Barretenberg: src/barretenberg/dsl/acir_format/ecdsa_constraints.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: completed, auditors: [Federico], date: 2025-10-24 }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#pragma once

#include "barretenberg/crypto/ecdsa/ecdsa.hpp"

#include "barretenberg/dsl/acir_format/witness_constant.hpp"

#include "barretenberg/serialize/msgpack.hpp"

#include "barretenberg/stdlib/primitives/byte_array/byte_array.hpp"

#include <vector>


namespace acir_format {


using namespace bb;


struct EcdsaConstraint {

    bb::CurveType type;


    // The byte representation of the hashed message.

    std::array<uint32_t, 32> hashed_message;


    // The signature

    std::array<uint32_t, 64> signature;


    // The public key against which the signature must be verified.

    // Since Fr does not have enough bits to represent the prime field in

    // secp256k1 or secp256r1, a byte array is used.

    std::array<uint32_t, 32> pub_x_indices;

    std::array<uint32_t, 32> pub_y_indices;


    // Predicate indicating whether the constraint should be disabled:

    // - true: the constraint is valid

    // - false: the constraint is disabled, i.e it must not fail and can return whatever.

    WitnessOrConstant<bb::fr> predicate;


    // Expected result of signature verification

    uint32_t result;


    // For serialization, update with any new fields

    MSGPACK_FIELDS(hashed_message, signature, pub_x_indices, pub_y_indices, predicate, result);

    friend bool operator==(EcdsaConstraint const& lhs, EcdsaConstraint const& rhs) = default;

};


template <typename Curve>

void create_ecdsa_verify_constraints(typename Curve::Builder& builder, const EcdsaConstraint& input);


template <typename Curve>

void create_dummy_ecdsa_constraint(typename Curve::Builder& builder,

                                   const std::vector<stdlib::field_t<typename Curve::Builder>>& hashed_message_fields,

                                   const std::vector<stdlib::field_t<typename Curve::Builder>>& r_fields,

                                   const std::vector<stdlib::field_t<typename Curve::Builder>>& s_fields,

                                   const std::vector<stdlib::field_t<typename Curve::Builder>>& pub_x_fields,

                                   const std::vector<stdlib::field_t<typename Curve::Builder>>& pub_y_fields,

                                   const stdlib::field_t<typename Curve::Builder>& result_field);


} // namespace acir_format

byte_array.hpp

bb::stdlib::field_t
Definition field.hpp:45

builder
AluTraceBuilder builder
Definition alu.test.cpp:124

ecdsa.hpp

msgpack.hpp

acir_format
Definition acir_format.cpp:31

acir_format::create_ecdsa_verify_constraints
void create_ecdsa_verify_constraints(typename Curve::Builder &builder, const EcdsaConstraint &input)
Create constraints to verify an ECDSA signature.
Definition ecdsa_constraints.cpp:41

acir_format::create_dummy_ecdsa_constraint
void create_dummy_ecdsa_constraint(typename Curve::Builder &builder, const std::vector< stdlib::field_t< typename Curve::Builder > > &hashed_message_fields, const std::vector< stdlib::field_t< typename Curve::Builder > > &r_fields, const std::vector< stdlib::field_t< typename Curve::Builder > > &s_fields, const std::vector< stdlib::field_t< typename Curve::Builder > > &pub_x_fields, const std::vector< stdlib::field_t< typename Curve::Builder > > &pub_y_fields, const stdlib::field_t< typename Curve::Builder > &result_field)
Generate dummy ECDSA constraints when the builder doesn't have witnesses.
Definition ecdsa_constraints.cpp:127

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::CurveType
CurveType
Definition types.hpp:10

acir_format::EcdsaConstraint
ECDSA constraints.
Definition ecdsa_constraints.hpp:40

acir_format::EcdsaConstraint::MSGPACK_FIELDS
MSGPACK_FIELDS(hashed_message, signature, pub_x_indices, pub_y_indices, predicate, result)

acir_format::EcdsaConstraint::pub_x_indices
std::array< uint32_t, 32 > pub_x_indices
Definition ecdsa_constraints.hpp:52

acir_format::EcdsaConstraint::type
bb::CurveType type
Definition ecdsa_constraints.hpp:41

acir_format::EcdsaConstraint::hashed_message
std::array< uint32_t, 32 > hashed_message
Definition ecdsa_constraints.hpp:44

acir_format::EcdsaConstraint::result
uint32_t result
Definition ecdsa_constraints.hpp:61

acir_format::EcdsaConstraint::operator==
friend bool operator==(EcdsaConstraint const &lhs, EcdsaConstraint const &rhs)=default

acir_format::EcdsaConstraint::predicate
WitnessOrConstant< bb::fr > predicate
Definition ecdsa_constraints.hpp:58

acir_format::EcdsaConstraint::signature
std::array< uint32_t, 64 > signature
Definition ecdsa_constraints.hpp:47

acir_format::EcdsaConstraint::pub_y_indices
std::array< uint32_t, 32 > pub_y_indices
Definition ecdsa_constraints.hpp:53

acir_format::WitnessOrConstant
Definition witness_constant.hpp:13

witness_constant.hpp