feat!: var message size for keccak in stdlib (#1481)

* Var message size for keccak in stdlib * fix the build: remove aes blackbox add domain separator for pedersen * pedersen with domain separator
noir-lang · Jun 1, 2023 · 9ed1068 · 9ed1068
1 parent a2defce
commit 9ed1068
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 12 deletions.
diff --git a/crates/nargo_cli/tests/test_data/keccak256/src/main.nr b/crates/nargo_cli/tests/test_data/keccak256/src/main.nr
@@ -5,6 +5,18 @@ use dep::std;
 fn main(x: Field, result: [u8; 32]) {
     // We use the `as` keyword here to denote the fact that we want to take just the first byte from the x Field
     // The padding is taken care of by the program
-    let digest = std::hash::keccak256([x as u8]);
+    let digest = std::hash::keccak256([x as u8], 1);
     assert(digest == result);
+
+    //#1399: variable meesage size 
+    let message_size = 4;
+    let hash_a = std::hash::keccak256([1,2,3,4], message_size);
+    let hash_b = std::hash::keccak256([1,2,3,4,0,0,0,0], message_size);
+
+    assert(hash_a == hash_b);
+
+    let message_size_big = 8;
+    let hash_c = std::hash::keccak256([1,2,3,4,0,0,0,0], message_size_big);
+
+    assert(hash_a != hash_c);
 }
diff --git a/crates/nargo_cli/tests/test_data/pedersen_check/Prover.toml b/crates/nargo_cli/tests/test_data/pedersen_check/Prover.toml
@@ -2,5 +2,5 @@ x = "0"
 y = "1"
 salt = "42"
 
-out_x = "0x11831f49876c313f2a9ec6d8d521c7ce0b6311c852117e340bfe27fd1ac096ef"
-out_y = "0x0ecf9d98be4597a88c46a7e0fa8836b57a7dcb41ee30f8d8787b11cc259c83fa"
+out_x = "0x0c5e1ddecd49de44ed5e5798d3f6fb7c71fe3d37f5bee8664cf88a445b5ba0af"
+out_y = "0x230294a041e26fe80b827c2ef5cb8784642bbaa83842da2714d62b1f3c4f9752"
diff --git a/crates/noirc_evaluator/src/ssa/acir_gen/operations/intrinsics.rs b/crates/noirc_evaluator/src/ssa/acir_gen/operations/intrinsics.rs
@@ -106,13 +106,24 @@ pub(crate) fn evaluate(
                     inputs: resolve_array(&args[0], acir_gen, ctx, evaluator),
                     outputs: outputs.to_vec(),
                 },
-                BlackBoxFunc::Keccak256 => BlackBoxFuncCall::Keccak256 {
-                    inputs: resolve_array(&args[0], acir_gen, ctx, evaluator),
-                    outputs: outputs.to_vec(),
-                },
+                BlackBoxFunc::Keccak256 => {
+                    let msg_size = acir_gen
+                        .var_cache
+                        .get_or_compute_internal_var(args[1], evaluator, ctx)
+                        .expect("ICE - could not get an expression for keccak message size");
+                    let witness =
+                        acir_gen.var_cache.get_or_compute_witness_unwrap(msg_size, evaluator, ctx);
+                    let var_message_size = FunctionInput { witness, num_bits: 32 };
+                    BlackBoxFuncCall::Keccak256VariableLength {
+                        inputs: resolve_array(&args[0], acir_gen, ctx, evaluator),
+                        var_message_size,
+                        outputs: outputs.to_vec(),
+                    }
+                }
                 BlackBoxFunc::Pedersen => BlackBoxFuncCall::Pedersen {
                     inputs: resolve_array(&args[0], acir_gen, ctx, evaluator),
                     outputs: outputs.to_vec(),
+                    domain_separator: 0,
                 },
                 BlackBoxFunc::FixedBaseScalarMul => BlackBoxFuncCall::FixedBaseScalarMul {
                     input: resolve_variable(&args[0], acir_gen, ctx, evaluator).unwrap(),

diff --git a/crates/noirc_evaluator/src/ssa/builtin.rs b/crates/noirc_evaluator/src/ssa/builtin.rs
@@ -80,9 +80,6 @@ impl Opcode {
                     // Verify returns zero or one
                     BlackBoxFunc::SchnorrVerify | BlackBoxFunc::EcdsaSecp256k1 => BigUint::one(),
                     BlackBoxFunc::HashToField128Security => ObjectType::native_field().max_size(),
-                    BlackBoxFunc::AES => {
-                        todo!("ICE: AES is unimplemented")
-                    }
                     BlackBoxFunc::RANGE | BlackBoxFunc::AND | BlackBoxFunc::XOR => {
                         unimplemented!("ICE: these opcodes do not have Noir builtin functions")
                     }
@@ -100,7 +97,6 @@ impl Opcode {
         match self {
             Opcode::LowLevel(op) => {
                 match op {
-                    BlackBoxFunc::AES => todo!("ICE: AES is unimplemented"),
                     BlackBoxFunc::SHA256 | BlackBoxFunc::Blake2s | BlackBoxFunc::Keccak256 => {
                         (32, ObjectType::unsigned_integer(8))
                     }

diff --git a/noir_stdlib/src/hash.nr b/noir_stdlib/src/hash.nr
@@ -13,7 +13,7 @@ fn pedersen<N>(_input : [Field; N]) -> [Field; 2] {}
 fn hash_to_field<N>(_input : [Field; N]) -> Field {}
 
 #[foreign(keccak256)]
-fn keccak256<N>(_input : [u8; N]) -> [u8; 32] {}
+fn keccak256<N>(_input : [u8; N], _message_size: u32) -> [u8; 32] {}
 
 // mimc-p/p implementation
 // constants are (publicly generated) random numbers, for instance using keccak as a ROM.