Barretenberg: src/barretenberg/stdlib/commitment/pedersen/pedersen.test.cpp Source File

#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp"

#include "barretenberg/circuit_checker/circuit_checker.hpp"

#include "barretenberg/common/test.hpp"

#include "barretenberg/crypto/pedersen_commitment/c_bind.hpp"

#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"

#include "barretenberg/numeric/random/engine.hpp"

#include "barretenberg/stdlib/primitives/curves/bn254.hpp"

#include "barretenberg/stdlib/primitives/test_utils.hpp"

#include "pedersen.hpp"


using namespace bb;

using bb::stdlib::test_utils::check_circuit_and_gate_count;

namespace {

auto& engine = numeric::get_debug_randomness();

}


template <typename Builder> class StdlibPedersen : public testing::Test {

    using _curve = stdlib::bn254<Builder>;


    using fr_ct = typename _curve::ScalarField;

    using witness_ct = typename _curve::witness_ct;

    using public_witness_ct = typename _curve::public_witness_ct;

    using pedersen_commitment = typename stdlib::pedersen_commitment<Builder>;


    // Helper to verify pedersen commitment against native implementation


    static void verify_commitment(Builder& builder [[maybe_unused]],

                                  const std::vector<stdlib::field_t<Builder>>& inputs,

                                  crypto::GeneratorContext<curve::Grumpkin> context = {})

    {

        // Extract native values from circuit inputs

        std::vector<fr> input_vals;

        for (const auto& input : inputs) {

            input_vals.push_back(input.get_value());

        }


        auto result = pedersen_commitment::commit(inputs, context);

        auto expected = crypto::pedersen_commitment::commit_native(input_vals, context);


        EXPECT_EQ(result.x.get_value(), expected.x);

        EXPECT_EQ(result.y.get_value(), expected.y);

    }


  public:


    static void test_pedersen()

    {

        Builder builder;


        fr left_in = fr::random_element();

        fr right_in = fr::random_element();


        // ensure left has skew 1, right has skew 0

        if ((left_in.from_montgomery_form().data[0] & 1) == 1) {

            left_in += fr::one();

        }

        if ((right_in.from_montgomery_form().data[0] & 1) == 0) {

            right_in += fr::one();

        }


        fr_ct left = public_witness_ct(&builder, left_in);

        fr_ct right = witness_ct(&builder, right_in);


        builder.fix_witness(left.witness_index, left.get_value());

        builder.fix_witness(right.witness_index, right.get_value());


        std::vector<stdlib::field_t<Builder>> inputs = { left, right };


        verify_commitment(builder, inputs);


        check_circuit_and_gate_count(builder, 2912);

    }


    static void test_mixed_witnesses_and_constants()

    {

        Builder builder;

        std::vector<stdlib::field_t<Builder>> inputs;


        for (size_t i = 0; i < 8; ++i) {

            fr value = fr::random_element();

            if (i % 2 == 0) {

                inputs.push_back(fr_ct(&builder, value));

            } else {

                inputs.push_back(witness_ct(&builder, value));

            }

        }


        verify_commitment(builder, inputs);


        // Gate count different for Mega because it adds constants for ECC op codes that get reused in ROM table access

        if constexpr (std::is_same_v<Builder, bb::MegaCircuitBuilder>) {

            check_circuit_and_gate_count(builder, 3994);

        } else {

            check_circuit_and_gate_count(builder, 3997);

        }

    }


    static void test_empty_input()

    {

        Builder builder;

        std::vector<fr> inputs;

        std::vector<stdlib::field_t<Builder>> witness_inputs;


        // Empty input should return the zero/identity point

        auto result = pedersen_commitment::commit(witness_inputs);


        // For empty inputs, the circuit returns (0, 0) which is the identity point

        EXPECT_EQ(result.x.get_value(), fr::zero());

        EXPECT_EQ(result.y.get_value(), fr::zero());


        check_circuit_and_gate_count(builder, 0);

    }


    static void test_single_input()

    {

        Builder builder;

        fr input = fr::random_element();

        std::vector<stdlib::field_t<Builder>> circuit_inputs = { witness_ct(&builder, input) };


        verify_commitment(builder, circuit_inputs);

        check_circuit_and_gate_count(builder, 2838);


        // Expect table size to be 14340 for single input

        // i.e. 254 bit scalars handled via 28 9-bit tables (size 2^9) plus one 2-bit table (size 2^2)

        // i.e. (28*2^9) + (1*2^2) = 14340

        EXPECT_EQ(builder.get_tables_size(), 14340);

    }


    // Test demonstrates lookup table optimization for 2 inputs


    static void test_two_inputs()

    {

        Builder builder;

        std::vector<stdlib::field_t<Builder>> circuit_inputs;


        for (size_t i = 0; i < 2; ++i) {

            circuit_inputs.push_back(witness_ct(&builder, fr::random_element()));

        }


        verify_commitment(builder, circuit_inputs);

        check_circuit_and_gate_count(builder, 2910);


        // Expect table size to be 28680 = 2*14340 for two inputs

        // Each input uses one Multitable of size 14340

        EXPECT_EQ(builder.get_tables_size(), 28680);

    }


    // Test demonstrates gate count jump when lookup tables can't be used (3+ inputs)


    static void test_three_inputs()

    {

        Builder builder;

        std::vector<stdlib::field_t<Builder>> circuit_inputs;


        for (size_t i = 0; i < 3; ++i) {

            circuit_inputs.push_back(witness_ct(&builder, fr::random_element()));

        }


        verify_commitment(builder, circuit_inputs);


        // Gate count different for Mega because it adds constants for ECC op codes that get reused in ROM table access

        if constexpr (std::is_same_v<Builder, bb::MegaCircuitBuilder>) {

            check_circuit_and_gate_count(builder, 3485);

        } else {

            check_circuit_and_gate_count(builder, 3488);

        }


        // Lookup tables size is same as 2 inputs since only the first 2 inputs use lookup tables

        EXPECT_EQ(builder.get_tables_size(), 28680);

    }


    static void test_large_input()

    {

        Builder builder;

        std::vector<stdlib::field_t<Builder>> circuit_inputs;


        for (size_t i = 0; i < 32; ++i) {

            circuit_inputs.push_back(witness_ct(&builder, fr::random_element()));

        }


        verify_commitment(builder, circuit_inputs);


        // Gate count different for Mega because it adds constants for ECC op codes that get reused in ROM table access

        if constexpr (std::is_same_v<Builder, bb::MegaCircuitBuilder>) {

            check_circuit_and_gate_count(builder, 12156);

        } else {

            check_circuit_and_gate_count(builder, 12159);

        }

    }


    static void test_zero_values()

    {

        Builder builder;


        // Mix of witness and constant zeros/non-zeros

        std::vector<stdlib::field_t<Builder>> circuit_inputs = {

            witness_ct(&builder, fr::zero()),

            witness_ct(&builder, fr::random_element()),

            fr_ct(&builder, fr::zero()),          // constant zero

            fr_ct(&builder, fr::random_element()) // constant non-zero

        };


        verify_commitment(builder, circuit_inputs);

    }


    static void test_custom_generator_context()

    {

        Builder builder;

        std::vector<stdlib::field_t<Builder>> circuit_inputs;


        for (size_t i = 0; i < 4; ++i) {

            circuit_inputs.push_back(witness_ct(&builder, fr::random_element()));

        }


        crypto::GeneratorContext<curve::Grumpkin> context;

        context.offset = 10;


        verify_commitment(builder, circuit_inputs, context);

    }


    static void test_all_constants()

    {

        Builder builder;

        std::vector<stdlib::field_t<Builder>> circuit_inputs;


        for (size_t i = 0; i < 6; ++i) {

            circuit_inputs.push_back(fr_ct(&builder, fr::random_element()));

        }


        verify_commitment(builder, circuit_inputs);

        check_circuit_and_gate_count(builder, 0);

    }


    static void test_special_field_element()

    {

        Builder builder;


        std::vector<stdlib::field_t<Builder>> circuit_inputs = { witness_ct(&builder,

                                                                            fr(-1)), // p-1, the maximum field element

                                                                 witness_ct(&builder, fr(-2)), // p-2

                                                                 witness_ct(&builder, fr::random_element()) };


        verify_commitment(builder, circuit_inputs);

    }


    static void test_determinism()

    {

        Builder builder;

        std::vector<fr> inputs;

        std::vector<stdlib::field_t<Builder>> witness_inputs;


        for (size_t i = 0; i < 5; ++i) {

            inputs.push_back(fr::random_element());

            witness_inputs.push_back(witness_ct(&builder, inputs[i]));

        }


        // Commit twice with same inputs

        auto result1 = pedersen_commitment::commit(witness_inputs);

        auto result2 = pedersen_commitment::commit(witness_inputs);


        // Should produce identical results

        EXPECT_EQ(result1.x.get_value(), result2.x.get_value());

        EXPECT_EQ(result1.y.get_value(), result2.y.get_value());


        auto expected = crypto::pedersen_commitment::commit_native(inputs);

        EXPECT_EQ(result1.x.get_value(), expected.x);

        EXPECT_EQ(result1.y.get_value(), expected.y);


        bool check_result = CircuitChecker::check(builder);

        EXPECT_EQ(check_result, true);

    }


};


using CircuitTypes = testing::Types<bb::UltraCircuitBuilder, bb::MegaCircuitBuilder>;


TYPED_TEST_SUITE(StdlibPedersen, CircuitTypes);


TYPED_TEST(StdlibPedersen, Small)

{

    TestFixture::test_pedersen();

};


TYPED_TEST(StdlibPedersen, MixedWitnessesAndConstants)

{

    TestFixture::test_mixed_witnesses_and_constants();

};


TYPED_TEST(StdlibPedersen, EmptyInput)

{

    TestFixture::test_empty_input();

};


TYPED_TEST(StdlibPedersen, SingleInput)

{

    TestFixture::test_single_input();

};


TYPED_TEST(StdlibPedersen, TwoInputs)

{

    TestFixture::test_two_inputs();

};


TYPED_TEST(StdlibPedersen, ThreeInputs)

{

    TestFixture::test_three_inputs();

};


TYPED_TEST(StdlibPedersen, LargeInput)

{

    TestFixture::test_large_input();

};


TYPED_TEST(StdlibPedersen, ZeroValues)

{

    TestFixture::test_zero_values();

};


TYPED_TEST(StdlibPedersen, CustomGeneratorContext)

{

    TestFixture::test_custom_generator_context();

};


TYPED_TEST(StdlibPedersen, AllConstants)

{

    TestFixture::test_all_constants();

};


TYPED_TEST(StdlibPedersen, SpecialFieldElement)

{

    TestFixture::test_special_field_element();

};


TYPED_TEST(StdlibPedersen, Determinism)

{

    TestFixture::test_determinism();

};


circuit_checker.hpp

StdlibPedersen
Definition pedersen.test.cpp:17

StdlibPedersen::test_all_constants
static void test_all_constants()
Definition pedersen.test.cpp:217

StdlibPedersen::test_custom_generator_context
static void test_custom_generator_context()
Definition pedersen.test.cpp:202

StdlibPedersen::pedersen_commitment
typename stdlib::pedersen_commitment< Builder > pedersen_commitment
Definition pedersen.test.cpp:23

StdlibPedersen::test_two_inputs
static void test_two_inputs()
Definition pedersen.test.cpp:128

StdlibPedersen::test_zero_values
static void test_zero_values()
Definition pedersen.test.cpp:187

StdlibPedersen::verify_commitment
static void verify_commitment(Builder &builder, const std::vector< stdlib::field_t< Builder > > &inputs, crypto::GeneratorContext< curve::Grumpkin > context={})
Definition pedersen.test.cpp:26

StdlibPedersen::test_single_input
static void test_single_input()
Definition pedersen.test.cpp:112

StdlibPedersen::witness_ct
typename _curve::witness_ct witness_ct
Definition pedersen.test.cpp:21

StdlibPedersen::test_empty_input
static void test_empty_input()
Definition pedersen.test.cpp:96

StdlibPedersen::test_mixed_witnesses_and_constants
static void test_mixed_witnesses_and_constants()
Definition pedersen.test.cpp:72

StdlibPedersen::fr_ct
typename _curve::ScalarField fr_ct
Definition pedersen.test.cpp:20

StdlibPedersen::public_witness_ct
typename _curve::public_witness_ct public_witness_ct
Definition pedersen.test.cpp:22

StdlibPedersen::test_determinism
static void test_determinism()
Definition pedersen.test.cpp:242

StdlibPedersen::test_large_input
static void test_large_input()
Definition pedersen.test.cpp:168

StdlibPedersen::test_special_field_element
static void test_special_field_element()
Definition pedersen.test.cpp:230

StdlibPedersen::test_three_inputs
static void test_three_inputs()
Definition pedersen.test.cpp:146

StdlibPedersen::test_pedersen
static void test_pedersen()
Definition pedersen.test.cpp:44

bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::TranslatorCircuitChecker::check
static bool check(const Builder &circuit)
Check the witness satisifies the circuit.
Definition translator_circuit_checker.cpp:20

bb::crypto::pedersen_commitment_base::commit_native
static AffineElement commit_native(const std::vector< Fq > &inputs, GeneratorContext context={})
Given a vector of fields, generate a pedersen commitment using the indexed generators.
Definition pedersen.cpp:24

bb::stdlib::field_t
Definition field.hpp:45

bb::stdlib::field_t::get_value
bb::fr get_value() const
Given a := *this, compute its value given by a.v * a.mul + a.add.
Definition field.cpp:829

bb::stdlib::field_t::witness_index
uint32_t witness_index
Definition field.hpp:132

bb::stdlib::pedersen_commitment
In-circuit Pedersen commitment implementation.
Definition pedersen.hpp:19

builder
AluTraceBuilder builder
Definition alu.test.cpp:123

context
StrictMock< MockContext > context
Definition data_copy.test.cpp:58

c_bind.hpp

pedersen.hpp

grumpkin.hpp

engine.hpp

CircuitTypes
testing::Types< bb::UltraCircuitBuilder, bb::MegaCircuitBuilder > CircuitTypes
Definition graph_description_pedersen.test.cpp:205

engine
auto & engine
Definition graph_description_protogalaxy.test.cpp:15

bb::numeric::get_debug_randomness
RNG & get_debug_randomness(bool reset, std::uint_fast64_t seed)
Definition engine.cpp:190

bb::stdlib::test_utils::check_circuit_and_gate_count
void check_circuit_and_gate_count(Builder &builder, uint32_t expected_gates_without_base)
Utility function for gate count checking and circuit verification.
Definition test_utils.hpp:21

bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6

bb::TYPED_TEST_SUITE
TYPED_TEST_SUITE(ShpleminiTest, TestSettings)

bb::fr
field< Bn254FrParams > fr
Definition fr.hpp:174

bb::TYPED_TEST
TYPED_TEST(ShpleminiTest, CorrectnessOfMultivariateClaimBatching)
Definition shplemini.test.cpp:47

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

value
FF value
Definition public_data_tree.test.cpp:97

pedersen.hpp

bn254.hpp

test_utils.hpp

bb::crypto::GeneratorContext
Definition generator_data.hpp:133

bb::crypto::GeneratorContext::offset
size_t offset
Definition generator_data.hpp:134

bb::field< Bn254FrParams >

bb::field< Bn254FrParams >::one
static constexpr field one()
Definition field_declarations.hpp:242

bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:676

bb::field::data
uint64_t data[4]
Definition field_declarations.hpp:195

bb::field::from_montgomery_form
BB_INLINE constexpr field from_montgomery_form() const noexcept
Definition field_impl.hpp:301

bb::field< Bn254FrParams >::zero
static constexpr field zero()
Definition field_declarations.hpp:240

bb::stdlib::bn254
Definition bn254.hpp:15

bb::stdlib::bn254::ScalarField
field_t< CircuitBuilder > ScalarField
Definition bn254.hpp:33

bb::stdlib::bn254::public_witness_ct
public_witness_t< CircuitBuilder > public_witness_ct
Definition bn254.hpp:42

bb::stdlib::bn254::witness_ct
witness_t< CircuitBuilder > witness_ct
Definition bn254.hpp:41

test.hpp