feat: add poseidon2 hashing to native transcript

barretenberg/cpp/src/CMakeLists.txt

@@ -107,6 +107,7 @@ set(BARRETENBERG_TARGET_OBJECTS
     $<TARGET_OBJECTS:crypto_keccak_objects>
     $<TARGET_OBJECTS:crypto_pedersen_commitment_objects>
     $<TARGET_OBJECTS:crypto_pedersen_hash_objects>
+    $<TARGET_OBJECTS:crypto_poseidon2_objects>
     $<TARGET_OBJECTS:crypto_schnorr_objects>
     $<TARGET_OBJECTS:crypto_sha256_objects>
     $<TARGET_OBJECTS:dsl_objects>
@@ -130,6 +131,7 @@ set(BARRETENBERG_TARGET_OBJECTS
     $<TARGET_OBJECTS:stdlib_merkle_tree_objects>
     $<TARGET_OBJECTS:stdlib_pedersen_commitment_objects>
     $<TARGET_OBJECTS:stdlib_pedersen_hash_objects>
+    $<TARGET_OBJECTS:stdlib_poseidon2_objects>
     $<TARGET_OBJECTS:stdlib_primitives_objects>
     $<TARGET_OBJECTS:stdlib_recursion_objects>
     $<TARGET_OBJECTS:stdlib_schnorr_objects>

barretenberg/cpp/src/barretenberg/barretenberg.hpp

@@ -15,6 +15,7 @@
 #include "crypto/keccak/keccak.hpp"
 #include "crypto/pedersen_commitment/pedersen.hpp"
 #include "crypto/pedersen_hash/pedersen.hpp"
+#include "crypto/poseidon2/poseidon2.hpp"
 #include "crypto/schnorr/schnorr.hpp"
 #include "crypto/sha256/sha256.hpp"
 #include "ecc/curves/bn254/fq.hpp"
@@ -41,6 +42,7 @@
 #include "stdlib/hash/blake2s/blake2s.hpp"
 #include "stdlib/hash/blake3s/blake3s.hpp"
 #include "stdlib/hash/pedersen/pedersen.hpp"
+#include "stdlib/hash/poseidon2/poseidon2.hpp"
 #include "stdlib/merkle_tree/hash.hpp"
 #include "stdlib/merkle_tree/membership.hpp"
 #include "stdlib/merkle_tree/memory_store.hpp"

barretenberg/cpp/src/barretenberg/crypto/poseidon2/poseidon2_permutation.hpp

@@ -40,9 +40,8 @@ template <typename Params> class Poseidon2Permutation {
     using MatrixDiagonal = std::array<FF, t>;
     using RoundConstantsContainer = std::array<RoundConstants, NUM_ROUNDS>;
 
-    static constexpr MatrixDiagonal internal_matrix_diagonal =
-        Poseidon2Bn254ScalarFieldParams::internal_matrix_diagonal;
-    static constexpr RoundConstantsContainer round_constants = Poseidon2Bn254ScalarFieldParams::round_constants;
+    static constexpr MatrixDiagonal internal_matrix_diagonal = Params::internal_matrix_diagonal;
+    static constexpr RoundConstantsContainer round_constants = Params::round_constants;
 
     static constexpr void matrix_multiplication_4x4(State& input)
     {

barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.cpp

@@ -105,7 +105,7 @@ void AcirComposer::create_goblin_circuit(acir_format::acir_format& constraint_sy
     GoblinMockCircuits::construct_goblin_ecc_op_circuit(goblin_builder_);
 }
 
-std::vector<uint8_t> AcirComposer::create_goblin_proof()
+std::vector<barretenberg::fr> AcirComposer::create_goblin_proof()
 {
     return goblin.construct_proof(goblin_builder_);
 }
@@ -160,7 +160,7 @@ bool AcirComposer::verify_proof(std::vector<uint8_t> const& proof, bool is_recur
     }
 }
 
-bool AcirComposer::verify_goblin_proof(std::vector<uint8_t> const& proof)
+bool AcirComposer::verify_goblin_proof(std::vector<barretenberg::fr> const& proof)
 {
     return goblin.verify_proof({ proof });
 }

barretenberg/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.hpp

@@ -41,8 +41,8 @@ class AcirComposer {
 
     // Goblin specific methods
     void create_goblin_circuit(acir_format::acir_format& constraint_system, acir_format::WitnessVector& witness);
-    std::vector<uint8_t> create_goblin_proof();
-    bool verify_goblin_proof(std::vector<uint8_t> const& proof);
+    std::vector<barretenberg::fr> create_goblin_proof();
+    bool verify_goblin_proof(std::vector<barretenberg::fr> const& proof);
 
   private:
     acir_format::Builder builder_;

barretenberg/cpp/src/barretenberg/dsl/acir_proofs/c_bind.cpp

@@ -100,7 +100,7 @@ WASM_EXPORT void acir_get_proving_key(in_ptr acir_composer_ptr, uint8_t const* a
 WASM_EXPORT void acir_verify_goblin_proof(in_ptr acir_composer_ptr, uint8_t const* proof_buf, bool* result)
 {
     auto acir_composer = reinterpret_cast<acir_proofs::AcirComposer*>(*acir_composer_ptr);
-    auto proof = from_buffer<std::vector<uint8_t>>(proof_buf);
+    auto proof = from_buffer<std::vector<barretenberg::fr>>(proof_buf);
     *result = acir_composer->verify_goblin_proof(proof);
 }
 

barretenberg/cpp/src/barretenberg/ecc/CMakeLists.txt

@@ -1,4 +1,4 @@
-barretenberg_module(ecc numeric crypto_keccak crypto_sha256)
+barretenberg_module(ecc numeric crypto_keccak crypto_sha256 ecc_fields)
 
 if(DISABLE_ADX)
     message(STATUS "Disabling ADX assembly variant.")
@@ -14,7 +14,10 @@ target_precompile_headers(
     $<$<COMPILE_LANGUAGE:CXX>:"${CMAKE_CURRENT_SOURCE_DIR}/fields/asm_macros.hpp">
     $<$<COMPILE_LANGUAGE:CXX>:"${CMAKE_CURRENT_SOURCE_DIR}/fields/field_declarations.hpp">
     $<$<COMPILE_LANGUAGE:CXX>:"${CMAKE_CURRENT_SOURCE_DIR}/fields/field_impl.hpp">
+    $<$<COMPILE_LANGUAGE:CXX>:"${CMAKE_CURRENT_SOURCE_DIR}/fields/field_conversion_utils.hpp">
     $<$<COMPILE_LANGUAGE:CXX>:"${CMAKE_CURRENT_SOURCE_DIR}/fields/field_impl_generic.hpp">
     $<$<COMPILE_LANGUAGE:CXX>:"${CMAKE_CURRENT_SOURCE_DIR}/fields/field_impl_x64.hpp">
     $<$<COMPILE_LANGUAGE:CXX>:"${CMAKE_CURRENT_SOURCE_DIR}/fields/field.hpp">
 )
+
+add_subdirectory(fields)

barretenberg/cpp/src/barretenberg/ecc/fields/CMakeLists.txt

@@ -0,0 +1 @@
+barretenberg_module(ecc_fields)

barretenberg/cpp/src/barretenberg/ecc/fields/field_conversion_utils.cpp

@@ -0,0 +1,69 @@
+
+#include "barretenberg/ecc/fields/field_conversion_utils.hpp"
+
+namespace barretenberg::field_conversion_utils {
+
+static constexpr uint64_t NUM_CONVERSION_LIMB_BITS = 64;
+
+/**
+ * @brief Decomposes a barretenberg::fr into two 64-bit limbs. Helper function for
+ * convert_barretenberg_frs_to_grumpkin_fr.
+ *
+ * @param field_val
+ * @return std::array<uint64_t, 2>
+ */
+std::array<uint64_t, 2> decompose_bn254_fr_to_two_limbs(const barretenberg::fr& field_val)
+{
+    ASSERT(uint256_t(field_val) < (uint256_t(1) << (2 * NUM_CONVERSION_LIMB_BITS))); // should be 128 bits or less
+    constexpr uint256_t LIMB_MASK =
+        (uint256_t(1) << NUM_CONVERSION_LIMB_BITS) - 1; // split bn254_fr into two 64 bit limbs
+    const uint256_t value = field_val;
+    const uint64_t low = static_cast<uint64_t>(value & LIMB_MASK);
+    const uint64_t hi = static_cast<uint64_t>(value >> NUM_CONVERSION_LIMB_BITS);
+    ASSERT(static_cast<uint256_t>(low) + (static_cast<uint256_t>(hi) << NUM_CONVERSION_LIMB_BITS) == value);
+
+    return std::array<uint64_t, 2>{ low, hi };
+}
+
+/**
+ * @brief Converts 2 barretenberg::fr elements to grumpkin::fr
+ * @details Checks that each barretenberg::fr must be at most 128 bits (to ensure no overflow), and decomposes each
+ * barretenberg::fr into two 64-bit limbs, and the 4 64-bit limbs form the grumpkin::fr
+ * @param low_bits_in
+ * @param high_bits_in
+ * @return grumpkin::fr
+ */
+grumpkin::fr convert_barretenberg_frs_to_grumpkin_fr(const barretenberg::fr& low_bits_in,
+                                                     const barretenberg::fr& high_bits_in)
+{
+    // TODO: figure out can_overflow, maximum_bitlength in stdlib version
+    ASSERT(uint256_t(low_bits_in) < (uint256_t(1) << (NUM_CONVERSION_LIMB_BITS * 2)));
+    ASSERT(uint256_t(high_bits_in) < (uint256_t(1) << (NUM_CONVERSION_LIMB_BITS * 2)));
+    auto low_bit_decomp = decompose_bn254_fr_to_two_limbs(low_bits_in);
+    uint256_t tmp;
+    tmp.data[0] = low_bit_decomp[0];
+    tmp.data[1] = low_bit_decomp[1];
+    auto high_bit_decomp = decompose_bn254_fr_to_two_limbs(high_bits_in);
+    tmp.data[2] = high_bit_decomp[0];
+    tmp.data[3] = high_bit_decomp[1];
+    grumpkin::fr result(tmp);
+    return result;
+}
+
+/**
+ * @brief Converts grumpkin::fr to 2 barretenberg::fr elements
+ * @details Does the reverse of convert_barretenberg_frs_to_grumpkin_fr, by merging the two pairs of limbs back into the
+ * 2 barretenberg::fr elements.
+ * @param input
+ * @return std::array<barretenberg::fr, 2>
+ */
+std::array<barretenberg::fr, 2> convert_grumpkin_fr_to_barretenberg_frs(const grumpkin::fr& input)
+{
+    auto tmp = static_cast<uint256_t>(input);
+    std::array<barretenberg::fr, 2> result;
+    result[0] = static_cast<uint256_t>(tmp.data[0]) + (static_cast<uint256_t>(tmp.data[1]) << NUM_CONVERSION_LIMB_BITS);
+    result[1] = static_cast<uint256_t>(tmp.data[2]) + (static_cast<uint256_t>(tmp.data[3]) << NUM_CONVERSION_LIMB_BITS);
+    return result;
+}
+
+} // namespace barretenberg::field_conversion_utils