554108005); - data.append_big_endian(129252051435949032402481343903845417193011527432); - assert( - truncated_blake2s(data) == 642191007116032514313255519742888271333651019057, - 'invalid truncated_blake2s' - ); -} +} \ No newline at end of file diff --git a/src/stark.cairo b/src/stark.cairo index 09d08521f..7f26a08be 100644 --- a/src/stark.cairo +++ b/src/stark.cairo @@ -89,7 +89,7 @@ impl StarkProofImpl of StarkProofTrait { self.public_input.validate(@stark_domains); // Compute the initial hash seed for the Fiat-Shamir channel. - let digest = get_public_input_hash(self.public_input); + let digest = get_public_input_hash(self.public_input, *self.config.n_verifier_friendly_commitment_layers); // Construct the channel. let mut channel = ChannelImpl::new(digest); From da8bf658ac701eb91c08134a34283152c6390aea Mon Sep 17 00:00:00 2001 From: Bartosz Nowak Date: Wed, 31 Jul 2024 14:01:23 +0200 Subject: [PATCH 2/7] public memory fixes --- src/air/layouts/recursive/public_input.cairo | 30 ++++++++++++++----- .../public_input.cairo | 28 ++++++++++++----- src/air/layouts/small/public_input.cairo | 28 ++++++++++++----- src/air/layouts/starknet/public_input.cairo | 28 ++++++++++++----- .../starknet_with_keccak/public_input.cairo | 28 ++++++++++++----- src/air/public_input.cairo | 20 ++++++++++++- src/air/public_memory.cairo | 21 +++++++++---- 7 files changed, 136 insertions(+), 47 deletions(-) diff --git a/src/air/layouts/recursive/public_input.cairo b/src/air/layouts/recursive/public_input.cairo index ab73b9456..ae1d0634a 100644 --- a/src/air/layouts/recursive/public_input.cairo +++ b/src/air/layouts/recursive/public_input.cairo @@ -1,3 +1,5 @@ +use core::array::ArrayTrait; +use core::traits::Into; use cairo_verifier::{ common::{ math::{pow, Felt252PartialOrd, Felt252Div}, @@ -10,7 +12,10 @@ use cairo_verifier::{ segments, get_builtins, CPU_COMPONENT_HEIGHT, CPU_COMPONENT_STEP, LAYOUT_CODE, PEDERSEN_BUILTIN_ROW_RATIO, RANGE_CHECK_BUILTIN_ROW_RATIO, BITWISE_ROW_RATIO }, - public_input::{PublicInput, PublicInputTrait, verify_cairo1_public_input} + public_input::{ + PublicInput, PublicInputTrait, verify_cairo1_public_input, + get_builtins as get_program_builtins + } }, domains::StarkDomains }; @@ -36,7 +41,8 @@ impl RecursivePublicInputImpl of PublicInputTrait { // TODO support more pages? assert(self.continuous_page_headers.len() == 0, 'Invalid continuous_page_headers'); - let builtins = get_builtins(); + let layout_builtins = get_builtins(); + let program_builtins = get_program_builtins(); let memory = self.main_page; // 1. Program segment @@ -55,7 +61,7 @@ impl RecursivePublicInputImpl of PublicInputTrait { assert( *program[0] == 0x40780017fff7fff, 'Invalid program' ); // Instruction: ap += N_BUILTINS. - assert(*program[1] == builtins.len().into(), 'Invalid program'); + assert(*program[1] == program_builtins.len().into(), 'Invalid program'); assert(*program[2] == 0x1104800180018000, 'Invalid program'); // Instruction: call rel ?. assert(*program[4] == 0x10780017fff7fff, 'Invalid program'); // Instruction: jmp rel 0. assert(*program[5] == 0x0, 'Invalid program'); @@ -76,10 +82,10 @@ impl RecursivePublicInputImpl of PublicInputTrait { // 2.2 Main arguments and return values let mut begin_addresses = ArrayTrait::new(); let mut stop_addresses = ArrayTrait::new(); + let layout_builtins_len = layout_builtins.len(); let mut i = 0; - let builtins_len = builtins.len(); loop { - if i == builtins_len { + if i == layout_builtins_len { break; } @@ -88,12 +94,20 @@ impl RecursivePublicInputImpl of PublicInputTrait { i += 1; }; - memory.verify_stack(initial_ap, begin_addresses.span(), builtins_len, ref memory_index); memory .verify_stack( - final_ap - builtins_len.into(), + initial_ap, + begin_addresses.span(), + program_builtins.span(), + layout_builtins.span(), + ref memory_index + ); + memory + .verify_stack( + final_ap - program_builtins.len().into(), stop_addresses.span(), - builtins_len, + program_builtins.span(), + layout_builtins.span(), ref memory_index ); diff --git a/src/air/layouts/recursive_with_poseidon/public_input.cairo b/src/air/layouts/recursive_with_poseidon/public_input.cairo index 7f53bfa84..3c9c6d268 100644 --- a/src/air/layouts/recursive_with_poseidon/public_input.cairo +++ b/src/air/layouts/recursive_with_poseidon/public_input.cairo @@ -11,7 +11,10 @@ use cairo_verifier::{ PEDERSEN_BUILTIN_ROW_RATIO, RANGE_CHECK_BUILTIN_ROW_RATIO, BITWISE_ROW_RATIO, POSEIDON_ROW_RATIO }, - public_input::{PublicInput, PublicInputTrait, verify_cairo1_public_input} + public_input::{ + PublicInput, PublicInputTrait, verify_cairo1_public_input, + get_builtins as get_program_builtins + } }, domains::StarkDomains }; @@ -37,7 +40,8 @@ impl RecursiveWithPoseidonPublicInputImpl of PublicInputTrait { // TODO support more pages? assert(self.continuous_page_headers.len() == 0, 'Invalid continuous_page_headers'); - let builtins = get_builtins(); + let layout_builtins = get_builtins(); + let program_builtins = get_program_builtins(); let memory = self.main_page; // 1. Program segment @@ -56,7 +60,7 @@ impl RecursiveWithPoseidonPublicInputImpl of PublicInputTrait { assert( *program[0] == 0x40780017fff7fff, 'Invalid program' ); // Instruction: ap += N_BUILTINS. - assert(*program[1] == builtins.len().into(), 'Invalid program'); + assert(*program[1] == program_builtins.len().into(), 'Invalid program'); assert(*program[2] == 0x1104800180018000, 'Invalid program'); // Instruction: call rel ?. assert(*program[4] == 0x10780017fff7fff, 'Invalid program'); // Instruction: jmp rel 0. assert(*program[5] == 0x0, 'Invalid program'); @@ -77,10 +81,10 @@ impl RecursiveWithPoseidonPublicInputImpl of PublicInputTrait { // 2.2 Main arguments and return values let mut begin_addresses = ArrayTrait::new(); let mut stop_addresses = ArrayTrait::new(); + let layout_builtins_len = layout_builtins.len(); let mut i = 0; - let builtins_len = builtins.len(); loop { - if i == builtins_len { + if i == layout_builtins_len { break; } @@ -89,12 +93,20 @@ impl RecursiveWithPoseidonPublicInputImpl of PublicInputTrait { i += 1; }; - memory.verify_stack(initial_ap, begin_addresses.span(), builtins_len, ref memory_index); memory .verify_stack( - final_ap - builtins_len.into(), + initial_ap, + begin_addresses.span(), + program_builtins.span(), + layout_builtins.span(), + ref memory_index + ); + memory + .verify_stack( + final_ap - program_builtins.len().into(), stop_addresses.span(), - builtins_len, + program_builtins.span(), + layout_builtins.span(), ref memory_index ); diff --git a/src/air/layouts/small/public_input.cairo b/src/air/layouts/small/public_input.cairo index 06dba89e7..9f36acff3 100644 --- a/src/air/layouts/small/public_input.cairo +++ b/src/air/layouts/small/public_input.cairo @@ -10,7 +10,10 @@ use cairo_verifier::{ segments, get_builtins, CPU_COMPONENT_HEIGHT, CPU_COMPONENT_STEP, LAYOUT_CODE, PEDERSEN_BUILTIN_ROW_RATIO, RANGE_CHECK_BUILTIN_ROW_RATIO, ECDSA_BUILTIN_ROW_RATIO }, - public_input::{PublicInput, PublicInputTrait, verify_cairo1_public_input} + public_input::{ + PublicInput, PublicInputTrait, verify_cairo1_public_input, + get_builtins as get_program_builtins + } }, domains::StarkDomains }; @@ -36,7 +39,8 @@ impl SmallPublicInputImpl of PublicInputTrait { // TODO support more pages? assert(self.continuous_page_headers.len() == 0, 'Invalid continuous_page_headers'); - let builtins = get_builtins(); + let layout_builtins = get_builtins(); + let program_builtins = get_program_builtins(); let memory = self.main_page; // 1. Program segment @@ -55,7 +59,7 @@ impl SmallPublicInputImpl of PublicInputTrait { assert( *program[0] == 0x40780017fff7fff, 'Invalid program' ); // Instruction: ap += N_BUILTINS. - assert(*program[1] == builtins.len().into(), 'Invalid program'); + assert(*program[1] == program_builtins.len().into(), 'Invalid program'); assert(*program[2] == 0x1104800180018000, 'Invalid program'); // Instruction: call rel ?. assert(*program[4] == 0x10780017fff7fff, 'Invalid program'); // Instruction: jmp rel 0. assert(*program[5] == 0x0, 'Invalid program'); @@ -76,10 +80,10 @@ impl SmallPublicInputImpl of PublicInputTrait { // 2.2 Main arguments and return values let mut begin_addresses = ArrayTrait::new(); let mut stop_addresses = ArrayTrait::new(); + let layout_builtins_len = layout_builtins.len(); let mut i = 0; - let builtins_len = builtins.len(); loop { - if i == builtins_len { + if i == layout_builtins_len { break; } @@ -88,12 +92,20 @@ impl SmallPublicInputImpl of PublicInputTrait { i += 1; }; - memory.verify_stack(initial_ap, begin_addresses.span(), builtins_len, ref memory_index); memory .verify_stack( - final_ap - builtins_len.into(), + initial_ap, + begin_addresses.span(), + program_builtins.span(), + layout_builtins.span(), + ref memory_index + ); + memory + .verify_stack( + final_ap - program_builtins.len().into(), stop_addresses.span(), - builtins_len, + program_builtins.span(), + layout_builtins.span(), ref memory_index ); diff --git a/src/air/layouts/starknet/public_input.cairo b/src/air/layouts/starknet/public_input.cairo index edfb424ec..ae0fccbc9 100644 --- a/src/air/layouts/starknet/public_input.cairo +++ b/src/air/layouts/starknet/public_input.cairo @@ -11,7 +11,10 @@ use cairo_verifier::{ PEDERSEN_BUILTIN_ROW_RATIO, RANGE_CHECK_BUILTIN_ROW_RATIO, BITWISE_ROW_RATIO, ECDSA_BUILTIN_ROW_RATIO, EC_OP_BUILTIN_ROW_RATIO, POSEIDON_ROW_RATIO }, - public_input::{PublicInput, PublicInputTrait, verify_cairo1_public_input} + public_input::{ + PublicInput, PublicInputTrait, verify_cairo1_public_input, + get_builtins as get_program_builtins + } }, domains::StarkDomains }; @@ -37,7 +40,8 @@ impl StarknetPublicInputImpl of PublicInputTrait { // TODO support more pages? assert(self.continuous_page_headers.len() == 0, 'Invalid continuous_page_headers'); - let builtins = get_builtins(); + let layout_builtins = get_builtins(); + let program_builtins = get_program_builtins(); let memory = self.main_page; // 1. Program segment @@ -56,7 +60,7 @@ impl StarknetPublicInputImpl of PublicInputTrait { assert( *program[0] == 0x40780017fff7fff, 'Invalid program' ); // Instruction: ap += N_BUILTINS. - assert(*program[1] == builtins.len().into(), 'Invalid program'); + assert(*program[1] == program_builtins.len().into(), 'Invalid program'); assert(*program[2] == 0x1104800180018000, 'Invalid program'); // Instruction: call rel ?. assert(*program[4] == 0x10780017fff7fff, 'Invalid program'); // Instruction: jmp rel 0. assert(*program[5] == 0x0, 'Invalid program'); @@ -77,10 +81,10 @@ impl StarknetPublicInputImpl of PublicInputTrait { // 2.2 Main arguments and return values let mut begin_addresses = ArrayTrait::new(); let mut stop_addresses = ArrayTrait::new(); + let layout_builtins_len = layout_builtins.len(); let mut i = 0; - let builtins_len = builtins.len(); loop { - if i == builtins_len { + if i == layout_builtins_len { break; } @@ -89,12 +93,20 @@ impl StarknetPublicInputImpl of PublicInputTrait { i += 1; }; - memory.verify_stack(initial_ap, begin_addresses.span(), builtins_len, ref memory_index); memory .verify_stack( - final_ap - builtins_len.into(), + initial_ap, + begin_addresses.span(), + program_builtins.span(), + layout_builtins.span(), + ref memory_index + ); + memory + .verify_stack( + final_ap - program_builtins.len().into(), stop_addresses.span(), - builtins_len, + program_builtins.span(), + layout_builtins.span(), ref memory_index ); diff --git a/src/air/layouts/starknet_with_keccak/public_input.cairo b/src/air/layouts/starknet_with_keccak/public_input.cairo index 9b477ddeb..e0ac4d3b4 100644 --- a/src/air/layouts/starknet_with_keccak/public_input.cairo +++ b/src/air/layouts/starknet_with_keccak/public_input.cairo @@ -11,7 +11,10 @@ use cairo_verifier::{ PEDERSEN_BUILTIN_ROW_RATIO, RANGE_CHECK_BUILTIN_ROW_RATIO, BITWISE_ROW_RATIO, ECDSA_BUILTIN_ROW_RATIO, EC_OP_BUILTIN_ROW_RATIO, POSEIDON_ROW_RATIO, KECCAK_ROW_RATIO }, - public_input::{PublicInput, PublicInputTrait, verify_cairo1_public_input} + public_input::{ + PublicInput, PublicInputTrait, verify_cairo1_public_input, + get_builtins as get_program_builtins + } }, domains::StarkDomains }; @@ -37,7 +40,8 @@ impl StarknetWithKeccakPublicInputImpl of PublicInputTrait { // TODO support more pages? assert(self.continuous_page_headers.len() == 0, 'Invalid continuous_page_headers'); - let builtins = get_builtins(); + let layout_builtins = get_builtins(); + let program_builtins = get_program_builtins(); let memory = self.main_page; // 1. Program segment @@ -56,7 +60,7 @@ impl StarknetWithKeccakPublicInputImpl of PublicInputTrait { assert( *program[0] == 0x40780017fff7fff, 'Invalid program' ); // Instruction: ap += N_BUILTINS. - assert(*program[1] == builtins.len().into(), 'Invalid program'); + assert(*program[1] == program_builtins.len().into(), 'Invalid program'); assert(*program[2] == 0x1104800180018000, 'Invalid program'); // Instruction: call rel ?. assert(*program[4] == 0x10780017fff7fff, 'Invalid program'); // Instruction: jmp rel 0. assert(*program[5] == 0x0, 'Invalid program'); @@ -77,10 +81,10 @@ impl StarknetWithKeccakPublicInputImpl of PublicInputTrait { // 2.2 Main arguments and return values let mut begin_addresses = ArrayTrait::new(); let mut stop_addresses = ArrayTrait::new(); + let layout_builtins_len = layout_builtins.len(); let mut i = 0; - let builtins_len = builtins.len(); loop { - if i == builtins_len { + if i == layout_builtins_len { break; } @@ -89,12 +93,20 @@ impl StarknetWithKeccakPublicInputImpl of PublicInputTrait { i += 1; }; - memory.verify_stack(initial_ap, begin_addresses.span(), builtins_len, ref memory_index); memory .verify_stack( - final_ap - builtins_len.into(), + initial_ap, + begin_addresses.span(), + program_builtins.span(), + layout_builtins.span(), + ref memory_index + ); + memory + .verify_stack( + final_ap - program_builtins.len().into(), stop_addresses.span(), - builtins_len, + program_builtins.span(), + layout_builtins.span(), ref memory_index ); diff --git a/src/air/public_input.cairo b/src/air/public_input.cairo index 0ada83ebf..ca7de26ba 100644 --- a/src/air/public_input.cairo +++ b/src/air/public_input.cairo @@ -27,6 +27,22 @@ use cairo_verifier::{ }, }; +pub fn get_builtins() -> Array { + array![ + 'output', + 'pedersen', + 'range_check', + 'ecdsa', + 'bitwise', + 'ec_op', + 'keccak', + 'poseidon', + 'range_check96', + 'add_mod', + 'mul_mod' + ] +} + use core::{pedersen::PedersenTrait, hash::{HashStateTrait, HashStateExTrait, Hash}}; use poseidon::poseidon_hash_span; @@ -65,7 +81,9 @@ trait PublicInputTrait { } // Computes the hash of the public input, which is used as the initial seed for the Fiat-Shamir heuristic. -fn get_public_input_hash(public_input: @PublicInput, n_verifier_friendly_commitment_layers: felt252) -> felt252 { +fn get_public_input_hash( + public_input: @PublicInput, n_verifier_friendly_commitment_layers: felt252 +) -> felt252 { // Main page hash. let mut main_page_hash_state = PedersenTrait::new(0); let mut i: u32 = 0; diff --git a/src/air/public_memory.cairo b/src/air/public_memory.cairo index af58c1e28..3d84bbbfd 100644 --- a/src/air/public_memory.cairo +++ b/src/air/public_memory.cairo @@ -1,3 +1,5 @@ +use core::array::SpanTrait; +use core::debug::PrintTrait; #[derive(Drop, Copy, Hash, PartialEq, Serde)] struct AddrValue { address: felt252, @@ -77,21 +79,28 @@ impl PageImpl of PageTrait { self: @Page, start_ap: felt252, segment_addresses: Span, - builtins_len: usize, + program_builtins: Span, + layout_builtins: Span, ref offset: usize ) { - let mut i = 0; + let mut p = 0; + let mut l = 0; loop { - if i == builtins_len { + if p == program_builtins.len() { break; } let current = *self.at(offset); - assert(current.address == start_ap + i.into(), 'Invalid address'); - assert(current.value == *segment_addresses.at(i), 'Invalid builtin'); - i += 1; + assert(current.address == start_ap + p.into(), 'Invalid address'); + if l < layout_builtins.len() { + if program_builtins[p] == layout_builtins[l] { + assert(current.value == *segment_addresses.at(l), 'Invalid builtin'); + l += 1; + } + } + p += 1; offset += 1; }; } From d59bb53c074de6489637c19e05a7aa0e7520b1a9 Mon Sep 17 00:00:00 2001 From: Bartosz Nowak Date: Wed, 21 Aug 2024 00:57:26 -0400 Subject: [PATCH 3/7] cairo1 program hash fix --- src/air/public_input.cairo | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/air/public_input.cairo b/src/air/public_input.cairo index b89b475b9..036867916 100644 --- a/src/air/public_input.cairo +++ b/src/air/public_input.cairo @@ -175,7 +175,7 @@ fn verify_cairo1_public_input(public_input: @PublicInput) -> (felt252, felt252) // 1. Program segment assert(initial_pc == INITIAL_PC, 'Invalid initial_pc'); let program = memory - .extract_range_unchecked(initial_pc.try_into().unwrap(), memory.len() - output_len); + .extract_range_unchecked(0, memory.len() - output_len); let program_hash = poseidon_hash_span(program); // 2. Output segment From 3ce554845d89233bcde25c717da6dc30a049f1c6 Mon Sep 17 00:00:00 2001 From: Bartosz Nowak Date: Wed, 21 Aug 2024 21:50:22 -0400 Subject: [PATCH 4/7] fmt --- src/air/public_input.cairo | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/air/public_input.cairo b/src/air/public_input.cairo index 036867916..0c9ef0fe4 100644 --- a/src/air/public_input.cairo +++ b/src/air/public_input.cairo @@ -174,8 +174,7 @@ fn verify_cairo1_public_input(public_input: @PublicInput) -> (felt252, felt252) // 1. Program segment assert(initial_pc == INITIAL_PC, 'Invalid initial_pc'); - let program = memory - .extract_range_unchecked(0, memory.len() - output_len); + let program = memory.extract_range_unchecked(0, memory.len() - output_len); let program_hash = poseidon_hash_span(program); // 2. Output segment From 909a4b96c99265b9481325767ad25c6390688dbc Mon Sep 17 00:00:00 2001 From: Bartosz Nowak Date: Thu, 29 Aug 2024 09:44:49 +0200 Subject: [PATCH 5/7] test fixes --- src/air/public_input.cairo | 5 ++- src/common/hasher.cairo | 4 +- src/common/tests/test_blake2s_u8.cairo | 6 +-- src/stark.cairo | 4 +- src/stark/tests.cairo | 1 - src/stark/tests/test_stark_proof_verify.cairo | 40 ------------------- 6 files changed, 10 insertions(+), 50 deletions(-) delete mode 100644 src/stark/tests/test_stark_proof_verify.cairo diff --git a/src/air/public_input.cairo b/src/air/public_input.cairo index ca7de26ba..a7f98dfdc 100644 --- a/src/air/public_input.cairo +++ b/src/air/public_input.cairo @@ -205,6 +205,7 @@ fn verify_cairo1_public_input(public_input: @PublicInput) -> (felt252, felt252) #[cfg(test)] mod tests { + use core::debug::PrintTrait; use super::get_public_input_hash; use cairo_verifier::tests::stone_proof_fibonacci_keccak::public_input::get; // test data from cairo0-verifier run on stone-prover generated proof @@ -213,9 +214,9 @@ mod tests { fn test_get_public_input_hash() { let public_input = get(); let hash = get_public_input_hash(@public_input, 20); - assert( - hash == 0xaf91f2c71f4a594b1575d258ce82464475c82d8fb244142d0db450491c1b52, 'Hash invalid' + hash == 0x113b1d4f79ee0dac11d2677f9f6dc8ffacb6ea129f3ae1e45e1158ad500791f, + 'Hash invalid' ) } } diff --git a/src/common/hasher.cairo b/src/common/hasher.cairo index a90e3b883..4c2f4eed5 100644 --- a/src/common/hasher.cairo +++ b/src/common/hasher.cairo @@ -29,8 +29,8 @@ fn hash_n_bytes(mut data: Array, n: u8, hash_len: bool) -> u256 { } } fn hash_truncated(mut data: Array) -> felt252 { - (keccak::cairo_keccak(ref data, 0, 0) - .flip_endianness() & 0x00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF) + (keccak::cairo_keccak(ref data, 0, 0).flip_endianness() + & 0x00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF) .try_into() .unwrap() } diff --git a/src/common/tests/test_blake2s_u8.cairo b/src/common/tests/test_blake2s_u8.cairo index 972979778..feca4753d 100644 --- a/src/common/tests/test_blake2s_u8.cairo +++ b/src/common/tests/test_blake2s_u8.cairo @@ -1,6 +1,4 @@ -use cairo_verifier::common::{ - array_append::ArrayAppendTrait, blake2s_u8::{blake2s, load32} -}; +use cairo_verifier::common::{array_append::ArrayAppendTrait, blake2s_u8::{blake2s, load32}}; fn get_arr_v1(n: u32) -> Array { let mut arr = ArrayTrait::new(); @@ -88,4 +86,4 @@ fn test_blake2s_v2() { ) == 0x5229f5d506302edae36f9cac3f5d176cd9b6aa8420da6d74d7956789099faf70, 'invalid hash (2)' ); -} \ No newline at end of file +} diff --git a/src/stark.cairo b/src/stark.cairo index 7f26a08be..628173dc3 100644 --- a/src/stark.cairo +++ b/src/stark.cairo @@ -89,7 +89,9 @@ impl StarkProofImpl of StarkProofTrait { self.public_input.validate(@stark_domains); // Compute the initial hash seed for the Fiat-Shamir channel. - let digest = get_public_input_hash(self.public_input, *self.config.n_verifier_friendly_commitment_layers); + let digest = get_public_input_hash( + self.public_input, *self.config.n_verifier_friendly_commitment_layers + ); // Construct the channel. let mut channel = ChannelImpl::new(digest); diff --git a/src/stark/tests.cairo b/src/stark/tests.cairo index 5834fa134..b4a94bd75 100644 --- a/src/stark/tests.cairo +++ b/src/stark/tests.cairo @@ -1,6 +1,5 @@ // === RECURSIVE BEGIN === mod test_stark_commit; -mod test_stark_proof_verify; mod test_stark_verify; // === RECURSIVE END === diff --git a/src/stark/tests/test_stark_proof_verify.cairo b/src/stark/tests/test_stark_proof_verify.cairo deleted file mode 100644 index 03b492b63..000000000 --- a/src/stark/tests/test_stark_proof_verify.cairo +++ /dev/null @@ -1,40 +0,0 @@ -use cairo_verifier::{ - stark::{StarkProof, StarkProofTrait}, - tests::{stone_proof_fibonacci, stone_proof_fibonacci_keccak} -}; - -// === BLAKE2S BEGIN === -// #[test] -// #[available_gas(99999999999)] -// fn test_stark_proof_fibonacci_verify() { -// let security_bits: felt252 = 50; -// -// let stark_proof = StarkProof { -// config: stone_proof_fibonacci::stark::config::get(), -// public_input: stone_proof_fibonacci::public_input::get(), -// unsent_commitment: stone_proof_fibonacci::stark::unsent_commitment::get(), -// witness: stone_proof_fibonacci::stark::witness::get(), -// }; -// -// stark_proof.verify(security_bits); -// } -// === BLAKE2S END === - -// === KECCAK BEGIN === -#[test] -#[available_gas(9999999999)] -fn test_stark_proof_fibonacci_verify() { - let security_bits: felt252 = 50; - - let stark_proof = StarkProof { - config: stone_proof_fibonacci_keccak::stark::config::get(), - public_input: stone_proof_fibonacci_keccak::public_input::get(), - unsent_commitment: stone_proof_fibonacci_keccak::stark::unsent_commitment::get(), - witness: stone_proof_fibonacci_keccak::stark::witness::get(), - }; - - stark_proof.verify(security_bits); -} -// === KECCAK END === - - From 89c38e6c15be2c90505569ebc116cacfd8bcadd9 Mon Sep 17 00:00:00 2001 From: Bartosz Nowak Date: Thu, 29 Aug 2024 09:49:42 +0200 Subject: [PATCH 6/7] rm proof verification workflow --- .../workflows/proof_verification_tests.yml | 45 ------------------- 1 file changed, 45 deletions(-) delete mode 100644 .github/workflows/proof_verification_tests.yml diff --git a/.github/workflows/proof_verification_tests.yml b/.github/workflows/proof_verification_tests.yml deleted file mode 100644 index 118f06718..000000000 --- a/.github/workflows/proof_verification_tests.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: Continuous Integration - proof verification tests - -on: - push: - branches: - - main - pull_request: - branches: - - main - -jobs: - verify-example-proofs: - runs-on: ubuntu-latest - strategy: - matrix: - cairo_version: ["cairo0", "cairo1"] - layout: ["dex", "recursive", "recursive_with_poseidon", "small", "starknet", "starknet_with_keccak"] - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Scarb - uses: software-mansion/setup-scarb@v1 - - - name: Setup Rust toolchain - uses: actions-rust-lang/setup-rust-toolchain@v1 - - - name: Setup Python - uses: actions/setup-python@v2 - with: - python-version: '3.10' - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install -r requirements.txt - - - name: Configure layout - run: python configure.py -l ${{ matrix.layout }} -s keccak - - - name: Build project - run: scarb build - - - name: Run verification - run: cargo run --release --bin runner -- -p target/dev/cairo_verifier.sierra.json -c ${{ matrix.cairo_version }} < examples/proofs/${{ matrix.layout }}/${{ matrix.cairo_version }}_example_proof.json From af5cf7913ec5f2d0809e11eed55840c2b78fd18e Mon Sep 17 00:00:00 2001 From: Filip Krawczyk <71193923+fmkra@users.noreply.github.com> Date: Thu, 29 Aug 2024 10:02:08 +0200 Subject: [PATCH 7/7] Optimizations (#136) * Use divrem in rotr functions * Sigma calculation optimization * Use felts where possible * Inline rotr functions * Fmt * Fix comment break * Revert to scarb 2.6.3 * Fmt * Fmt * public input hash test * cairo0_example_proof_blake2s * Fix public input test * Fmt * ducking formatting * I gonna loose my mind --------- Co-authored-by: Bartosz Nowak --- src/air/layouts/dex/public_input.cairo | 2 +- src/air/layouts/recursive/public_input.cairo | 2 +- .../public_input.cairo | 2 +- src/air/layouts/small/public_input.cairo | 2 +- src/air/layouts/starknet/public_input.cairo | 2 +- .../starknet_with_keccak/public_input.cairo | 2 +- src/air/public_input.cairo | 7 +- src/air/public_memory.cairo | 2 +- src/common/blake2s.cairo | 252 ++++++++++++++---- src/common/blake2s_u8.cairo | 248 +++++++++++++---- src/common/tests/test_blake2s.cairo | 2 +- .../tests/test_proof_of_work.cairo | 2 +- src/stark/tests/test_stark_commit.cairo | 6 +- src/stark/tests/test_stark_proof_verify.cairo | 4 +- src/stark/tests/test_stark_verify.cairo | 2 +- .../test_table_commitment_decommit.cairo | 2 +- 16 files changed, 407 insertions(+), 132 deletions(-) diff --git a/src/air/layouts/dex/public_input.cairo b/src/air/layouts/dex/public_input.cairo index 616ab8437..772fe53e9 100644 --- a/src/air/layouts/dex/public_input.cairo +++ b/src/air/layouts/dex/public_input.cairo @@ -97,7 +97,7 @@ impl DexPublicInputImpl of PublicInputTrait { ref memory_index ); - // 3. Output segment + // 3. Output segment let output_len = output_stop - output_start; let output = memory .extract_range( diff --git a/src/air/layouts/recursive/public_input.cairo b/src/air/layouts/recursive/public_input.cairo index ab73b9456..5a997cf31 100644 --- a/src/air/layouts/recursive/public_input.cairo +++ b/src/air/layouts/recursive/public_input.cairo @@ -97,7 +97,7 @@ impl RecursivePublicInputImpl of PublicInputTrait { ref memory_index ); - // 3. Output segment + // 3. Output segment let output_len = output_stop - output_start; let output = memory .extract_range( diff --git a/src/air/layouts/recursive_with_poseidon/public_input.cairo b/src/air/layouts/recursive_with_poseidon/public_input.cairo index 7f53bfa84..b33b8879a 100644 --- a/src/air/layouts/recursive_with_poseidon/public_input.cairo +++ b/src/air/layouts/recursive_with_poseidon/public_input.cairo @@ -98,7 +98,7 @@ impl RecursiveWithPoseidonPublicInputImpl of PublicInputTrait { ref memory_index ); - // 3. Output segment + // 3. Output segment let output_len = output_stop - output_start; let output = memory .extract_range( diff --git a/src/air/layouts/small/public_input.cairo b/src/air/layouts/small/public_input.cairo index 06dba89e7..677536c87 100644 --- a/src/air/layouts/small/public_input.cairo +++ b/src/air/layouts/small/public_input.cairo @@ -97,7 +97,7 @@ impl SmallPublicInputImpl of PublicInputTrait { ref memory_index ); - // 3. Output segment + // 3. Output segment let output_len = output_stop - output_start; let output = memory .extract_range( diff --git a/src/air/layouts/starknet/public_input.cairo b/src/air/layouts/starknet/public_input.cairo index edfb424ec..a82997643 100644 --- a/src/air/layouts/starknet/public_input.cairo +++ b/src/air/layouts/starknet/public_input.cairo @@ -98,7 +98,7 @@ impl StarknetPublicInputImpl of PublicInputTrait { ref memory_index ); - // 3. Output segment + // 3. Output segment let output_len = output_stop - output_start; let output = memory .extract_range( diff --git a/src/air/layouts/starknet_with_keccak/public_input.cairo b/src/air/layouts/starknet_with_keccak/public_input.cairo index 9b477ddeb..0a730575e 100644 --- a/src/air/layouts/starknet_with_keccak/public_input.cairo +++ b/src/air/layouts/starknet_with_keccak/public_input.cairo @@ -98,7 +98,7 @@ impl StarknetWithKeccakPublicInputImpl of PublicInputTrait { ref memory_index ); - // 3. Output segment + // 3. Output segment let output_len = output_stop - output_start; let output = memory .extract_range( diff --git a/src/air/public_input.cairo b/src/air/public_input.cairo index 0c9ef0fe4..10c7f9beb 100644 --- a/src/air/public_input.cairo +++ b/src/air/public_input.cairo @@ -177,17 +177,17 @@ fn verify_cairo1_public_input(public_input: @PublicInput) -> (felt252, felt252) let program = memory.extract_range_unchecked(0, memory.len() - output_len); let program_hash = poseidon_hash_span(program); - // 2. Output segment + // 2. Output segment let output = memory.extract_range_unchecked(memory.len() - output_len, output_len); let output_hash = poseidon_hash_span(output); (program_hash, output_hash) } +// === RECURSIVE BEGIN === #[cfg(test)] mod tests { use super::get_public_input_hash; use cairo_verifier::tests::stone_proof_fibonacci_keccak::public_input::get; - // test data from cairo0-verifier run on stone-prover generated proof #[test] #[available_gas(9999999999)] fn test_get_public_input_hash() { @@ -199,3 +199,6 @@ mod tests { ) } } +// === RECURSIVE END === + + diff --git a/src/air/public_memory.cairo b/src/air/public_memory.cairo index af58c1e28..55f3a2427 100644 --- a/src/air/public_memory.cairo +++ b/src/air/public_memory.cairo @@ -56,7 +56,7 @@ impl PageImpl of PageTrait { let current = *self.at(offset); - // TODO is this needed? If not we can just use slice directly + // TODO is this needed? If not we can just use slice directly assert(current.address == (addr + i).into(), 'Invalid address'); arr.append(current.value); i += 1; diff --git a/src/common/blake2s.cairo b/src/common/blake2s.cairo index d4174f236..063e40f09 100644 --- a/src/common/blake2s.cairo +++ b/src/common/blake2s.cairo @@ -18,52 +18,28 @@ fn truncated_blake2s(data: Array) -> felt252 { // internals: -fn load32(p0: u8, p1: u8, p2: u8, p3: u8) -> u32 { - let mut x: u32 = p3.into(); - x = x * 256 + p2.into(); - x = x * 256 + p1.into(); - x = x * 256 + p0.into(); - x -} - -fn get_sigma(r: u32) -> Array { - if r == 0 { - array![0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15] - } else if r == 1 { - array![14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3] - } else if r == 2 { - array![11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4] - } else if r == 3 { - array![7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8] - } else if r == 4 { - array![9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13] - } else if r == 5 { - array![2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9] - } else if r == 6 { - array![12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11] - } else if r == 7 { - array![13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10] - } else if r == 8 { - array![6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5] - } else { // r == 9 - array![10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0] - } -} - +#[inline(always)] fn rotr16(n: u32) -> u32 { - n / 65536 + (n % 65536) * 65536 + let (high, low) = DivRem::div_rem(n, 65536); + TryInto::::try_into(high.into() + low.into() * 65536).unwrap() } +#[inline(always)] fn rotr12(n: u32) -> u32 { - n / 4096 + (n % 4096) * 1048576 + let (high, low) = DivRem::div_rem(n, 4096); + TryInto::::try_into(high.into() + low.into() * 1048576).unwrap() } +#[inline(always)] fn rotr8(n: u32) -> u32 { - n / 256 + (n % 256) * 16777216 + let (high, low) = DivRem::div_rem(n, 256); + TryInto::::try_into(high.into() + low.into() * 16777216).unwrap() } +#[inline(always)] fn rotr7(n: u32) -> u32 { - n / 128 + (n % 128) * 33554432 + let (high, low) = DivRem::div_rem(n, 128); + TryInto::::try_into(high.into() + low.into() * 33554432).unwrap() } #[derive(Drop, Clone)] @@ -113,98 +89,256 @@ fn blake2s_compress(mut s: blake2s_state, m: Array) -> blake2s_state { let mut v15: u32 = 0x5BE0CD19; // f1 is always 0 let m_span = m.span(); + let mut sigma = array![ + 0, + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 14, + 10, + 4, + 8, + 9, + 15, + 13, + 6, + 1, + 12, + 0, + 2, + 11, + 7, + 5, + 3, + 11, + 8, + 12, + 0, + 5, + 2, + 15, + 13, + 10, + 14, + 3, + 6, + 7, + 1, + 9, + 4, + 7, + 9, + 3, + 1, + 13, + 12, + 11, + 14, + 2, + 6, + 5, + 10, + 4, + 0, + 15, + 8, + 9, + 0, + 5, + 7, + 2, + 4, + 10, + 15, + 14, + 1, + 11, + 12, + 6, + 8, + 3, + 13, + 2, + 12, + 6, + 10, + 0, + 11, + 8, + 3, + 4, + 13, + 7, + 5, + 15, + 14, + 1, + 9, + 12, + 5, + 1, + 15, + 14, + 13, + 4, + 10, + 0, + 7, + 6, + 3, + 9, + 2, + 8, + 11, + 13, + 11, + 7, + 14, + 12, + 1, + 3, + 9, + 5, + 0, + 15, + 4, + 8, + 6, + 2, + 10, + 6, + 15, + 14, + 9, + 11, + 3, + 0, + 8, + 12, + 2, + 13, + 7, + 1, + 4, + 10, + 5, + 10, + 2, + 8, + 4, + 7, + 6, + 1, + 5, + 15, + 11, + 9, + 14, + 3, + 12, + 13, + 0, + ] + .span(); - let mut r = 0; loop { - if r == 10 { + if sigma.is_empty() { break; } - let sigma = get_sigma(r); - // ROUND function begin // 0 - 0,4,8,12 - v0 = u32_wrapping_add(u32_wrapping_add(v0, v4), *m_span.at(*sigma[0])); + v0 = u32_wrapping_add(u32_wrapping_add(v0, v4), *m_span.at(*sigma.pop_front().unwrap())); v12 = rotr16(v12 ^ v0); v8 = u32_wrapping_add(v8, v12); v4 = rotr12(v4 ^ v8); - v0 = u32_wrapping_add(u32_wrapping_add(v0, v4), *m_span.at(*sigma[1])); + v0 = u32_wrapping_add(u32_wrapping_add(v0, v4), *m_span.at(*sigma.pop_front().unwrap())); v12 = rotr8(v12 ^ v0); v8 = u32_wrapping_add(v8, v12); v4 = rotr7(v4 ^ v8); // 1 - 1,5,9,13 - v1 = u32_wrapping_add(u32_wrapping_add(v1, v5), *m_span.at(*sigma[2])); + v1 = u32_wrapping_add(u32_wrapping_add(v1, v5), *m_span.at(*sigma.pop_front().unwrap())); v13 = rotr16(v13 ^ v1); v9 = u32_wrapping_add(v9, v13); v5 = rotr12(v5 ^ v9); - v1 = u32_wrapping_add(u32_wrapping_add(v1, v5), *m_span.at(*sigma[3])); + v1 = u32_wrapping_add(u32_wrapping_add(v1, v5), *m_span.at(*sigma.pop_front().unwrap())); v13 = rotr8(v13 ^ v1); v9 = u32_wrapping_add(v9, v13); v5 = rotr7(v5 ^ v9); // 2 - 2,6,10,14 - v2 = u32_wrapping_add(u32_wrapping_add(v2, v6), *m_span.at(*sigma[4])); + v2 = u32_wrapping_add(u32_wrapping_add(v2, v6), *m_span.at(*sigma.pop_front().unwrap())); v14 = rotr16(v14 ^ v2); v10 = u32_wrapping_add(v10, v14); v6 = rotr12(v6 ^ v10); - v2 = u32_wrapping_add(u32_wrapping_add(v2, v6), *m_span.at(*sigma[5])); + v2 = u32_wrapping_add(u32_wrapping_add(v2, v6), *m_span.at(*sigma.pop_front().unwrap())); v14 = rotr8(v14 ^ v2); v10 = u32_wrapping_add(v10, v14); v6 = rotr7(v6 ^ v10); // 3 - 3,7,11,15 - v3 = u32_wrapping_add(u32_wrapping_add(v3, v7), *m_span.at(*sigma[6])); + v3 = u32_wrapping_add(u32_wrapping_add(v3, v7), *m_span.at(*sigma.pop_front().unwrap())); v15 = rotr16(v15 ^ v3); v11 = u32_wrapping_add(v11, v15); v7 = rotr12(v7 ^ v11); - v3 = u32_wrapping_add(u32_wrapping_add(v3, v7), *m_span.at(*sigma[7])); + v3 = u32_wrapping_add(u32_wrapping_add(v3, v7), *m_span.at(*sigma.pop_front().unwrap())); v15 = rotr8(v15 ^ v3); v11 = u32_wrapping_add(v11, v15); v7 = rotr7(v7 ^ v11); // 4 - 0,5,10,15 - v0 = u32_wrapping_add(u32_wrapping_add(v0, v5), *m_span.at(*sigma[8])); + v0 = u32_wrapping_add(u32_wrapping_add(v0, v5), *m_span.at(*sigma.pop_front().unwrap())); v15 = rotr16(v15 ^ v0); v10 = u32_wrapping_add(v10, v15); v5 = rotr12(v5 ^ v10); - v0 = u32_wrapping_add(u32_wrapping_add(v0, v5), *m_span.at(*sigma[9])); + v0 = u32_wrapping_add(u32_wrapping_add(v0, v5), *m_span.at(*sigma.pop_front().unwrap())); v15 = rotr8(v15 ^ v0); v10 = u32_wrapping_add(v10, v15); v5 = rotr7(v5 ^ v10); // 5 - 1,6,11,12 - v1 = u32_wrapping_add(u32_wrapping_add(v1, v6), *m_span.at(*sigma[10])); + v1 = u32_wrapping_add(u32_wrapping_add(v1, v6), *m_span.at(*sigma.pop_front().unwrap())); v12 = rotr16(v12 ^ v1); v11 = u32_wrapping_add(v11, v12); v6 = rotr12(v6 ^ v11); - v1 = u32_wrapping_add(u32_wrapping_add(v1, v6), *m_span.at(*sigma[11])); + v1 = u32_wrapping_add(u32_wrapping_add(v1, v6), *m_span.at(*sigma.pop_front().unwrap())); v12 = rotr8(v12 ^ v1); v11 = u32_wrapping_add(v11, v12); v6 = rotr7(v6 ^ v11); // 6 - 2,7,8,13 - v2 = u32_wrapping_add(u32_wrapping_add(v2, v7), *m_span.at(*sigma[12])); + v2 = u32_wrapping_add(u32_wrapping_add(v2, v7), *m_span.at(*sigma.pop_front().unwrap())); v13 = rotr16(v13 ^ v2); v8 = u32_wrapping_add(v8, v13); v7 = rotr12(v7 ^ v8); - v2 = u32_wrapping_add(u32_wrapping_add(v2, v7), *m_span.at(*sigma[13])); + v2 = u32_wrapping_add(u32_wrapping_add(v2, v7), *m_span.at(*sigma.pop_front().unwrap())); v13 = rotr8(v13 ^ v2); v8 = u32_wrapping_add(v8, v13); v7 = rotr7(v7 ^ v8); // 7 - 3,4,9,14 - v3 = u32_wrapping_add(u32_wrapping_add(v3, v4), *m_span.at(*sigma[14])); + v3 = u32_wrapping_add(u32_wrapping_add(v3, v4), *m_span.at(*sigma.pop_front().unwrap())); v14 = rotr16(v14 ^ v3); v9 = u32_wrapping_add(v9, v14); v4 = rotr12(v4 ^ v9); - v3 = u32_wrapping_add(u32_wrapping_add(v3, v4), *m_span.at(*sigma[15])); + v3 = u32_wrapping_add(u32_wrapping_add(v3, v4), *m_span.at(*sigma.pop_front().unwrap())); v14 = rotr8(v14 ^ v3); v9 = u32_wrapping_add(v9, v14); v4 = rotr7(v4 ^ v9); - - r += 1; }; let mut new_h = ArrayTrait::new(); @@ -324,7 +458,7 @@ fn blake2s_update(mut s: blake2s_state, in: Array) -> blake2s_state { fn blake2s_final(mut s: blake2s_state) -> u256 { assert(s.f0 == 0, 'blake2s_is_lastblock'); - // blake2s_increment_counter + // blake2s_increment_counter s.t0 = u32_wrapping_add(s.t0, s.buflen * 4); if s.t0 < s.buflen { s.t1 = u32_wrapping_add(s.t1, 1); diff --git a/src/common/blake2s_u8.cairo b/src/common/blake2s_u8.cairo index 71be4cf98..57fb8c31d 100644 --- a/src/common/blake2s_u8.cairo +++ b/src/common/blake2s_u8.cairo @@ -20,53 +20,34 @@ fn truncated_blake2s(data: Array) -> felt252 { // internals: fn load32(p0: u8, p1: u8, p2: u8, p3: u8) -> u32 { - let mut x: u32 = p3.into(); + let mut x: felt252 = p3.into(); x = x * 256 + p2.into(); x = x * 256 + p1.into(); x = x * 256 + p0.into(); - x -} - -fn get_sigma(r: u32) -> Array { - if r == 0 { - array![0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15] - } else if r == 1 { - array![14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3] - } else if r == 2 { - array![11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4] - } else if r == 3 { - array![7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8] - } else if r == 4 { - array![9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13] - } else if r == 5 { - array![2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9] - } else if r == 6 { - array![12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11] - } else if r == 7 { - array![13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10] - } else if r == 8 { - array![6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5] - } else { // r == 9 - array![10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0] - } + x.try_into().unwrap() } fn rotr16(n: u32) -> u32 { - n / 65536 + (n % 65536) * 65536 + let (high, low) = DivRem::div_rem(n, 65536); + TryInto::::try_into(high.into() + low.into() * 65536).unwrap() } fn rotr12(n: u32) -> u32 { - n / 4096 + (n % 4096) * 1048576 + let (high, low) = DivRem::div_rem(n, 4096); + TryInto::::try_into(high.into() + low.into() * 1048576).unwrap() } fn rotr8(n: u32) -> u32 { - n / 256 + (n % 256) * 16777216 + let (high, low) = DivRem::div_rem(n, 256); + TryInto::::try_into(high.into() + low.into() * 16777216).unwrap() } fn rotr7(n: u32) -> u32 { - n / 128 + (n % 128) * 33554432 + let (high, low) = DivRem::div_rem(n, 128); + TryInto::::try_into(high.into() + low.into() * 33554432).unwrap() } + #[derive(Drop, Clone)] struct blake2s_state { h: Array, // length: 8 @@ -125,100 +106,257 @@ fn blake2s_compress(mut s: blake2s_state, in: Array) -> blake2s_state { let mut v15: u32 = 0x5BE0CD19; // f1 is always 0 let m_span = m.span(); + let mut sigma = array![ + 0, + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 14, + 10, + 4, + 8, + 9, + 15, + 13, + 6, + 1, + 12, + 0, + 2, + 11, + 7, + 5, + 3, + 11, + 8, + 12, + 0, + 5, + 2, + 15, + 13, + 10, + 14, + 3, + 6, + 7, + 1, + 9, + 4, + 7, + 9, + 3, + 1, + 13, + 12, + 11, + 14, + 2, + 6, + 5, + 10, + 4, + 0, + 15, + 8, + 9, + 0, + 5, + 7, + 2, + 4, + 10, + 15, + 14, + 1, + 11, + 12, + 6, + 8, + 3, + 13, + 2, + 12, + 6, + 10, + 0, + 11, + 8, + 3, + 4, + 13, + 7, + 5, + 15, + 14, + 1, + 9, + 12, + 5, + 1, + 15, + 14, + 13, + 4, + 10, + 0, + 7, + 6, + 3, + 9, + 2, + 8, + 11, + 13, + 11, + 7, + 14, + 12, + 1, + 3, + 9, + 5, + 0, + 15, + 4, + 8, + 6, + 2, + 10, + 6, + 15, + 14, + 9, + 11, + 3, + 0, + 8, + 12, + 2, + 13, + 7, + 1, + 4, + 10, + 5, + 10, + 2, + 8, + 4, + 7, + 6, + 1, + 5, + 15, + 11, + 9, + 14, + 3, + 12, + 13, + 0, + ] + .span(); - let mut r = 0; loop { - if r == 10 { + if sigma.is_empty() { break; } - let sigma = get_sigma(r); - // ROUND function begin // 0 - 0,4,8,12 - v0 = u32_wrapping_add(u32_wrapping_add(v0, v4), *m_span.at(*sigma[0])); + v0 = u32_wrapping_add(u32_wrapping_add(v0, v4), *m_span.at(*sigma.pop_front().unwrap())); v12 = rotr16(v12 ^ v0); v8 = u32_wrapping_add(v8, v12); v4 = rotr12(v4 ^ v8); - v0 = u32_wrapping_add(u32_wrapping_add(v0, v4), *m_span.at(*sigma[1])); + v0 = u32_wrapping_add(u32_wrapping_add(v0, v4), *m_span.at(*sigma.pop_front().unwrap())); v12 = rotr8(v12 ^ v0); v8 = u32_wrapping_add(v8, v12); v4 = rotr7(v4 ^ v8); // 1 - 1,5,9,13 - v1 = u32_wrapping_add(u32_wrapping_add(v1, v5), *m_span.at(*sigma[2])); + v1 = u32_wrapping_add(u32_wrapping_add(v1, v5), *m_span.at(*sigma.pop_front().unwrap())); v13 = rotr16(v13 ^ v1); v9 = u32_wrapping_add(v9, v13); v5 = rotr12(v5 ^ v9); - v1 = u32_wrapping_add(u32_wrapping_add(v1, v5), *m_span.at(*sigma[3])); + v1 = u32_wrapping_add(u32_wrapping_add(v1, v5), *m_span.at(*sigma.pop_front().unwrap())); v13 = rotr8(v13 ^ v1); v9 = u32_wrapping_add(v9, v13); v5 = rotr7(v5 ^ v9); // 2 - 2,6,10,14 - v2 = u32_wrapping_add(u32_wrapping_add(v2, v6), *m_span.at(*sigma[4])); + v2 = u32_wrapping_add(u32_wrapping_add(v2, v6), *m_span.at(*sigma.pop_front().unwrap())); v14 = rotr16(v14 ^ v2); v10 = u32_wrapping_add(v10, v14); v6 = rotr12(v6 ^ v10); - v2 = u32_wrapping_add(u32_wrapping_add(v2, v6), *m_span.at(*sigma[5])); + v2 = u32_wrapping_add(u32_wrapping_add(v2, v6), *m_span.at(*sigma.pop_front().unwrap())); v14 = rotr8(v14 ^ v2); v10 = u32_wrapping_add(v10, v14); v6 = rotr7(v6 ^ v10); // 3 - 3,7,11,15 - v3 = u32_wrapping_add(u32_wrapping_add(v3, v7), *m_span.at(*sigma[6])); + v3 = u32_wrapping_add(u32_wrapping_add(v3, v7), *m_span.at(*sigma.pop_front().unwrap())); v15 = rotr16(v15 ^ v3); v11 = u32_wrapping_add(v11, v15); v7 = rotr12(v7 ^ v11); - v3 = u32_wrapping_add(u32_wrapping_add(v3, v7), *m_span.at(*sigma[7])); + v3 = u32_wrapping_add(u32_wrapping_add(v3, v7), *m_span.at(*sigma.pop_front().unwrap())); v15 = rotr8(v15 ^ v3); v11 = u32_wrapping_add(v11, v15); v7 = rotr7(v7 ^ v11); // 4 - 0,5,10,15 - v0 = u32_wrapping_add(u32_wrapping_add(v0, v5), *m_span.at(*sigma[8])); + v0 = u32_wrapping_add(u32_wrapping_add(v0, v5), *m_span.at(*sigma.pop_front().unwrap())); v15 = rotr16(v15 ^ v0); v10 = u32_wrapping_add(v10, v15); v5 = rotr12(v5 ^ v10); - v0 = u32_wrapping_add(u32_wrapping_add(v0, v5), *m_span.at(*sigma[9])); + v0 = u32_wrapping_add(u32_wrapping_add(v0, v5), *m_span.at(*sigma.pop_front().unwrap())); v15 = rotr8(v15 ^ v0); v10 = u32_wrapping_add(v10, v15); v5 = rotr7(v5 ^ v10); // 5 - 1,6,11,12 - v1 = u32_wrapping_add(u32_wrapping_add(v1, v6), *m_span.at(*sigma[10])); + v1 = u32_wrapping_add(u32_wrapping_add(v1, v6), *m_span.at(*sigma.pop_front().unwrap())); v12 = rotr16(v12 ^ v1); v11 = u32_wrapping_add(v11, v12); v6 = rotr12(v6 ^ v11); - v1 = u32_wrapping_add(u32_wrapping_add(v1, v6), *m_span.at(*sigma[11])); + v1 = u32_wrapping_add(u32_wrapping_add(v1, v6), *m_span.at(*sigma.pop_front().unwrap())); v12 = rotr8(v12 ^ v1); v11 = u32_wrapping_add(v11, v12); v6 = rotr7(v6 ^ v11); // 6 - 2,7,8,13 - v2 = u32_wrapping_add(u32_wrapping_add(v2, v7), *m_span.at(*sigma[12])); + v2 = u32_wrapping_add(u32_wrapping_add(v2, v7), *m_span.at(*sigma.pop_front().unwrap())); v13 = rotr16(v13 ^ v2); v8 = u32_wrapping_add(v8, v13); v7 = rotr12(v7 ^ v8); - v2 = u32_wrapping_add(u32_wrapping_add(v2, v7), *m_span.at(*sigma[13])); + v2 = u32_wrapping_add(u32_wrapping_add(v2, v7), *m_span.at(*sigma.pop_front().unwrap())); v13 = rotr8(v13 ^ v2); v8 = u32_wrapping_add(v8, v13); v7 = rotr7(v7 ^ v8); // 7 - 3,4,9,14 - v3 = u32_wrapping_add(u32_wrapping_add(v3, v4), *m_span.at(*sigma[14])); + v3 = u32_wrapping_add(u32_wrapping_add(v3, v4), *m_span.at(*sigma.pop_front().unwrap())); v14 = rotr16(v14 ^ v3); v9 = u32_wrapping_add(v9, v14); v4 = rotr12(v4 ^ v9); - v3 = u32_wrapping_add(u32_wrapping_add(v3, v4), *m_span.at(*sigma[15])); + v3 = u32_wrapping_add(u32_wrapping_add(v3, v4), *m_span.at(*sigma.pop_front().unwrap())); v14 = rotr8(v14 ^ v3); v9 = u32_wrapping_add(v9, v14); v4 = rotr7(v4 ^ v9); - - // ROUND function end - - r += 1; + // ROUND function end }; let mut new_h = ArrayTrait::new(); @@ -338,7 +476,7 @@ fn blake2s_update(mut s: blake2s_state, in: Array) -> blake2s_state { fn blake2s_final(mut s: blake2s_state) -> u256 { assert(s.f0 == 0, 'blake2s_is_lastblock'); - // blake2s_increment_counter + // blake2s_increment_counter s.t0 = u32_wrapping_add(s.t0, s.buflen); if s.t0 < s.buflen { s.t1 = u32_wrapping_add(s.t1, 1); diff --git a/src/common/tests/test_blake2s.cairo b/src/common/tests/test_blake2s.cairo index 84f51f4ab..18f9cbac6 100644 --- a/src/common/tests/test_blake2s.cairo +++ b/src/common/tests/test_blake2s.cairo @@ -1,5 +1,5 @@ use cairo_verifier::common::{ - array_append::ArrayAppendTrait, blake2s::{blake2s, truncated_blake2s, load32} + array_append::ArrayAppendTrait, blake2s::{blake2s, truncated_blake2s}, blake2s_u8::load32, }; fn get_arr_v1(n: u32) -> Array { diff --git a/src/proof_of_work/tests/test_proof_of_work.cairo b/src/proof_of_work/tests/test_proof_of_work.cairo index 809f5009a..e2b6dd6de 100644 --- a/src/proof_of_work/tests/test_proof_of_work.cairo +++ b/src/proof_of_work/tests/test_proof_of_work.cairo @@ -9,7 +9,7 @@ use cairo_verifier::proof_of_work::proof_of_work::verify_proof_of_work; // let n_bits: u8 = 20; // verify_proof_of_work(digest, n_bits, nonce); // } -// +// // #[test] // #[should_panic] // #[available_gas(9999999999)] diff --git a/src/stark/tests/test_stark_commit.cairo b/src/stark/tests/test_stark_commit.cairo index 620694c6a..c4949bfd0 100644 --- a/src/stark/tests/test_stark_commit.cairo +++ b/src/stark/tests/test_stark_commit.cairo @@ -10,19 +10,19 @@ use cairo_verifier::{ // let mut channel = ChannelTrait::new_with_counter( // 0xaf91f2c71f4a594b1575d258ce82464475c82d8fb244142d0db450491c1b52, 0x0 // ); -// +// // let public_input = stone_proof_fibonacci::public_input::get(); // let unsent_commitment = stone_proof_fibonacci::stark::unsent_commitment::get(); // let config = stone_proof_fibonacci::stark::config::get(); // let stark_domains = stone_proof_fibonacci::stark::domains::get(); -// +// // assert( // stark_commit( // ref channel, @public_input, @unsent_commitment, @config, @stark_domains // ) == stone_proof_fibonacci::stark::commitment::get(), // 'Invalid value' // ); -// +// // assert( // channel.digest == 0x9c769c7e0797cf043b06b980072a798b141f2bc41b14e85ad93ba178b13de7, // 'Invalid value' diff --git a/src/stark/tests/test_stark_proof_verify.cairo b/src/stark/tests/test_stark_proof_verify.cairo index 03b492b63..6bae399a7 100644 --- a/src/stark/tests/test_stark_proof_verify.cairo +++ b/src/stark/tests/test_stark_proof_verify.cairo @@ -8,14 +8,14 @@ use cairo_verifier::{ // #[available_gas(99999999999)] // fn test_stark_proof_fibonacci_verify() { // let security_bits: felt252 = 50; -// +// // let stark_proof = StarkProof { // config: stone_proof_fibonacci::stark::config::get(), // public_input: stone_proof_fibonacci::public_input::get(), // unsent_commitment: stone_proof_fibonacci::stark::unsent_commitment::get(), // witness: stone_proof_fibonacci::stark::witness::get(), // }; -// +// // stark_proof.verify(security_bits); // } // === BLAKE2S END === diff --git a/src/stark/tests/test_stark_verify.cairo b/src/stark/tests/test_stark_verify.cairo index 79ed05e3e..a8136800c 100644 --- a/src/stark/tests/test_stark_verify.cairo +++ b/src/stark/tests/test_stark_verify.cairo @@ -12,7 +12,7 @@ use cairo_verifier::{ // let commitment = stone_proof_fibonacci::stark::commitment::get(); // let witness = stone_proof_fibonacci::stark::witness::get(); // let stark_domains = stone_proof_fibonacci::stark::domains::get(); -// +// // stark_verify( // NUM_COLUMNS_FIRST, NUM_COLUMNS_SECOND, queries, commitment, witness, stark_domains, // ) diff --git a/src/table_commitment/tests/test_table_commitment_decommit.cairo b/src/table_commitment/tests/test_table_commitment_decommit.cairo index 6fecdb096..5b845691c 100644 --- a/src/table_commitment/tests/test_table_commitment_decommit.cairo +++ b/src/table_commitment/tests/test_table_commitment_decommit.cairo @@ -17,7 +17,7 @@ use cairo_verifier::{ // let queries = stone_proof_fibonacci::queries::get().span(); // let decommitment = stone_proof_fibonacci::traces::decommitment::get().original; // let witness = stone_proof_fibonacci::traces::witness::get().original; -// +// // table_decommit(commitment, queries, decommitment, witness); // } // === BLAKE2S END ===