Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
aes128.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Planned, auditors: [], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8
13
14#include "sparse.hpp"
15#include "types.hpp"
16
18static constexpr uint64_t AES_BASE = 9;
19
27{
28 const auto byte = numeric::map_from_sparse_form<AES_BASE>(key[0]);
29 return { bb::fr(numeric::map_into_sparse_form<AES_BASE>(byte)), bb::fr(0) };
30}
31
61{
62 BasicTable table;
63 table.id = id;
64 table.table_index = table_index;
65
66 for (uint64_t i = 0; i < AES_BASE; ++i) {
67 // Compute the raw values for the first digit
68 uint64_t i_raw = i * AES_BASE * AES_BASE * AES_BASE;
69 // Compute the normalized value for the first digit by taking the LSB
70 uint64_t i_normalized = ((i & 1UL) == 1UL) * AES_BASE * AES_BASE * AES_BASE;
71 for (uint64_t j = 0; j < AES_BASE; ++j) {
72 // Compute the raw values for the second digit
73 uint64_t j_raw = j * AES_BASE * AES_BASE;
74 // Compute the normalized value for the second digit by taking the LSB
75 uint64_t j_normalized = ((j & 1UL) == 1UL) * AES_BASE * AES_BASE;
76 for (uint64_t k = 0; k < AES_BASE; ++k) {
77 // Compute the raw values for the third digit
78 uint64_t k_raw = k * AES_BASE;
79 // Compute the normalized value for the third digit by taking the LSB
80 uint64_t k_normalized = ((k & 1UL) == 1UL) * AES_BASE;
81 for (uint64_t m = 0; m < AES_BASE; ++m) {
82 // Compute the raw values for the fourth digit
83 uint64_t m_raw = m;
84 // Compute the normalized value for the fourth digit by taking the LSB
85 uint64_t m_normalized = ((m & 1UL) == 1UL);
86 // Left value is the raw value of the 4-digit sparse value
87 uint64_t left = i_raw + j_raw + k_raw + m_raw;
88 // Right value is the normalized value of the 4-digit sparse value
89 uint64_t right = i_normalized + j_normalized + k_normalized + m_normalized;
90 table.column_1.emplace_back(left);
91 table.column_2.emplace_back(right);
92 table.column_3.emplace_back(bb::fr(0));
93 }
94 }
95 }
96 }
97 table.use_twin_keys = false;
98 // Set the callback function for the table
100
101 table.column_1_step_size = bb::fr(6561);
102 table.column_2_step_size = bb::fr(6561);
103 table.column_3_step_size = bb::fr(0);
104 return table;
105}
106
117{
118 const size_t num_entries = 2;
119 std::vector<bb::fr> column_1_coefficients;
120 std::vector<bb::fr> column_2_coefficients;
121 std::vector<bb::fr> column_3_coefficients;
122
123 // The multicolumn coefficients for the lower and upper 4-digit sparse values
124 for (size_t i = 0; i < num_entries; ++i) {
125 column_1_coefficients.emplace_back(bb::fr(AES_BASE).pow(4 * i));
126 column_2_coefficients.emplace_back(bb::fr(AES_BASE).pow(4 * i));
127 column_3_coefficients.emplace_back(0);
128 }
129
130 MultiTable table(column_1_coefficients, column_2_coefficients, column_3_coefficients);
131
132 table.id = id;
133 for (size_t i = 0; i < num_entries; ++i) {
134 table.slice_sizes.emplace_back(AES_BASE * AES_BASE * AES_BASE * AES_BASE);
135 table.basic_table_ids.emplace_back(AES_SPARSE_NORMALIZE);
137 }
138 return table;
139}
140
166{
167 const size_t num_entries = 16;
168
169 MultiTable table(256, 0, 0, num_entries);
170
171 table.id = id;
172 for (size_t i = 0; i < num_entries; ++i) {
173 table.slice_sizes.emplace_back(256);
174 table.basic_table_ids.emplace_back(AES_SPARSE_MAP);
175 table.get_table_values.emplace_back(&sparse_tables::get_sparse_table_with_rotation_values<AES_BASE, 0>);
176 }
177 return table;
178}
179
204{
205 // Convert the first sparse value to a native byte
206 const auto byte = numeric::map_from_sparse_form<AES_BASE>(key[0]);
207 // Get the native value of the S-box output
208 uint8_t sbox_value = crypto::aes128_sbox[(uint8_t)byte];
209 // Compute the swizzled value, i.e. S(byte) * 3 for MixColumns
210 // The "swizzled" value is the XTIME operation applied to S(byte)
211 uint8_t swizzled = ((uint8_t)(sbox_value << 1) ^ (uint8_t)(((sbox_value >> 7) & 1) * 0x1b));
212
213 // Map the sbox output back to sparse form. Also compute sbox_value ^ swizzled
214 return { bb::fr(numeric::map_into_sparse_form<AES_BASE>(sbox_value)),
215 bb::fr(numeric::map_into_sparse_form<AES_BASE>((uint8_t)(sbox_value ^ swizzled))) };
216}
217
241inline BasicTable generate_aes_sbox_table(BasicTableId id, const size_t table_index)
242{
243 BasicTable table;
244 table.id = id;
245 table.table_index = table_index;
246 size_t table_size = 256;
247 table.use_twin_keys = false;
248 for (uint64_t i = 0; i < table_size; ++i) {
249 const auto first = numeric::map_into_sparse_form<AES_BASE>((uint8_t)i);
250 uint8_t sbox_value = crypto::aes128_sbox[(uint8_t)i];
251 uint8_t swizzled = ((uint8_t)(sbox_value << 1) ^ (uint8_t)(((sbox_value >> 7) & 1) * 0x1b));
252 const auto second = numeric::map_into_sparse_form<AES_BASE>(sbox_value);
253 const auto third = numeric::map_into_sparse_form<AES_BASE>((uint8_t)(sbox_value ^ swizzled));
254
255 table.column_1.emplace_back(bb::fr(first));
256 table.column_2.emplace_back(bb::fr(second));
257 table.column_3.emplace_back(bb::fr(third));
258 }
260
261 table.column_1_step_size = bb::fr(0);
262 table.column_2_step_size = bb::fr(0);
263 table.column_3_step_size = bb::fr(0);
264 return table;
265}
266
268{
269 const size_t num_entries = 1;
270
271 MultiTable table(0, 0, 0, 1);
272
273 table.id = id;
274 for (size_t i = 0; i < num_entries; ++i) {
275 table.slice_sizes.emplace_back(numeric::pow64(AES_BASE, 8));
276 table.basic_table_ids.emplace_back(AES_SBOX_MAP);
278 }
279 return table;
280}
281} // namespace bb::plookup::aes128_tables
constexpr uint64_t pow64(const uint64_t input, const uint64_t exponent)
Definition pow.hpp:13
MultiTable get_aes_input_table(const MultiTableId id=AES_INPUT)
Creates a MultiTable for converting a 128-bit AES input block into 16 sparse-form bytes.
Definition aes128.hpp:165
std::array< bb::fr, 2 > get_aes_sbox_values_from_key(const std::array< uint64_t, 2 > key)
Computes AES S-box substitution and a derived value for MixColumns, returning both in sparse form.
Definition aes128.hpp:203
BasicTable generate_aes_sparse_normalization_table(BasicTableId id, const size_t table_index)
Generates a BasicTable for normalizing 4 sparse digits back to valid sparse form.
Definition aes128.hpp:60
MultiTable get_aes_normalization_table(const MultiTableId id=AES_NORMALIZE)
Creates a MultiTable for normalizing 8 sparse digits back to binary digits.
Definition aes128.hpp:116
std::array< bb::fr, 2 > get_aes_sparse_normalization_values_from_key(const std::array< uint64_t, 2 > key)
Normalizes the sparse form by mapping from sparse form to bytes and back to sparse form.
Definition aes128.hpp:26
BasicTable generate_aes_sbox_table(BasicTableId id, const size_t table_index)
Generates a plookup table for AES S-box substitution with precomputed MixColumns values.
Definition aes128.hpp:241
MultiTable get_aes_sbox_table(const MultiTableId id=AES_SBOX)
Definition aes128.hpp:267
@ AES_SBOX_MAP
Definition types.hpp:36
@ AES_SPARSE_MAP
Definition types.hpp:35
@ AES_SPARSE_NORMALIZE
Definition types.hpp:37
@ AES_NORMALIZE
Definition types.hpp:98
field< Bn254FrParams > fr
Definition fr.hpp:174
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
A basic table from which we can perform lookups (for example, an xor table)
Definition types.hpp:285
std::vector< bb::fr > column_3
Definition types.hpp:320
std::vector< bb::fr > column_2
Definition types.hpp:319
std::array< bb::fr, 2 >(* get_values_from_key)(const std::array< uint64_t, 2 >)
Definition types.hpp:328
std::vector< bb::fr > column_1
Definition types.hpp:318
Container for managing multiple BasicTables plus the data needed to combine basic table outputs (e....
Definition types.hpp:147
std::vector< BasicTableId > basic_table_ids
Definition types.hpp:153
std::vector< uint64_t > slice_sizes
Definition types.hpp:154
std::vector< table_out(*)(table_in)> get_table_values
Definition types.hpp:163