Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
ecdsa_circuit.hpp
Go to the documentation of this file.
1
2#pragma once
3#include "barretenberg/crypto/ecdsa/ecdsa.hpp"
4#include "barretenberg/crypto/hashers/hashers.hpp"
5#include "barretenberg/crypto/sha256/sha256.hpp"
6#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"
7#include "barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp"
8#include "barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp"
9#include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp"
10#include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp"
11#include "barretenberg/stdlib/primitives/bool/bool.hpp"
12#include "barretenberg/stdlib/primitives/curves/secp256k1.hpp"
13#include "barretenberg/stdlib/primitives/field/field.hpp"
14#include "barretenberg/stdlib/primitives/witness/witness.hpp"
15
16namespace bb {
17class EcdsaCircuit {
18 public:
19 using Builder = bb::UltraCircuitBuilder;
20 using field_ct = stdlib::field_t<Builder>;
21 using bool_ct = stdlib::bool_t<Builder>;
22 using public_witness_ct = stdlib::public_witness_t<Builder>;
23 using byte_array_ct = stdlib::byte_array<Builder>;
24 using curve = stdlib::secp256k1<Builder>;
25
26 static constexpr size_t NUM_PUBLIC_INPUTS = 6;
27
28 static Builder generate(uint256_t public_inputs[])
29 {
30 Builder builder;
31
32 // IN CIRCUIT
33 // Create an input buffer from public inputs (treating each as a single byte)
34 typename curve::byte_array_ct input_buffer(&builder, std::vector<uint8_t>());
35 for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) {
36 field_ct byte_value = public_witness_ct(&builder, public_inputs[i]);
37 // Constrain to be a single byte and create byte_array
38 typename curve::byte_array_ct single_byte(byte_value, 1);
39 input_buffer.write(single_byte);
40 }
41
42 // This is the message that we would like to confirm
43 std::string message_string(NUM_PUBLIC_INPUTS, '\0');
44 for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) {
45 message_string[i] = static_cast<char>(static_cast<uint8_t>(public_inputs[i]));
46 }
47 auto message = typename curve::byte_array_ct(&builder, message_string);
48
49 // Assert that the public inputs buffer matches the message we want
50 for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) {
51 input_buffer[i].assert_equal(message[i]);
52 }
53
54 // UNCONSTRAINED: create a random keypair to sign with
55 crypto::ecdsa_key_pair<typename curve::fr, typename curve::g1> account;
56 account.private_key = curve::fr::random_element();
57 account.public_key = curve::g1::one * account.private_key;
58
59 // UNCONSTRAINED: create a sig
60 crypto::ecdsa_signature signature = crypto::
61 ecdsa_construct_signature<crypto::Sha256Hasher, typename curve::fq, typename curve::fr, typename curve::g1>(
62 message_string, account);
63
64 // UNCONSTRAINED: verify the created signature
65 bool dry_run = crypto::
66 ecdsa_verify_signature<crypto::Sha256Hasher, typename curve::fq, typename curve::fr, typename curve::g1>(
67 message_string, account.public_key, signature);
68 if (!dry_run) {
69 throw_or_abort("[non circuit]: Sig verification failed");
70 }
71
72 // IN CIRCUIT: create a witness with the pub key in our circuit
73 typename curve::g1_bigfr_ct public_key = curve::g1_bigfr_ct::from_witness(&builder, account.public_key);
74
75 std::vector<uint8_t> rr(signature.r.begin(), signature.r.end());
76 std::vector<uint8_t> ss(signature.s.begin(), signature.s.end());
77
78 // IN CIRCUIT: create a witness with the sig in our circuit
79 stdlib::ecdsa_signature<Builder> sig{ typename curve::byte_array_ct(&builder, rr),
80 typename curve::byte_array_ct(&builder, ss) };
81
82 // Compute H(m) natively and pass as witness (mirrors ACIR which takes pre-hashed message)
83 auto hash_arr = crypto::sha256(std::vector<uint8_t>(message_string.begin(), message_string.end()));
84 stdlib::byte_array<Builder> hashed_message(&builder, std::vector<uint8_t>(hash_arr.begin(), hash_arr.end()));
85
86 // IN CIRCUIT: verify the signature
87 typename curve::bool_ct signature_result = stdlib::ecdsa_verify_signature<Builder,
88 curve,
89 typename curve::fq_ct,
90 typename curve::bigfr_ct,
91 typename curve::g1_bigfr_ct>(
92 // hashed_message, public_key, sig);
93 hashed_message,
94 public_key,
95 sig);
96
97 // Assert the signature is true
98 signature_result.assert_equal(bool_ct(true));
99
100 return builder;
101 }
102};
103
104} // namespace bb
bb::EcdsaCircuit::NUM_PUBLIC_INPUTS
static constexpr size_t NUM_PUBLIC_INPUTS
Definition ecdsa_circuit.hpp:26
bb::EcdsaCircuit::bool_ct
stdlib::bool_t< Builder > bool_ct
Definition ecdsa_circuit.hpp:21
bb::EcdsaCircuit::Builder
bb::UltraCircuitBuilder Builder
Definition ecdsa_circuit.hpp:19
bb::EcdsaCircuit::public_witness_ct
stdlib::public_witness_t< Builder > public_witness_ct
Definition ecdsa_circuit.hpp:22
bb::EcdsaCircuit::curve
stdlib::secp256k1< Builder > curve
Definition ecdsa_circuit.hpp:24
bb::EcdsaCircuit::generate
static Builder generate(uint256_t public_inputs[])
Definition ecdsa_circuit.hpp:28
bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:41
bb::group::one
static constexpr element one
Definition group.hpp:46
bb::numeric::uint256_t
Definition uint256.hpp:32
bb::stdlib::bool_t
Implements boolean logic in-circuit.
Definition bool.hpp:59
bb::stdlib::bool_t::assert_equal
void assert_equal(const bool_t &rhs, std::string const &msg="bool_t::assert_equal") const
Implements copy constraint for bool_t elements.
Definition bool.cpp:421
bb::stdlib::byte_array
Represents a dynamic array of bytes in-circuit.
Definition byte_array.hpp:28
bb::stdlib::byte_array::write
byte_array & write(byte_array const &other)
Appends the contents of another byte_array (other) to the end of this one.
Definition byte_array.cpp:263
bb::stdlib::field_t< Builder >
bb::stdlib::public_witness_t
Definition witness.hpp:59
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
bb::crypto::sha256
Sha256Hash sha256(const ByteContainer &input)
SHA-256 hash function (FIPS 180-4)
Definition sha256.cpp:150
bb::stdlib::ecdsa_verify_signature
bool_t< Builder > ecdsa_verify_signature(const stdlib::byte_array< Builder > &hashed_message, const G1 &public_key, const ecdsa_signature< Builder > &sig)
Verify ECDSA signature. Returns bool_t(true/false) depending on whether the signature is valid or not...
Definition ecdsa_impl.hpp:75
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
bb::UltraCircuitBuilder
UltraCircuitBuilder_< UltraExecutionTraceBlocks > UltraCircuitBuilder
Definition circuit_builders_fwd.hpp:24
ecdsa_impl.hpp
bb::crypto::ecdsa_key_pair
Definition ecdsa.hpp:18
bb::crypto::ecdsa_key_pair::public_key
G1::affine_element public_key
Definition ecdsa.hpp:20
bb::crypto::ecdsa_key_pair::private_key
Fr private_key
Definition ecdsa.hpp:19
bb::crypto::ecdsa_signature
Definition ecdsa.hpp:25
bb::crypto::ecdsa_signature::r
std::array< uint8_t, 32 > r
Definition ecdsa.hpp:26
bb::crypto::ecdsa_signature::s
std::array< uint8_t, 32 > s
Definition ecdsa.hpp:27
bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:675
bb::stdlib::ecdsa_signature
Definition ecdsa.hpp:14
bb::stdlib::secp256k1::byte_array_ct
byte_array< Builder > byte_array_ct
Definition secp256k1.hpp:42
bb::stdlib::secp256k1::fq_ct
bigfield< Builder, typename ::bb::secp256k1::FqParams > fq_ct
Definition secp256k1.hpp:45
bb::stdlib::secp256k1::g1_bigfr_ct
element< Builder, fq_ct, bigfr_ct, g1 > g1_bigfr_ct
Definition secp256k1.hpp:48
bb::stdlib::secp256k1::bigfr_ct
bigfield< Builder, typename ::bb::secp256k1::FrParams > bigfr_ct
Definition secp256k1.hpp:46
throw_or_abort
void throw_or_abort(std::string const &err)
Definition throw_or_abort.hpp:6