From 33fe6c413d25ec161414a45dfde53f64d722a043 Mon Sep 17 00:00:00 2001 From: TomAFrench Date: Tue, 24 Sep 2024 12:04:17 +0000 Subject: [PATCH 1/4] feat: optimize constraints in sha256 --- noir_stdlib/src/hash/sha256.nr | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/noir_stdlib/src/hash/sha256.nr b/noir_stdlib/src/hash/sha256.nr index 7f255fe5586..5311059e784 100644 --- a/noir_stdlib/src/hash/sha256.nr +++ b/noir_stdlib/src/hash/sha256.nr @@ -186,11 +186,9 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { if !crate::runtime::is_unconstrained() { for i in 0..56 { - if i < msg_byte_ptr { - assert_eq(msg_block[i], last_block[i]); - } else { - assert_eq(msg_block[i], zero); - } + let predicate = (i < msg_byte_ptr) as u8; + let expected_byte = predicate * last_block[i]; + assert_eq(msg_block[i], expected_byte); } let len = 8 * message_size; From a1b2f46717b3dffeb2f804a91dcf7554705961a6 Mon Sep 17 00:00:00 2001 From: TomAFrench Date: Tue, 24 Sep 2024 12:19:31 +0000 Subject: [PATCH 2/4] feat: remove unnecessary byte decomposition --- noir_stdlib/src/hash/sha256.nr | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/noir_stdlib/src/hash/sha256.nr b/noir_stdlib/src/hash/sha256.nr index 5311059e784..2f848531478 100644 --- a/noir_stdlib/src/hash/sha256.nr +++ b/noir_stdlib/src/hash/sha256.nr @@ -191,11 +191,13 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { assert_eq(msg_block[i], expected_byte); } + // We verify the message length was inserted correctly by reversing the byte decomposition. let len = 8 * message_size; - let len_bytes: [u8; 8] = (len as Field).to_be_bytes(); - for i in 56..64 { - assert_eq(msg_block[i], len_bytes[i - 56]); + let mut reconstructed_len: Field = 0; + for i in 0..8 { + reconstructed_len += msg_block[63 - i] as Field * (1 << (i as u8)) as Field; } + assert_eq(reconstructed_len, len as Field); } hash_final_block(msg_block, h) From 9e66e9b84b7fd68966790c6d1b3cb78726f1bdf0 Mon Sep 17 00:00:00 2001 From: TomAFrench Date: Tue, 24 Sep 2024 18:42:14 +0000 Subject: [PATCH 3/4] fix: bits vs bytes --- noir_stdlib/src/hash/sha256.nr | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/noir_stdlib/src/hash/sha256.nr b/noir_stdlib/src/hash/sha256.nr index 2f848531478..51f093cd4da 100644 --- a/noir_stdlib/src/hash/sha256.nr +++ b/noir_stdlib/src/hash/sha256.nr @@ -195,7 +195,7 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { let len = 8 * message_size; let mut reconstructed_len: Field = 0; for i in 0..8 { - reconstructed_len += msg_block[63 - i] as Field * (1 << (i as u8)) as Field; + reconstructed_len = 256 * reconstructed_len + msg_block[56 + i] as Field; } assert_eq(reconstructed_len, len as Field); } @@ -254,4 +254,3 @@ fn hash_final_block(msg_block: [u8; 64], mut state: [u32; 8]) -> [u8; 32] { out_h } - From 16fbfd40b2deb27abc7c95242e2e8e96493c498f Mon Sep 17 00:00:00 2001 From: TomAFrench Date: Tue, 24 Sep 2024 18:42:44 +0000 Subject: [PATCH 4/4] . --- noir_stdlib/src/hash/sha256.nr | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/noir_stdlib/src/hash/sha256.nr b/noir_stdlib/src/hash/sha256.nr index 51f093cd4da..e03f2b586ed 100644 --- a/noir_stdlib/src/hash/sha256.nr +++ b/noir_stdlib/src/hash/sha256.nr @@ -194,8 +194,8 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { // We verify the message length was inserted correctly by reversing the byte decomposition. let len = 8 * message_size; let mut reconstructed_len: Field = 0; - for i in 0..8 { - reconstructed_len = 256 * reconstructed_len + msg_block[56 + i] as Field; + for i in 56..64 { + reconstructed_len = 256 * reconstructed_len + msg_block[i] as Field; } assert_eq(reconstructed_len, len as Field); }