blake2s.test.cpp

Go to the documentation of this file.

// === AUDIT STATUS ===
// internal:    { status: Complete, auditors: [Nishat], commit: 8fb8b041d4c9179f62da56a9c7bbf22c40db46cc}
// external_1:  { status: not started, auditors: [], commit: }
// external_2:  { status: not started, auditors: [], commit: }
// =====================
 
#include "barretenberg/crypto/blake2s/blake2s.hpp"
#include "barretenberg/circuit_checker/circuit_checker.hpp"
#include "barretenberg/flavor/ultra_flavor.hpp"
#include "barretenberg/numeric/uint256/uint256.hpp"
#include "barretenberg/ultra_honk/prover_instance.hpp"
#include "blake2s.hpp"
#include <gtest/gtest.h>
 
using namespace bb;
using namespace bb::stdlib;
 
using Builder = UltraCircuitBuilder;
 
using field_ct = field_t<Builder>;
using witness_ct = witness_t<Builder>;
using byte_array_ct = byte_array<Builder>;
using public_witness_t = public_witness_t<Builder>;
 
std::vector<std::string> test_vectors = { "",
                                          "a",
                                          "ab",
                                          "abc",
                                          "abcd",
                                          "abcdefg",
                                          "abcdefgh",
                                          "abcdefghijklmnopqrstuvwxyz01234",
                                          "abcdefghijklmnopqrstuvwxyz012345",
                                          "abcdefghijklmnopqrstuvwxyz0123456",
                                          "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0",
                                          "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01",
                                          "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz012",
                                          "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789" };
 
TEST(stdlib_blake2s, test_single_block)
{
    Builder builder;
    std::string input = "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01";
    std::vector<uint8_t> input_v(input.begin(), input.end());
 
    byte_array_ct input_arr(&builder, input_v);
    byte_array_ct output = stdlib::Blake2s<Builder>::hash(input_arr);
 
    auto expected = crypto::blake2s(input_v);
 
    EXPECT_EQ(output.get_value(), std::vector<uint8_t>(expected.begin(), expected.end()));
 
    info("builder gates = ", builder.get_num_finalized_gates_inefficient());
 
    bool proof_result = CircuitChecker::check(builder);
    EXPECT_EQ(proof_result, true);
}
 
TEST(stdlib_blake2s, test_double_block)
{
    Builder builder;
    std::string input = "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789";
    std::vector<uint8_t> input_v(input.begin(), input.end());
 
    byte_array_ct input_arr(&builder, input_v);
    byte_array_ct output = stdlib::Blake2s<Builder>::hash(input_arr);
 
    auto expected = crypto::blake2s(input_v);
 
    EXPECT_EQ(output.get_value(), std::vector<uint8_t>(expected.begin(), expected.end()));
 
    info("builder gates = ", builder.get_num_finalized_gates_inefficient());
 
    bool proof_result = CircuitChecker::check(builder);
    EXPECT_EQ(proof_result, true);
}
 
TEST(stdlib_blake2s, test_witness_and_constant)
{
    Builder builder;
 
    // create a byte array that is a circuit witness
    std::string witness_str = "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz";
    std::vector<uint8_t> witness_str_vec(witness_str.begin(), witness_str.end());
 
    // create a byte array that is part circuit witness and part circuit constant
    // start with the witness part, then append constant padding
    byte_array_ct input_arr(&builder, witness_str_vec);
    input_arr.write(byte_array_ct::constant_padding(&builder, 1, '0'))
        .write(byte_array_ct::constant_padding(&builder, 1, '1'));
 
    // for expected value calculation
    std::vector<uint8_t> constant_vec = { '0', '1' };
 
    // create expected input vector by concatenating witness and constant parts
    std::vector<uint8_t> input_v;
    input_v.insert(input_v.end(), witness_str_vec.begin(), witness_str_vec.end());
    input_v.insert(input_v.end(), constant_vec.begin(), constant_vec.end());
 
    // Verify the circuit input matches the expected input
    EXPECT_EQ(input_arr.get_value(), input_v);
 
    // hash the combined byte array
    byte_array_ct output = stdlib::Blake2s<Builder>::hash(input_arr);
 
    // compute expected hash
    auto expected = crypto::blake2s(input_v);
 
    EXPECT_EQ(output.get_value(), std::vector<uint8_t>(expected.begin(), expected.end()));
 
    info("builder gates = ", builder.get_num_finalized_gates_inefficient());
 
    bool proof_result = CircuitChecker::check(builder);
    EXPECT_EQ(proof_result, true);
}
 
TEST(stdlib_blake2s, test_constant_only)
{
    Builder builder;
    size_t len = 65;
 
    // create a byte array that is a circuit constant
    byte_array_ct input_arr = byte_array_ct::constant_padding(&builder, len, '1');
 
    // create expected input vector
    std::vector<uint8_t> input_v(len, '1');
 
    // Verify the circuit input matches the expected input
    EXPECT_EQ(input_arr.get_value(), input_v);
 
    // hash the byte array
    byte_array_ct output = stdlib::Blake2s<Builder>::hash(input_arr);
 
    // compute expected hash
    auto expected = crypto::blake2s(input_v);
 
    EXPECT_EQ(output.get_value(), std::vector<uint8_t>(expected.begin(), expected.end()));
 
    info("builder gates = ", builder.get_num_finalized_gates_inefficient());
 
    bool proof_result = CircuitChecker::check(builder);
    EXPECT_EQ(proof_result, true);
}
 
TEST(stdlib_blake2s, test_multiple_sized_blocks)
{
 
    int i = 0;
 
    for (auto v : test_vectors) {
        Builder builder;
 
        std::vector<uint8_t> input_v(v.begin(), v.end());
 
        byte_array_ct input_arr(&builder, input_v);
        byte_array_ct output = stdlib::Blake2s<Builder>::hash(input_arr);
 
        auto expected = crypto::blake2s(input_v);
 
        EXPECT_EQ(output.get_value(), std::vector<uint8_t>(expected.begin(), expected.end()));
 
        info("test vector ", i++, ".: builder gates = ", builder.get_num_finalized_gates_inefficient());
 
        bool proof_result = CircuitChecker::check(builder);
        EXPECT_EQ(proof_result, true);
    }
}
 
// Previously, certain inputs were pushing the addition overflows in `g` to beyond 3 bits (where `add_normalize` can
// tolerate up to 3 bits of overflow), causing failures. This has been addressed by calling `add_normalize` in the
// second half of every call to `g` to ensure that the overflow doesn't go beyond 3 bits. The edge case that caused
// addition overflow issues in Blake is tested here. See https://hackmd.io/@aztec-network/SyTHLkAWZx for a detailed
// description of the addition overflow issue.
TEST(stdlib_blake2s, test_edge_case_addition_overflow)
{
    std::array<uint8_t, 62> v = { 0x0E, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6,
                                  0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6,
                                  0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xFF,
                                  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6, 0xF6,
                                  0xF6, 0xF6, 0xF6, 0xF6, 0xED, 0xC3, 0x00, 0x00, 0x00, 0xED };
 
    Builder builder;
 
    std::vector<uint8_t> input_v(v.begin(), v.end());
 
    byte_array_ct input_arr(&builder, input_v);
    byte_array_ct output = stdlib::Blake2s<Builder>::hash(input_arr);
 
    auto expected = crypto::blake2s(input_v);
 
    EXPECT_EQ(output.get_value(), std::vector<uint8_t>(expected.begin(), expected.end()));
 
    info(".: builder gates = ", builder.get_num_finalized_gates_inefficient());
 
    bool proof_result = CircuitChecker::check(builder);
    EXPECT_EQ(proof_result, true);
}