Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 0dbaea6

Browse files
author
Vesselin Velichkov
committedOct 21, 2022
anemoi: completed unit test for flystel sbox; code cleanup
1 parent 8afb450 commit 0dbaea6

File tree

3 files changed

+37
-160
lines changed

3 files changed

+37
-160
lines changed
 

‎libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp

+4-6
Original file line numberDiff line numberDiff line change
@@ -244,12 +244,10 @@ class flystel_prime_field_gadget : public gadget<FieldT>
244244
pb_variable<FieldT> a2;
245245

246246
public:
247-
// (x0,x1)
248247
const linear_combination<FieldT> input_x0;
249248
const linear_combination<FieldT> input_x1;
250-
// (v7,v8)=(y0,y1)
251-
linear_combination<FieldT> output_y0;
252-
linear_combination<FieldT> output_y1;
249+
const pb_variable<FieldT> output_y0;
250+
const pb_variable<FieldT> output_y1;
253251

254252
flystel_Q_gamma_prime_field_gadget<FieldT, generator> Q_gamma;
255253
flystel_Q_delta_prime_field_gadget<FieldT, generator> Q_delta;
@@ -259,8 +257,8 @@ class flystel_prime_field_gadget : public gadget<FieldT>
259257
protoboard<FieldT> &pb,
260258
const linear_combination<FieldT> &x0,
261259
const linear_combination<FieldT> &x1,
262-
const linear_combination<FieldT> &y0,
263-
const linear_combination<FieldT> &y1,
260+
const pb_variable<FieldT> &y0,
261+
const pb_variable<FieldT> &y1,
264262
const std::string &annotation_prefix = "");
265263

266264
void generate_r1cs_constraints();

‎libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc

+13-13
Original file line numberDiff line numberDiff line change
@@ -415,8 +415,8 @@ flystel_prime_field_gadget<FieldT, generator>::flystel_prime_field_gadget(
415415
protoboard<FieldT> &pb,
416416
const linear_combination<FieldT> &x0,
417417
const linear_combination<FieldT> &x1,
418-
const linear_combination<FieldT> &y0,
419-
const linear_combination<FieldT> &y1,
418+
const pb_variable<FieldT> &y0,
419+
const pb_variable<FieldT> &y1,
420420
const std::string &annotation_prefix)
421421
: gadget<FieldT>(pb, annotation_prefix)
422422
, a0(pb_variable_allocate(pb, FMT(annotation_prefix, " a0")))
@@ -464,20 +464,20 @@ void flystel_prime_field_gadget<FieldT, generator>::generate_r1cs_witness()
464464
const FieldT input_x1_value =
465465
input_x1.evaluate(this->pb.full_variable_assignment());
466466

467-
output_y0 = input_x0_value - this->pb.val(a0) - this->pb.val(a2);
468-
output_y1 = input_x1_value - this->pb.val(a1);
467+
this->pb.lc_val(output_y0) =
468+
input_x0_value - this->pb.val(a0) + this->pb.val(a2);
469+
this->pb.lc_val(output_y1) = input_x1_value - this->pb.val(a1);
469470

470471
printf("[%s:%d] x0 ", __FILE__, __LINE__);
471472
input_x0_value.print();
472473
printf("[%s:%d] a0 ", __FILE__, __LINE__);
473474
this->pb.val(a0).print();
474475
printf("[%s:%d] a2 ", __FILE__, __LINE__);
475476
this->pb.val(a2).print();
476-
// printf("[%s:%d] y0 ", __FILE__, __LINE__);
477-
// output_y0.print();
478-
479-
// output_y0 = input_x0 - this->pb.val(a0) + this->pb.val(a2);
480-
// output_y1 = input_x1 - this->pb.val(a1);
477+
printf("[%s:%d] y0 ", __FILE__, __LINE__);
478+
this->pb.lc_val(output_y0).print();
479+
printf("[%s:%d] y1 ", __FILE__, __LINE__);
480+
this->pb.lc_val(output_y1).print();
481481
}
482482

483483
template<typename FieldT, size_t NumStateColumns_L>
@@ -496,10 +496,10 @@ anemoi_permutation_mds(const FieldT g)
496496
}
497497
if (NumStateColumns_L == 4) {
498498
M = {
499-
{g + 1, 1, g2, g2},
500-
{1, g + 1, g2 + g, g2},
501-
{g, g, g + 1, 1},
502-
{g + 1, g, 1, g + 1}};
499+
{1, g2, g2, 1 + g},
500+
{1 + g, g + g2, g2, 1 + 2 * g},
501+
{g, 1 + g, 1, g},
502+
{g, 1 + 2 * g, 1 + g, 1 + g}};
503503
return M;
504504
}
505505
// If we are here, then the number of columns NumStateColumns_L has invalid

‎libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp

+20-141
Original file line numberDiff line numberDiff line change
@@ -34,9 +34,10 @@ void test_pb_verify_circuit(protoboard<libff::Fr<ppT>> &pb)
3434
keypair.vk, primary_input, proof));
3535
}
3636

37-
template<typename FieldT>
37+
template<typename ppT>
3838
void test_flystel_Q_gamma_prime_field_gadget(const size_t n)
3939
{
40+
using FieldT = libff::Fr<ppT>;
4041
printf("testing flystel_power_two_gadget on all %zu bit strings\n", n);
4142
protoboard<FieldT> pb;
4243
pb_variable<FieldT> x;
@@ -65,9 +66,10 @@ void test_flystel_Q_gamma_prime_field_gadget(const size_t n)
6566
libff::print_time("flystel_power_two_gadget tests successful");
6667
}
6768

68-
template<typename FieldT>
69+
template<typename ppT>
6970
void test_flystel_Q_gamma_binary_field_gadge(const size_t n)
7071
{
72+
using FieldT = libff::Fr<ppT>;
7173
printf("testing flystel_power_three_gadget on all %zu bit strings\n", n);
7274

7375
protoboard<FieldT> pb;
@@ -98,8 +100,9 @@ void test_flystel_Q_gamma_binary_field_gadge(const size_t n)
98100
libff::print_time("flystel_power_three_gadget tests successful");
99101
}
100102

101-
template<typename FieldT> void test_flystel_E_power_five_gadget(const size_t n)
103+
template<typename ppT> void test_flystel_E_power_five_gadget(const size_t n)
102104
{
105+
using FieldT = libff::Fr<ppT>;
103106
printf("testing flystel_E_power_five_gadget on all %zu bit strings\n", n);
104107

105108
protoboard<FieldT> pb;
@@ -127,8 +130,9 @@ template<typename FieldT> void test_flystel_E_power_five_gadget(const size_t n)
127130
libff::print_time("flystel_E_power_five_gadget tests successful");
128131
}
129132

130-
template<typename FieldT> void test_flystel_E_root_five_gadget(const size_t n)
133+
template<typename ppT> void test_flystel_E_root_five_gadget(const size_t n)
131134
{
135+
using FieldT = libff::Fr<ppT>;
132136
printf("testing flystel_E_root_five_gadget on all %zu bit strings\n", n);
133137

134138
protoboard<FieldT> pb;
@@ -160,8 +164,9 @@ template<typename FieldT> void test_flystel_E_root_five_gadget(const size_t n)
160164
libff::print_time("flystel_E_root_five_gadget tests successful");
161165
}
162166

163-
template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
167+
template<typename ppT> void test_flystel_prime_field_gadget(const size_t n)
164168
{
169+
using FieldT = libff::Fr<ppT>;
165170
printf("testing flystel_prime_field_gadget on all %zu bit strings\n", n);
166171

167172
protoboard<FieldT> pb;
@@ -185,117 +190,18 @@ template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
185190
// generate witness for the given input
186191
d.generate_r1cs_witness();
187192

188-
#if 0
189-
190-
FieldT x0_val = pb.lc_val(x0); // x0_lc.terms[0].coeff;
191-
FieldT x1_val = pb.lc_val(x1); // x1_lc.terms[0].coeff;
192-
193-
// a0 = 23
194-
FieldT a0_expected = FieldT(23);
195-
// a1 = 22^{1/5}
196-
FieldT a1_expected =
197-
FieldT("10357913779704000956629425810748166374506105653"
198-
"828973721142406533896278368512");
199-
// a2 = 2 (3-a1)^2
200-
FieldT a2_expected =
201-
FieldT(2) * (FieldT(3) - a1_expected) * (FieldT(3) - a1_expected);
202-
// y0 = x0 - a0 + a2 = 22 + a2
203-
FieldT y0_expected = x0_val - a0_expected + a2_expected;
204-
// y1 = x1 - a1 = 3 - a1
205-
FieldT y1_expected = x1_val - a1_expected;
206-
207-
ASSERT_EQ(y0.evaluate(y0_assignment), y0_expected);
208-
ASSERT_EQ(y1.evaluate(y1_assignment), y1_expected);
209-
ASSERT_TRUE(pb.is_satisfied());
210-
#endif
211-
212-
libff::print_time("flystel_prime_field_gadget tests successful");
213-
}
193+
FieldT y0_expect = FieldT(34);
194+
FieldT y1_expect = FieldT(1);
214195

215-
template<typename FieldT> void test_root_five()
216-
{
217-
// alpha_inv =
218-
// 20974350070050476191779096203274386335076221000211055129041463479975432473805
219-
// FieldT x = FieldT::random_element();
220-
// FieldT y = power(x, 5);
221-
// x.print();
222-
// y.print();
223-
FieldT x = 5;
224-
FieldT x_mod_inv =
225-
FieldT("2097435007005047619177909620327438633507622100021"
226-
"1055129041463479975432473805");
227-
printf("Fr modulus \n");
228-
x.mod.print();
229-
printf("x + x_mod_inv\n");
230-
FieldT z = x + x_mod_inv;
231-
z.print();
232-
printf("\n");
233-
x.print();
234-
x.inverse().print();
235-
}
236-
237-
template<typename ppT> void test_bug()
238-
{
239-
using FieldT = libff::Fr<ppT>;
240-
241-
protoboard<FieldT> pb;
242-
pb_variable<FieldT> v1 = pb_variable_allocate(pb, "v1");
243-
pb_variable<FieldT> v2 = pb_variable_allocate(pb, "v2");
244-
pb_variable<FieldT> a0 = pb_variable_allocate(pb, "a0");
245-
pb_linear_combination<FieldT> x1;
246-
247-
x1.assign(pb, v1 + v2);
248-
249-
flystel_Q_gamma_prime_field_gadget<
250-
FieldT,
251-
FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
252-
d(pb, x1, a0, "flystel_Q_gamma");
253-
d.generate_r1cs_constraints();
254-
255-
pb.val(v1) = FieldT(3);
256-
pb.val(v2) = FieldT(0);
257-
258-
const FieldT expect_a0("23");
259-
260-
d.generate_r1cs_witness();
261-
ASSERT_EQ(expect_a0, pb.val(a0));
196+
ASSERT_EQ(y0_expect, pb.val(y0));
197+
ASSERT_EQ(y1_expect, pb.val(y1));
262198
ASSERT_TRUE(pb.is_satisfied());
263199

264200
// test_pb_verify_circuit<ppT>(pb);
265-
}
266-
267-
template<typename ppT> void test_bug_dt()
268-
{
269-
using FieldT = libff::Fr<ppT>;
270-
271-
// Circuit showing x_3 = beta * (x_1+x_2)^2 + gamma
272-
FieldT x1 = FieldT(7);
273-
FieldT x2 = FieldT(11);
274-
linear_combination<FieldT> lc(x1 + x2);
275-
276-
protoboard<FieldT> pb;
277-
pb_variable<FieldT> x3 = pb_variable_allocate(pb, "x3");
278-
pb_linear_combination<FieldT> pb_lc; //(pb, lc);
279-
pb_lc.assign(pb, lc);
280-
281-
flystel_Q_gamma_prime_field_gadget<FieldT, 2> d(
282-
pb, pb_lc, x3, "flystel_Q_gamma");
283-
d.generate_r1cs_constraints();
284201

285-
// Expect x3 = 2 * (7+11)^2 + 5 = 653
286-
const FieldT expect_x3("653");
287-
288-
d.generate_r1cs_witness();
289-
ASSERT_EQ(expect_x3, pb.val(x3));
290-
ASSERT_TRUE(pb.is_satisfied());
291-
292-
// test_pb_verify_circuit<ppT>(pb);
202+
libff::print_time("flystel_prime_field_gadget tests successful");
293203
}
294204

295-
TEST(TestAnemoiGadget, TestBug) { test_bug<libff::bls12_381_pp>(); }
296-
TEST(TestAnemoiGadget, TestBugDt) { test_bug_dt<libff::bls12_381_pp>(); }
297-
298-
// int main(int argc, char **argv)
299205
int main()
300206
{
301207
libff::start_profiling();
@@ -305,38 +211,11 @@ int main()
305211

306212
libff::bls12_381_pp::init_public_params();
307213
using ppT = libff::bls12_381_pp;
308-
using FieldT = libff::Fr<ppT>;
309214

310-
// for BLS12-381
311-
// beta = g = first multiplicative generator = 7.
312-
// delta = g^(-1)
313-
// 14981678621464625851270783002338847382197300714436467949315331057125308909861
314-
// Fr modulus
315-
// 52435875175126190479447740508185965837690552500527637822603658699938581184513
316-
#if 0
317-
FieldT a = FieldT(7);
318-
FieldT a_inv = a.inverse();
319-
assert((a * a_inv) == FieldT::one());
320-
printf("a_inv ");
321-
a_inv.print();
322-
printf("\n");
323-
printf("Fr modulus ");
324-
a.mod.print();
325-
printf("\n");
326-
#endif
327-
#if 0
328-
test_flystel_Q_gamma_prime_field_gadget<FieldT>(10);
329-
test_flystel_Q_gamma_binary_field_gadge<FieldT>(10);
330-
test_flystel_E_power_five_gadget<FieldT>(10);
331-
test_flystel_E_root_five_gadget<FieldT>(10);
332-
#endif
333-
test_flystel_prime_field_gadget<FieldT>(10);
334-
// test_bug<ppT>();
335-
// test_bug_dt<ppT>();
336-
// test_bug_two<FieldT>();
337-
// test_bug_one<FieldT>();
338-
// test_root_five<FieldT>();
339-
// ::testing::InitGoogleTest(&argc, argv);
340-
// return RUN_ALL_TESTS();
215+
test_flystel_Q_gamma_prime_field_gadget<ppT>(10);
216+
test_flystel_Q_gamma_binary_field_gadge<ppT>(10);
217+
test_flystel_E_power_five_gadget<ppT>(10);
218+
test_flystel_E_root_five_gadget<ppT>(10);
219+
test_flystel_prime_field_gadget<ppT>(10);
341220
return 0;
342221
}

0 commit comments

Comments
 (0)
Please sign in to comment.