anemoi: updated E_power_five gadget

libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp

@@ -51,7 +51,7 @@ class flystel_Q_gamma_prime_field_gadget : public gadget<FieldT>
 
     flystel_Q_gamma_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -78,7 +78,7 @@ class flystel_Q_delta_prime_field_gadget : public gadget<FieldT>
 
     flystel_Q_delta_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -110,17 +110,14 @@ class flystel_Q_gamma_binary_field_gadget : public gadget<FieldT>
 
     flystel_Q_gamma_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
 };
 
-// TODO: add class flystel_Q_delta_binary_field_gadget : public gadget<FieldT>
-// ...
-
 /// Flystel Q_delta function for binary fields:
 /// Qi(x) = beta x^3 + delta
 ///
@@ -145,7 +142,7 @@ class flystel_Q_delta_binary_field_gadget : public gadget<FieldT>
 
     flystel_Q_delta_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -170,7 +167,7 @@ class flystel_E_power_five_gadget : public gadget<FieldT>
 
     flystel_E_power_five_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -200,23 +197,29 @@ template<typename FieldT, size_t generator>
 class flystel_closed_prime_field_gadget : public gadget<FieldT>
 {
 private:
-    // internal (i.e. intermediate) variables: v3,v4,v5
-    std::array<pb_variable<FieldT>, 4> internal;
+    // internal (i.e. intermediate) variables
+    pb_variable<FieldT> a0;
+    pb_variable<FieldT> a1;
+    pb_variable<FieldT> a2;
 
 public:
     // (v1,v2)=(x0,x1)
-    std::array<pb_variable<FieldT>, 2> input;
+    const pb_linear_combination<FieldT> input_x0;
+    const pb_linear_combination<FieldT> input_x1;
     // (v7,v8)=(y0,y1)
-    std::array<pb_variable<FieldT>, 2> output;
+    const pb_linear_combination<FieldT> output_y0;
+    const pb_linear_combination<FieldT> output_y1;
 
     flystel_Q_gamma_prime_field_gadget<FieldT, generator> Q_gamma;
     flystel_Q_delta_prime_field_gadget<FieldT, generator> Q_delta;
-    flystel_E_power_five_gadget<FieldT> power_five;
+    flystel_E_power_five_gadget<FieldT> E_power_five;
 
     flystel_closed_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const std::array<pb_variable<FieldT>, 2> &input,
-        const std::array<pb_variable<FieldT>, 2> &output,
+        const pb_linear_combination<FieldT> &x0,
+        const pb_linear_combination<FieldT> &x1,
+        const pb_linear_combination<FieldT> &y0,
+        const pb_linear_combination<FieldT> &y1,
         const std::string &annotation_prefix = "");
 
     void generate_r1cs_constraints();
@@ -226,7 +229,7 @@ class flystel_closed_prime_field_gadget : public gadget<FieldT>
 // get the MDS matrix from the number of columns 2,3 or 4
 template<typename FieldT, size_t NumStateColumns_L>
 std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L>
-anemoi_permutation_get_mds(const FieldT g);
+anemoi_permutation_mds(const FieldT g);
 
 /// One round of the Anemoi permutation mapping (Fr)^{2l} -> (Fr)^{2l}
 ///

libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc

@@ -50,7 +50,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
     flystel_Q_gamma_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -96,7 +96,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_delta_prime_field_gadget<FieldT, generator>::
     flystel_Q_delta_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -158,7 +158,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
     flystel_Q_gamma_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -211,7 +211,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_delta_binary_field_gadget<FieldT, generator>::
     flystel_Q_delta_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -277,7 +277,7 @@ void flystel_Q_delta_binary_field_gadget<FieldT, generator>::
 template<typename FieldT>
 flystel_E_power_five_gadget<FieldT>::flystel_E_power_five_gadget(
     protoboard<FieldT> &pb,
-    const pb_linear_combination<FieldT> input,
+    const pb_linear_combination<FieldT> &input,
     const pb_variable<FieldT> &output,
     const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
@@ -314,44 +314,54 @@ void flystel_E_power_five_gadget<FieldT>::generate_r1cs_witness()
     this->pb.val(internal[1]) =
         (this->pb.val(internal[0])) * this->pb.val(internal[0]);
     // y = x1 * x3
-    this->pb.val(output) = this->pb.lc_val(input) * this->pb.val(internal[1]);
+    this->pb.val(output) =
+        this->pb.lc_val(input) * this->pb.val(internal[1]);
 }
 
 template<typename FieldT, size_t generator>
 flystel_closed_prime_field_gadget<FieldT, generator>::
     flystel_closed_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const std::array<pb_variable<FieldT>, 2> &input,
-        const std::array<pb_variable<FieldT>, 2> &output,
+        const pb_linear_combination<FieldT> &x0,
+        const pb_linear_combination<FieldT> &x1,
+        const pb_linear_combination<FieldT> &y0,
+        const pb_linear_combination<FieldT> &y1,
         const std::string &annotation_prefix)
-    : flystel_Q_gamma_prime_field_gadget<FieldT, generator>(
-          pb, input[0], internal[0])
-    , flystel_Q_delta_prime_field_gadget<FieldT, generator>(
-          pb, input[1], internal[2])
-    , flystel_E_power_five_gadget<FieldT>(pb, input[0] - input[1], internal[1])
+    : gadget<FieldT>(pb, annotation_prefix)
+    , input_x0(x0)
+    , input_x1(x1)
+    , output_y0(y0)
+    , output_y1(y1)
+    , Q_gamma(pb, x1, a0, annotation_prefix)
+    , Q_delta(pb, y1, a2, annotation_prefix)
+    , E_power_five(pb, x1 - y1, a1, annotation_prefix)
 {
-    internal[0].allocate(this->pb, " v3");
-    internal[1].allocate(this->pb, " v4");
-    internal[2].allocate(this->pb, " v5");
+    a0.allocate(this->pb, " a0");
+    a1.allocate(this->pb, " a1");
+    a2.allocate(this->pb, " a2");
 }
 
 // R1CS constraints for the operation
 //
-// y0 = Q_gamma(x0) + power_five(x0-x1)
-// y1 = Q_delta(x1) + power_five(x0-x1)
+// x0 = Q_gamma(x1) + power_five(x1-y1)
+// y0 = Q_delta(y1) + power_five(x1-y1)
 //
 // x0=input[0], x1=input[1], y0=output[0], y1=output[1].
 //
 // The function generates the constraints for the three gadgets:
 // Q_gamma, Q_delta, power_five by calling their corresponding
 // generate_r1cs_constraints() methods
+//
+// \attention one of the the outputs of this evaluation x0 is also an
+// input to the flystel S-box since here the flystel is evaluated in its closed
+// form i.e. when all inputs x,x1 and outputs y0,y1 are known
 template<typename FieldT, size_t generator>
 void flystel_closed_prime_field_gadget<FieldT, generator>::
     generate_r1cs_constraints()
 {
     Q_gamma.generate_r1cs_constraints();
     Q_delta.generate_r1cs_constraints();
-    power_five.generate_r1cs_constraints();
+    E_power_five.generate_r1cs_constraints();
 }
 
 template<typename FieldT, size_t generator>
@@ -360,12 +370,12 @@ void flystel_closed_prime_field_gadget<FieldT, generator>::
 {
     Q_gamma.generate_r1cs_witness();
     Q_delta.generate_r1cs_witness();
-    power_five.generate_r1cs_witness();
+    E_power_five.generate_r1cs_witness();
 }
 
 template<typename FieldT, size_t NumStateColumns_L>
 std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L>
-anemoi_permutation_get_mds(const FieldT g)
+anemoi_permutation_mds(const FieldT g)
 {
     std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L> M;
     const FieldT g2 = g * g;

libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp

@@ -13,6 +13,7 @@
 namespace libsnark
 {
 // TODO: specialize by the field type + cast to the field
+// see     setup_sha3_constants();
 #if 0
 // l = 1
 FieldT C1[1][19] = {

libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp

@@ -111,6 +111,38 @@ template<typename FieldT> void test_flystel_E_power_five_gadget(const size_t n)
     libff::print_time("flystel_E_power_five_gadget tests successful");
 }
 
+template<typename FieldT>
+void test_flystel_closed_prime_field_gadget(const size_t n)
+{
+    printf(
+        "testing flystel_closed_prime_field_gadget on all %zu bit strings\n",
+        n);
+
+    protoboard<FieldT> pb;
+    //    std::array<pb_variable<FieldT>, 2> x;
+    //    std::array<pb_variable<FieldT>, 2> y;
+    //    std::array<pb_linear_combination<FieldT>, 2> x;
+    //    std::array<pb_linear_combination<FieldT>, 2> y;
+    pb_linear_combination<FieldT> x0;
+    pb_linear_combination<FieldT> x1;
+    pb_linear_combination<FieldT> y0;
+    pb_linear_combination<FieldT> y1;
+#if 0
+    // input
+    x[0].allocate(pb, "x0");
+    x[1].allocate(pb, "x1");
+    // output
+    y[0].allocate(pb, "y0");
+    y[1].allocate(pb, "y1");
+#endif
+    flystel_closed_prime_field_gadget<
+        FieldT,
+        FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
+        d(pb, x0, x1, y0, y1, "flystel");
+
+    libff::print_time("flystel_E_power_five_gadget tests successful");
+}
+
 int main(void)
 {
     libff::start_profiling();
@@ -141,5 +173,5 @@ int main(void)
     test_flystel_Q_gamma_prime_field_gadget<FieldT>(10);
     test_flystel_Q_gamma_binary_field_gadge<FieldT>(10);
     test_flystel_E_power_five_gadget<FieldT>(10);
-    //    //    test_flystel_power_two_gadget<libff::bls12_381_Fr>(10);
+    test_flystel_closed_prime_field_gadget<FieldT>(10);
 }