feat!: add opcode for sha256 compression function (AztecProtocol#4229)

The opcode will allow SHA256 implementation in Noir with support to
variable length input, while keeping BB native performance.

The PR includes usage of the function in stdlib, but does not include
implementation of the function. It should be added in a future PR for
ACVM, BB, Brillig and Noir (for constant folding).

barretenberg/cpp/src/barretenberg/dsl/acir_format/serde/acir.hpp

@@ -265,6 +265,16 @@ struct BlackBoxFuncCall {
         static Poseidon2Permutation bincodeDeserialize(std::vector<uint8_t>);
     };
 
+    struct Sha256Compression {
+        std::vector<Circuit::FunctionInput> inputs;
+        std::vector<Circuit::FunctionInput> hash_values;
+        std::vector<Circuit::Witness> outputs;
+
+        friend bool operator==(const Sha256Compression&, const Sha256Compression&);
+        std::vector<uint8_t> bincodeSerialize() const;
+        static Sha256Compression bincodeDeserialize(std::vector<uint8_t>);
+    };
+
     std::variant<AND,
                  XOR,
                  RANGE,
@@ -288,7 +298,8 @@ struct BlackBoxFuncCall {
                  BigIntDiv,
                  BigIntFromLeBytes,
                  BigIntToLeBytes,
-                 Poseidon2Permutation>
+                 Poseidon2Permutation,
+                 Sha256Compression>
         value;
 
     friend bool operator==(const BlackBoxFuncCall&, const BlackBoxFuncCall&);
@@ -685,6 +696,16 @@ struct BlackBoxOp {
         static Poseidon2Permutation bincodeDeserialize(std::vector<uint8_t>);
     };
 
+    struct Sha256Compression {
+        Circuit::HeapVector input;
+        Circuit::HeapVector hash_values;
+        Circuit::HeapArray output;
+
+        friend bool operator==(const Sha256Compression&, const Sha256Compression&);
+        std::vector<uint8_t> bincodeSerialize() const;
+        static Sha256Compression bincodeDeserialize(std::vector<uint8_t>);
+    };
+
     std::variant<Sha256,
                  Blake2s,
                  Blake3,
@@ -703,7 +724,8 @@ struct BlackBoxOp {
                  BigIntDiv,
                  BigIntFromLeBytes,
                  BigIntToLeBytes,
-                 Poseidon2Permutation>
+                 Poseidon2Permutation,
+                 Sha256Compression>
         value;
 
     friend bool operator==(const BlackBoxOp&, const BlackBoxOp&);
@@ -3350,6 +3372,64 @@ Circuit::BlackBoxFuncCall::Poseidon2Permutation serde::Deserializable<
 
 namespace Circuit {
 
+inline bool operator==(const BlackBoxFuncCall::Sha256Compression& lhs, const BlackBoxFuncCall::Sha256Compression& rhs)
+{
+    if (!(lhs.inputs == rhs.inputs)) {
+        return false;
+    }
+    if (!(lhs.hash_values == rhs.hash_values)) {
+        return false;
+    }
+    if (!(lhs.outputs == rhs.outputs)) {
+        return false;
+    }
+    return true;
+}
+
+inline std::vector<uint8_t> BlackBoxFuncCall::Sha256Compression::bincodeSerialize() const
+{
+    auto serializer = serde::BincodeSerializer();
+    serde::Serializable<BlackBoxFuncCall::Sha256Compression>::serialize(*this, serializer);
+    return std::move(serializer).bytes();
+}
+
+inline BlackBoxFuncCall::Sha256Compression BlackBoxFuncCall::Sha256Compression::bincodeDeserialize(
+    std::vector<uint8_t> input)
+{
+    auto deserializer = serde::BincodeDeserializer(input);
+    auto value = serde::Deserializable<BlackBoxFuncCall::Sha256Compression>::deserialize(deserializer);
+    if (deserializer.get_buffer_offset() < input.size()) {
+        throw_or_abort("Some input bytes were not read");
+    }
+    return value;
+}
+
+} // end of namespace Circuit
+
+template <>
+template <typename Serializer>
+void serde::Serializable<Circuit::BlackBoxFuncCall::Sha256Compression>::serialize(
+    const Circuit::BlackBoxFuncCall::Sha256Compression& obj, Serializer& serializer)
+{
+    serde::Serializable<decltype(obj.inputs)>::serialize(obj.inputs, serializer);
+    serde::Serializable<decltype(obj.hash_values)>::serialize(obj.hash_values, serializer);
+    serde::Serializable<decltype(obj.outputs)>::serialize(obj.outputs, serializer);
+}
+
+template <>
+template <typename Deserializer>
+Circuit::BlackBoxFuncCall::Sha256Compression serde::Deserializable<
+    Circuit::BlackBoxFuncCall::Sha256Compression>::deserialize(Deserializer& deserializer)
+{
+    Circuit::BlackBoxFuncCall::Sha256Compression obj;
+    obj.inputs = serde::Deserializable<decltype(obj.inputs)>::deserialize(deserializer);
+    obj.hash_values = serde::Deserializable<decltype(obj.hash_values)>::deserialize(deserializer);
+    obj.outputs = serde::Deserializable<decltype(obj.outputs)>::deserialize(deserializer);
+    return obj;
+}
+
+namespace Circuit {
+
 inline bool operator==(const BlackBoxOp& lhs, const BlackBoxOp& rhs)
 {
     if (!(lhs.value == rhs.value)) {
@@ -4490,6 +4570,63 @@ Circuit::BlackBoxOp::Poseidon2Permutation serde::Deserializable<Circuit::BlackBo
 
 namespace Circuit {
 
+inline bool operator==(const BlackBoxOp::Sha256Compression& lhs, const BlackBoxOp::Sha256Compression& rhs)
+{
+    if (!(lhs.input == rhs.input)) {
+        return false;
+    }
+    if (!(lhs.hash_values == rhs.hash_values)) {
+        return false;
+    }
+    if (!(lhs.output == rhs.output)) {
+        return false;
+    }
+    return true;
+}
+
+inline std::vector<uint8_t> BlackBoxOp::Sha256Compression::bincodeSerialize() const
+{
+    auto serializer = serde::BincodeSerializer();
+    serde::Serializable<BlackBoxOp::Sha256Compression>::serialize(*this, serializer);
+    return std::move(serializer).bytes();
+}
+
+inline BlackBoxOp::Sha256Compression BlackBoxOp::Sha256Compression::bincodeDeserialize(std::vector<uint8_t> input)
+{
+    auto deserializer = serde::BincodeDeserializer(input);
+    auto value = serde::Deserializable<BlackBoxOp::Sha256Compression>::deserialize(deserializer);
+    if (deserializer.get_buffer_offset() < input.size()) {
+        throw_or_abort("Some input bytes were not read");
+    }
+    return value;
+}
+
+} // end of namespace Circuit
+
+template <>
+template <typename Serializer>
+void serde::Serializable<Circuit::BlackBoxOp::Sha256Compression>::serialize(
+    const Circuit::BlackBoxOp::Sha256Compression& obj, Serializer& serializer)
+{
+    serde::Serializable<decltype(obj.input)>::serialize(obj.input, serializer);
+    serde::Serializable<decltype(obj.hash_values)>::serialize(obj.hash_values, serializer);
+    serde::Serializable<decltype(obj.output)>::serialize(obj.output, serializer);
+}
+
+template <>
+template <typename Deserializer>
+Circuit::BlackBoxOp::Sha256Compression serde::Deserializable<Circuit::BlackBoxOp::Sha256Compression>::deserialize(
+    Deserializer& deserializer)
+{
+    Circuit::BlackBoxOp::Sha256Compression obj;
+    obj.input = serde::Deserializable<decltype(obj.input)>::deserialize(deserializer);
+    obj.hash_values = serde::Deserializable<decltype(obj.hash_values)>::deserialize(deserializer);
+    obj.output = serde::Deserializable<decltype(obj.output)>::deserialize(deserializer);
+    return obj;
+}
+
+namespace Circuit {
+
 inline bool operator==(const BlockId& lhs, const BlockId& rhs)
 {
     if (!(lhs.value == rhs.value)) {

noir/acvm-repo/acir/codegen/acir.cpp

@@ -265,7 +265,17 @@ namespace Circuit {
             static Poseidon2Permutation bincodeDeserialize(std::vector<uint8_t>);
         };
 
-        std::variant<AND, XOR, RANGE, SHA256, Blake2s, Blake3, SchnorrVerify, PedersenCommitment, PedersenHash, EcdsaSecp256k1, EcdsaSecp256r1, FixedBaseScalarMul, EmbeddedCurveAdd, Keccak256, Keccak256VariableLength, Keccakf1600, RecursiveAggregation, BigIntAdd, BigIntNeg, BigIntMul, BigIntDiv, BigIntFromLeBytes, BigIntToLeBytes, Poseidon2Permutation> value;
+        struct Sha256Compression {
+            std::vector<Circuit::FunctionInput> inputs;
+            std::vector<Circuit::FunctionInput> hash_values;
+            std::vector<Circuit::Witness> outputs;
+
+            friend bool operator==(const Sha256Compression&, const Sha256Compression&);
+            std::vector<uint8_t> bincodeSerialize() const;
+            static Sha256Compression bincodeDeserialize(std::vector<uint8_t>);
+        };
+
+        std::variant<AND, XOR, RANGE, SHA256, Blake2s, Blake3, SchnorrVerify, PedersenCommitment, PedersenHash, EcdsaSecp256k1, EcdsaSecp256r1, FixedBaseScalarMul, EmbeddedCurveAdd, Keccak256, Keccak256VariableLength, Keccakf1600, RecursiveAggregation, BigIntAdd, BigIntNeg, BigIntMul, BigIntDiv, BigIntFromLeBytes, BigIntToLeBytes, Poseidon2Permutation, Sha256Compression> value;
 
         friend bool operator==(const BlackBoxFuncCall&, const BlackBoxFuncCall&);
         std::vector<uint8_t> bincodeSerialize() const;
@@ -661,7 +671,17 @@ namespace Circuit {
             static Poseidon2Permutation bincodeDeserialize(std::vector<uint8_t>);
         };
 
-        std::variant<Sha256, Blake2s, Blake3, Keccak256, Keccakf1600, EcdsaSecp256k1, EcdsaSecp256r1, SchnorrVerify, PedersenCommitment, PedersenHash, FixedBaseScalarMul, EmbeddedCurveAdd, BigIntAdd, BigIntNeg, BigIntMul, BigIntDiv, BigIntFromLeBytes, BigIntToLeBytes, Poseidon2Permutation> value;
+        struct Sha256Compression {
+            Circuit::HeapVector input;
+            Circuit::HeapVector hash_values;
+            Circuit::HeapArray output;
+
+            friend bool operator==(const Sha256Compression&, const Sha256Compression&);
+            std::vector<uint8_t> bincodeSerialize() const;
+            static Sha256Compression bincodeDeserialize(std::vector<uint8_t>);
+        };
+
+        std::variant<Sha256, Blake2s, Blake3, Keccak256, Keccakf1600, EcdsaSecp256k1, EcdsaSecp256r1, SchnorrVerify, PedersenCommitment, PedersenHash, FixedBaseScalarMul, EmbeddedCurveAdd, BigIntAdd, BigIntNeg, BigIntMul, BigIntDiv, BigIntFromLeBytes, BigIntToLeBytes, Poseidon2Permutation, Sha256Compression> value;
 
         friend bool operator==(const BlackBoxOp&, const BlackBoxOp&);
         std::vector<uint8_t> bincodeSerialize() const;
@@ -2848,6 +2868,50 @@ Circuit::BlackBoxFuncCall::Poseidon2Permutation serde::Deserializable<Circuit::B
     return obj;
 }
 
+namespace Circuit {
+
+    inline bool operator==(const BlackBoxFuncCall::Sha256Compression &lhs, const BlackBoxFuncCall::Sha256Compression &rhs) {
+        if (!(lhs.inputs == rhs.inputs)) { return false; }
+        if (!(lhs.hash_values == rhs.hash_values)) { return false; }
+        if (!(lhs.outputs == rhs.outputs)) { return false; }
+        return true;
+    }
+
+    inline std::vector<uint8_t> BlackBoxFuncCall::Sha256Compression::bincodeSerialize() const {
+        auto serializer = serde::BincodeSerializer();
+        serde::Serializable<BlackBoxFuncCall::Sha256Compression>::serialize(*this, serializer);
+        return std::move(serializer).bytes();
+    }
+
+    inline BlackBoxFuncCall::Sha256Compression BlackBoxFuncCall::Sha256Compression::bincodeDeserialize(std::vector<uint8_t> input) {
+        auto deserializer = serde::BincodeDeserializer(input);
+        auto value = serde::Deserializable<BlackBoxFuncCall::Sha256Compression>::deserialize(deserializer);
+        if (deserializer.get_buffer_offset() < input.size()) {
+            throw serde::deserialization_error("Some input bytes were not read");
+        }
+        return value;
+    }
+
+} // end of namespace Circuit
+
+template <>
+template <typename Serializer>
+void serde::Serializable<Circuit::BlackBoxFuncCall::Sha256Compression>::serialize(const Circuit::BlackBoxFuncCall::Sha256Compression &obj, Serializer &serializer) {
+    serde::Serializable<decltype(obj.inputs)>::serialize(obj.inputs, serializer);
+    serde::Serializable<decltype(obj.hash_values)>::serialize(obj.hash_values, serializer);
+    serde::Serializable<decltype(obj.outputs)>::serialize(obj.outputs, serializer);
+}
+
+template <>
+template <typename Deserializer>
+Circuit::BlackBoxFuncCall::Sha256Compression serde::Deserializable<Circuit::BlackBoxFuncCall::Sha256Compression>::deserialize(Deserializer &deserializer) {
+    Circuit::BlackBoxFuncCall::Sha256Compression obj;
+    obj.inputs = serde::Deserializable<decltype(obj.inputs)>::deserialize(deserializer);
+    obj.hash_values = serde::Deserializable<decltype(obj.hash_values)>::deserialize(deserializer);
+    obj.outputs = serde::Deserializable<decltype(obj.outputs)>::deserialize(deserializer);
+    return obj;
+}
+
 namespace Circuit {
 
     inline bool operator==(const BlackBoxOp &lhs, const BlackBoxOp &rhs) {
@@ -3732,6 +3796,50 @@ Circuit::BlackBoxOp::Poseidon2Permutation serde::Deserializable<Circuit::BlackBo
     return obj;
 }
 
+namespace Circuit {
+
+    inline bool operator==(const BlackBoxOp::Sha256Compression &lhs, const BlackBoxOp::Sha256Compression &rhs) {
+        if (!(lhs.input == rhs.input)) { return false; }
+        if (!(lhs.hash_values == rhs.hash_values)) { return false; }
+        if (!(lhs.output == rhs.output)) { return false; }
+        return true;
+    }
+
+    inline std::vector<uint8_t> BlackBoxOp::Sha256Compression::bincodeSerialize() const {
+        auto serializer = serde::BincodeSerializer();
+        serde::Serializable<BlackBoxOp::Sha256Compression>::serialize(*this, serializer);
+        return std::move(serializer).bytes();
+    }
+
+    inline BlackBoxOp::Sha256Compression BlackBoxOp::Sha256Compression::bincodeDeserialize(std::vector<uint8_t> input) {
+        auto deserializer = serde::BincodeDeserializer(input);
+        auto value = serde::Deserializable<BlackBoxOp::Sha256Compression>::deserialize(deserializer);
+        if (deserializer.get_buffer_offset() < input.size()) {
+            throw serde::deserialization_error("Some input bytes were not read");
+        }
+        return value;
+    }
+
+} // end of namespace Circuit
+
+template <>
+template <typename Serializer>
+void serde::Serializable<Circuit::BlackBoxOp::Sha256Compression>::serialize(const Circuit::BlackBoxOp::Sha256Compression &obj, Serializer &serializer) {
+    serde::Serializable<decltype(obj.input)>::serialize(obj.input, serializer);
+    serde::Serializable<decltype(obj.hash_values)>::serialize(obj.hash_values, serializer);
+    serde::Serializable<decltype(obj.output)>::serialize(obj.output, serializer);
+}
+
+template <>
+template <typename Deserializer>
+Circuit::BlackBoxOp::Sha256Compression serde::Deserializable<Circuit::BlackBoxOp::Sha256Compression>::deserialize(Deserializer &deserializer) {
+    Circuit::BlackBoxOp::Sha256Compression obj;
+    obj.input = serde::Deserializable<decltype(obj.input)>::deserialize(deserializer);
+    obj.hash_values = serde::Deserializable<decltype(obj.hash_values)>::deserialize(deserializer);
+    obj.output = serde::Deserializable<decltype(obj.output)>::deserialize(deserializer);
+    return obj;
+}
+
 namespace Circuit {
 
     inline bool operator==(const BlockId &lhs, const BlockId &rhs) {

noir/acvm-repo/acir/src/circuit/black_box_functions.rs

@@ -61,6 +61,8 @@ pub enum BlackBoxFunc {
     BigIntToLeBytes,
     /// Permutation function of Poseidon2
     Poseidon2Permutation,
+    /// SHA256 compression function
+    Sha256Compression,
 }
 
 impl std::fmt::Display for BlackBoxFunc {
@@ -95,6 +97,7 @@ impl BlackBoxFunc {
             BlackBoxFunc::BigIntFromLeBytes => "bigint_from_le_bytes",
             BlackBoxFunc::BigIntToLeBytes => "bigint_to_le_bytes",
             BlackBoxFunc::Poseidon2Permutation => "poseidon2_permutation",
+            BlackBoxFunc::Sha256Compression => "sha256_compression",
         }
     }
 
@@ -123,9 +126,11 @@ impl BlackBoxFunc {
             "bigint_from_le_bytes" => Some(BlackBoxFunc::BigIntFromLeBytes),
             "bigint_to_le_bytes" => Some(BlackBoxFunc::BigIntToLeBytes),
             "poseidon2_permutation" => Some(BlackBoxFunc::Poseidon2Permutation),
+            "sha256_compression" => Some(BlackBoxFunc::Sha256Compression),
             _ => None,
         }
     }
+
     pub fn is_valid_black_box_func_name(op_name: &str) -> bool {
         BlackBoxFunc::lookup(op_name).is_some()
     }