fix(breaking change): change embedded curve scalar mul to use two lim…

…bs to properly encode the scalar field (#2105) Please provide a paragraph or two giving a summary of the change, including relevant motivation and context. # Checklist: Remove the checklist to signal you've completed it. Enable auto-merge if the PR is ready to merge. - [ ] If the pull request requires a cryptography review (e.g. cryptographic algorithm implementations) I have added the 'crypto' tag. - [ ] I have reviewed my diff in github, line by line and removed unexpected formatting changes, testing logs, or commented-out code. - [ ] Every change is related to the PR description. - [ ] I have [linked](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue) this pull request to relevant issues (if any exist).
AztecProtocol · Sep 7, 2023 · 2281507 · 2281507
1 parent 827b813
commit 2281507
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 13 deletions.
diff --git a/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp b/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp
@@ -158,7 +158,8 @@ void handle_blackbox_func_call(Circuit::Opcode::BlackBoxFuncCall const& arg, aci
                 });
             } else if constexpr (std::is_same_v<T, Circuit::BlackBoxFuncCall::FixedBaseScalarMul>) {
                 af.fixed_base_scalar_mul_constraints.push_back(FixedBaseScalarMul{
-                    .scalar = arg.input.witness.value,
+                    .low = arg.low.witness.value,
+                    .high = arg.high.witness.value,
                     .pub_key_x = arg.outputs[0].value,
                     .pub_key_y = arg.outputs[1].value,
                 });

diff --git a/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.cpp b/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.cpp
@@ -5,8 +5,10 @@ namespace acir_format {
 void create_fixed_base_constraint(Builder& builder, const FixedBaseScalarMul& input)
 {
 
-    field_ct scalar_as_field = field_ct::from_witness_index(&builder, input.scalar);
-    auto public_key = group_ct::fixed_base_scalar_mul_g1<254>(scalar_as_field);
+    field_ct low_as_field = field_ct::from_witness_index(&builder, input.low);
+    field_ct high_as_field = field_ct::from_witness_index(&builder, input.high);
+    (void)high_as_field;
+    auto public_key = group_ct::fixed_base_scalar_mul_g1<254>(low_as_field);
 
     builder.assert_equal(public_key.x.witness_index, input.pub_key_x);
     builder.assert_equal(public_key.y.witness_index, input.pub_key_y);

diff --git a/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.hpp b/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.hpp
@@ -6,12 +6,13 @@
 namespace acir_format {
 
 struct FixedBaseScalarMul {
-    uint32_t scalar;
+    uint32_t low;
+    uint32_t high;
     uint32_t pub_key_x;
     uint32_t pub_key_y;
 
     // for serialization, update with any new fields
-    MSGPACK_FIELDS(scalar, pub_key_x, pub_key_y);
+    MSGPACK_FIELDS(low, high, pub_key_x, pub_key_y);
     friend bool operator==(FixedBaseScalarMul const& lhs, FixedBaseScalarMul const& rhs) = default;
 };
 

diff --git a/cpp/src/barretenberg/dsl/acir_format/serde/acir.hpp b/cpp/src/barretenberg/dsl/acir_format/serde/acir.hpp
@@ -126,7 +126,8 @@ struct BlackBoxFuncCall {
     };
 
     struct FixedBaseScalarMul {
-        Circuit::FunctionInput input;
+        Circuit::FunctionInput low;
+        Circuit::FunctionInput high;
         std::array<Circuit::Witness, 2> outputs;
 
         friend bool operator==(const FixedBaseScalarMul&, const FixedBaseScalarMul&);
@@ -467,7 +468,8 @@ struct BlackBoxOp {
     };
 
     struct FixedBaseScalarMul {
-        Circuit::RegisterIndex input;
+        Circuit::RegisterIndex low;
+        Circuit::RegisterIndex high;
         Circuit::HeapArray result;
 
         friend bool operator==(const FixedBaseScalarMul&, const FixedBaseScalarMul&);
@@ -2379,7 +2381,10 @@ namespace Circuit {
 
 inline bool operator==(const BlackBoxFuncCall::FixedBaseScalarMul& lhs, const BlackBoxFuncCall::FixedBaseScalarMul& rhs)
 {
-    if (!(lhs.input == rhs.input)) {
+    if (!(lhs.low == rhs.low)) {
+        return false;
+    }
+    if (!(lhs.high == rhs.high)) {
         return false;
     }
     if (!(lhs.outputs == rhs.outputs)) {
@@ -2413,7 +2418,8 @@ template <typename Serializer>
 void serde::Serializable<Circuit::BlackBoxFuncCall::FixedBaseScalarMul>::serialize(
     const Circuit::BlackBoxFuncCall::FixedBaseScalarMul& obj, Serializer& serializer)
 {
-    serde::Serializable<decltype(obj.input)>::serialize(obj.input, serializer);
+    serde::Serializable<decltype(obj.low)>::serialize(obj.low, serializer);
+    serde::Serializable<decltype(obj.high)>::serialize(obj.high, serializer);
     serde::Serializable<decltype(obj.outputs)>::serialize(obj.outputs, serializer);
 }
 
@@ -2423,7 +2429,8 @@ Circuit::BlackBoxFuncCall::FixedBaseScalarMul serde::Deserializable<
     Circuit::BlackBoxFuncCall::FixedBaseScalarMul>::deserialize(Deserializer& deserializer)
 {
     Circuit::BlackBoxFuncCall::FixedBaseScalarMul obj;
-    obj.input = serde::Deserializable<decltype(obj.input)>::deserialize(deserializer);
+    obj.low = serde::Deserializable<decltype(obj.low)>::deserialize(deserializer);
+    obj.high = serde::Deserializable<decltype(obj.high)>::deserialize(deserializer);
     obj.outputs = serde::Deserializable<decltype(obj.outputs)>::deserialize(deserializer);
     return obj;
 }
@@ -3134,7 +3141,10 @@ namespace Circuit {
 
 inline bool operator==(const BlackBoxOp::FixedBaseScalarMul& lhs, const BlackBoxOp::FixedBaseScalarMul& rhs)
 {
-    if (!(lhs.input == rhs.input)) {
+    if (!(lhs.low == rhs.low)) {
+        return false;
+    }
+    if (!(lhs.high == rhs.high)) {
         return false;
     }
     if (!(lhs.result == rhs.result)) {
@@ -3167,7 +3177,8 @@ template <typename Serializer>
 void serde::Serializable<Circuit::BlackBoxOp::FixedBaseScalarMul>::serialize(
     const Circuit::BlackBoxOp::FixedBaseScalarMul& obj, Serializer& serializer)
 {
-    serde::Serializable<decltype(obj.input)>::serialize(obj.input, serializer);
+    serde::Serializable<decltype(obj.low)>::serialize(obj.low, serializer);
+    serde::Serializable<decltype(obj.high)>::serialize(obj.high, serializer);
     serde::Serializable<decltype(obj.result)>::serialize(obj.result, serializer);
 }
 
@@ -3177,7 +3188,8 @@ Circuit::BlackBoxOp::FixedBaseScalarMul serde::Deserializable<Circuit::BlackBoxO
     Deserializer& deserializer)
 {
     Circuit::BlackBoxOp::FixedBaseScalarMul obj;
-    obj.input = serde::Deserializable<decltype(obj.input)>::deserialize(deserializer);
+    obj.low = serde::Deserializable<decltype(obj.low)>::deserialize(deserializer);
+    obj.high = serde::Deserializable<decltype(obj.high)>::deserialize(deserializer);
     obj.result = serde::Deserializable<decltype(obj.result)>::deserialize(deserializer);
     return obj;
 }