Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
address_derivation.test.cpp
Go to the documentation of this file.
1#include <gmock/gmock.h>
2#include <gtest/gtest.h>
3
4#include "barretenberg/crypto/poseidon2/poseidon2.hpp"
5#include "barretenberg/crypto/poseidon2/poseidon2_params.hpp"
6#include "barretenberg/vm2/common/aztec_types.hpp"
7#include "barretenberg/vm2/constraining/flavor_settings.hpp"
8#include "barretenberg/vm2/constraining/testing/check_relation.hpp"
9#include "barretenberg/vm2/generated/columns.hpp"
10#include "barretenberg/vm2/generated/relations/address_derivation.hpp"
11#include "barretenberg/vm2/generated/relations/lookups_address_derivation.hpp"
12#include "barretenberg/vm2/simulation/events/address_derivation_event.hpp"
13#include "barretenberg/vm2/simulation/events/ecc_events.hpp"
14#include "barretenberg/vm2/simulation/events/event_emitter.hpp"
15#include "barretenberg/vm2/simulation/gadgets/address_derivation.hpp"
16#include "barretenberg/vm2/simulation/lib/contract_crypto.hpp"
17#include "barretenberg/vm2/simulation/standalone/pure_to_radix.hpp"
18#include "barretenberg/vm2/simulation/testing/mock_execution_id_manager.hpp"
19#include "barretenberg/vm2/simulation/testing/mock_gt.hpp"
20#include "barretenberg/vm2/testing/fixtures.hpp"
21#include "barretenberg/vm2/tracegen/address_derivation_trace.hpp"
22#include "barretenberg/vm2/tracegen/ecc_trace.hpp"
23#include "barretenberg/vm2/tracegen/poseidon2_trace.hpp"
24#include "barretenberg/vm2/tracegen/test_trace_container.hpp"
25
26namespace bb::avm2::constraining {
27namespace {
28
29using ::testing::Return;
30using ::testing::StrictMock;
31
32using tracegen::AddressDerivationTraceBuilder;
33using tracegen::EccTraceBuilder;
34using tracegen::Poseidon2TraceBuilder;
35using tracegen::TestTraceContainer;
36
37using simulation::AddressDerivation;
38using simulation::AddressDerivationEvent;
39using simulation::compute_contract_address;
40using simulation::Ecc;
41using simulation::EccAddEvent;
42using simulation::EccAddMemoryEvent;
43using simulation::EventEmitter;
44using simulation::hash_public_keys;
45using simulation::MockExecutionIdManager;
46using simulation::MockGreaterThan;
47using simulation::NoopEventEmitter;
48using simulation::Poseidon2;
49using simulation::Poseidon2HashEvent;
50using simulation::Poseidon2PermutationEvent;
51using simulation::Poseidon2PermutationMemoryEvent;
52using simulation::PureToRadix;
53using simulation::ScalarMulEvent;
54
55using FF = AvmFlavorSettings::FF;
56using C = Column;
57using address_derivation_relation = bb::avm2::address_derivation<FF>;
58using poseidon2_relation = bb::avm2::poseidon2_hash<FF>;
59using ecadd_relation = bb::avm2::ecc<FF>;
60using scalar_mul_relation = bb::avm2::scalar_mul<FF>;
61using poseidon2 = crypto::Poseidon2<crypto::Poseidon2Bn254ScalarFieldParams>;
62
63TEST(AddressDerivationConstrainingTest, EmptyRow)
64{
65 check_relation<address_derivation_relation>(testing::empty_trace());
66}
67
68TEST(AddressDerivationConstrainingTest, Basic)
69{
70 TestTraceContainer trace;
71 AddressDerivationTraceBuilder builder;
72
73 auto instance = testing::random_contract_instance();
74
75 FF salted_initialization_hash = poseidon2::hash({ DOM_SEP__SALTED_INITIALIZATION_HASH,
76 instance.salt,
77 instance.initialization_hash,
78 instance.deployer,
79 instance.immutables_hash });
80
81 FF partial_address =
82 poseidon2::hash({ DOM_SEP__PARTIAL_ADDRESS, instance.original_contract_class_id, salted_initialization_hash });
83
84 FF public_keys_hash = hash_public_keys(instance.public_keys);
85 FF preaddress = poseidon2::hash({ DOM_SEP__CONTRACT_ADDRESS_V2, public_keys_hash, partial_address });
86
87 EmbeddedCurvePoint g1 = EmbeddedCurvePoint::one();
88 EmbeddedCurvePoint preaddress_public_key = g1 * Fq(preaddress);
89 EmbeddedCurvePoint address_point = preaddress_public_key + instance.public_keys.incoming_viewing_key;
90
91 builder.process({ { .address = address_point.x(),
92 .instance = instance,
93 .salted_initialization_hash = salted_initialization_hash,
94 .partial_address = partial_address,
95 .public_keys_hash = public_keys_hash,
96 .preaddress = preaddress,
97 .preaddress_public_key = preaddress_public_key,
98 .address_point = address_point } },
99 trace);
100
101 EXPECT_EQ(trace.get_num_rows(), 1);
102 check_relation<address_derivation_relation>(trace);
103}
104
105TEST(AddressDerivationConstrainingTest, WithInteractions)
106{
107 EventEmitter<EccAddEvent> ecadd_event_emitter;
108 EventEmitter<ScalarMulEvent> scalar_mul_event_emitter;
109 NoopEventEmitter<EccAddMemoryEvent> ecc_add_memory_event_emitter;
110 EventEmitter<Poseidon2HashEvent> hash_event_emitter;
111 NoopEventEmitter<Poseidon2PermutationEvent> perm_event_emitter;
112 NoopEventEmitter<Poseidon2PermutationMemoryEvent> perm_mem_event_emitter;
113 EventEmitter<AddressDerivationEvent> address_derivation_event_emitter;
114
115 StrictMock<MockExecutionIdManager> mock_exec_id_manager;
116 EXPECT_CALL(mock_exec_id_manager, get_execution_id)
117 .WillRepeatedly(Return(0)); // Use a fixed execution ID for the test
118 StrictMock<MockGreaterThan> mock_gt;
119 Poseidon2 poseidon2_simulator(
120 mock_exec_id_manager, mock_gt, hash_event_emitter, perm_event_emitter, perm_mem_event_emitter);
121
122 PureToRadix to_radix_simulator;
123 Ecc ecc_simulator(mock_exec_id_manager,
124 mock_gt,
125 to_radix_simulator,
126 ecadd_event_emitter,
127 scalar_mul_event_emitter,
128 ecc_add_memory_event_emitter);
129
130 AddressDerivation address_derivation(poseidon2_simulator, ecc_simulator, address_derivation_event_emitter);
131
132 TestTraceContainer trace({
133 { { C::precomputed_first_row, 1 } },
134 });
135
136 AddressDerivationTraceBuilder builder;
137 Poseidon2TraceBuilder poseidon2_builder;
138 EccTraceBuilder ecc_builder;
139
140 ContractInstance instance = testing::random_contract_instance();
141 AztecAddress address = compute_contract_address(instance);
142 address_derivation.assert_derivation(address, instance);
143
144 builder.process(address_derivation_event_emitter.dump_events(), trace);
145 poseidon2_builder.process_hash(hash_event_emitter.dump_events(), trace);
146 ecc_builder.process_add(ecadd_event_emitter.dump_events(), trace);
147 ecc_builder.process_scalar_mul(scalar_mul_event_emitter.dump_events(), trace);
148
149 check_all_interactions<AddressDerivationTraceBuilder>(trace);
150 check_relation<address_derivation_relation>(trace);
151}
152
153TEST(AddressDerivationConstrainingTest, NegativeWithInteractions)
154{
155 EventEmitter<EccAddEvent> ecadd_event_emitter;
156 EventEmitter<ScalarMulEvent> scalar_mul_event_emitter;
157 NoopEventEmitter<EccAddMemoryEvent> ecc_add_memory_event_emitter;
158 EventEmitter<Poseidon2HashEvent> hash_event_emitter;
159 NoopEventEmitter<Poseidon2PermutationEvent> perm_event_emitter;
160 NoopEventEmitter<Poseidon2PermutationMemoryEvent> perm_mem_event_emitter;
161 EventEmitter<AddressDerivationEvent> address_derivation_event_emitter;
162
163 StrictMock<MockExecutionIdManager> mock_exec_id_manager;
164 EXPECT_CALL(mock_exec_id_manager, get_execution_id)
165 .WillRepeatedly(Return(0)); // Use a fixed execution ID for the test
166 StrictMock<MockGreaterThan> mock_gt;
167 Poseidon2 poseidon2_simulator(
168 mock_exec_id_manager, mock_gt, hash_event_emitter, perm_event_emitter, perm_mem_event_emitter);
169
170 PureToRadix to_radix_simulator;
171 Ecc ecc_simulator(mock_exec_id_manager,
172 mock_gt,
173 to_radix_simulator,
174 ecadd_event_emitter,
175 scalar_mul_event_emitter,
176 ecc_add_memory_event_emitter);
177
178 AddressDerivation address_derivation(poseidon2_simulator, ecc_simulator, address_derivation_event_emitter);
179
180 TestTraceContainer trace({
181 { { C::precomputed_first_row, 1 } },
182 });
183
184 AddressDerivationTraceBuilder builder;
185 Poseidon2TraceBuilder poseidon2_builder;
186 EccTraceBuilder ecc_builder;
187
188 ContractInstance instance = testing::random_contract_instance();
189 AztecAddress address = compute_contract_address(instance);
190 address_derivation.assert_derivation(address, instance);
191
192 builder.process(address_derivation_event_emitter.dump_events(), trace);
193 poseidon2_builder.process_hash(hash_event_emitter.dump_events(), trace);
194 ecc_builder.process_add(ecadd_event_emitter.dump_events(), trace);
195 ecc_builder.process_scalar_mul(scalar_mul_event_emitter.dump_events(), trace);
196
197 check_all_interactions<AddressDerivationTraceBuilder>(trace);
198 check_relation<address_derivation_relation>(trace);
199
200 // Mutate the final address to the wrong value.
201 trace.set(C::address_derivation_address, 0, 1);
202 EXPECT_THROW_WITH_MESSAGE(
203 (check_interaction<AddressDerivationTraceBuilder, lookup_address_derivation_address_ecadd_settings>(trace)),
204 "Failed.*ADDRESS_ECADD. Could not find tuple in destination.");
205
206 // Reset.
207 trace.set(C::address_derivation_address, 0, address);
208 // Mutate the preaddress to the wrong value.
209 trace.set(C::address_derivation_preaddress, 0, 1);
210 // Both the derivation via hash and scalar mul of preaddress * G1 will fail.
211 EXPECT_THROW_WITH_MESSAGE(
212 (check_interaction<AddressDerivationTraceBuilder, lookup_address_derivation_preaddress_poseidon2_settings>(
213 trace)),
214 "Failed.*PREADDRESS_POSEIDON2. Could not find tuple in destination.");
215 EXPECT_THROW_WITH_MESSAGE(
216 (check_interaction<AddressDerivationTraceBuilder, lookup_address_derivation_preaddress_scalar_mul_settings>(
217 trace)),
218 "Failed.*PREADDRESS_SCALAR_MUL. Could not find tuple in destination.");
219}
220
221TEST(AddressDerivationConstrainingTest, NegativeMutateImmutablesHash)
222{
223 EventEmitter<EccAddEvent> ecadd_event_emitter;
224 EventEmitter<ScalarMulEvent> scalar_mul_event_emitter;
225 NoopEventEmitter<EccAddMemoryEvent> ecc_add_memory_event_emitter;
226 EventEmitter<Poseidon2HashEvent> hash_event_emitter;
227 NoopEventEmitter<Poseidon2PermutationEvent> perm_event_emitter;
228 NoopEventEmitter<Poseidon2PermutationMemoryEvent> perm_mem_event_emitter;
229 EventEmitter<AddressDerivationEvent> address_derivation_event_emitter;
230
231 StrictMock<MockExecutionIdManager> mock_exec_id_manager;
232 EXPECT_CALL(mock_exec_id_manager, get_execution_id).WillRepeatedly(Return(0));
233 StrictMock<MockGreaterThan> mock_gt;
234 Poseidon2 poseidon2_simulator(
235 mock_exec_id_manager, mock_gt, hash_event_emitter, perm_event_emitter, perm_mem_event_emitter);
236
237 PureToRadix to_radix_simulator;
238 Ecc ecc_simulator(mock_exec_id_manager,
239 mock_gt,
240 to_radix_simulator,
241 ecadd_event_emitter,
242 scalar_mul_event_emitter,
243 ecc_add_memory_event_emitter);
244
245 AddressDerivation address_derivation(poseidon2_simulator, ecc_simulator, address_derivation_event_emitter);
246
247 TestTraceContainer trace({
248 { { C::precomputed_first_row, 1 } },
249 });
250
251 AddressDerivationTraceBuilder builder;
252 Poseidon2TraceBuilder poseidon2_builder;
253 EccTraceBuilder ecc_builder;
254
255 ContractInstance instance = testing::random_contract_instance();
256 AztecAddress address = compute_contract_address(instance);
257 address_derivation.assert_derivation(address, instance);
258
259 builder.process(address_derivation_event_emitter.dump_events(), trace);
260 poseidon2_builder.process_hash(hash_event_emitter.dump_events(), trace);
261 ecc_builder.process_add(ecadd_event_emitter.dump_events(), trace);
262 ecc_builder.process_scalar_mul(scalar_mul_event_emitter.dump_events(), trace);
263
264 check_all_interactions<AddressDerivationTraceBuilder>(trace);
265 check_relation<address_derivation_relation>(trace);
266
267 // Mutate immutables_hash (the second input of the second poseidon2 round). The salted-init-hash
268 // round-2 lookup into poseidon2 should now fail because (deployer, mutated_immutables_hash, 0,
269 // salted_init_hash) no longer exists in the poseidon2 trace.
270 trace.set(C::address_derivation_immutables_hash, 0, instance.immutables_hash + 1);
271 EXPECT_THROW_WITH_MESSAGE(
272 (check_interaction<AddressDerivationTraceBuilder,
273 lookup_address_derivation_salted_initialization_hash_poseidon2_1_settings>(trace)),
274 "Failed.*SALTED_INITIALIZATION_HASH_POSEIDON2_1. Could not find tuple in destination.");
275}
276
277TEST(AddressDerivationConstrainingTest, NegativeIVKNotOnCurve)
278{
279 TestTraceContainer trace;
280 AddressDerivationTraceBuilder builder;
281
282 auto instance = testing::random_contract_instance();
283
284 // Mutate ivk to a point not on the curve.
285 instance.public_keys.incoming_viewing_key = AffinePoint(1, 2);
286
287 FF salted_initialization_hash = poseidon2::hash(
288 { DOM_SEP__SALTED_INITIALIZATION_HASH, instance.salt, instance.initialization_hash, instance.deployer });
289
290 FF partial_address =
291 poseidon2::hash({ DOM_SEP__PARTIAL_ADDRESS, instance.original_contract_class_id, salted_initialization_hash });
292
293 FF public_keys_hash = hash_public_keys(instance.public_keys);
294 FF preaddress = poseidon2::hash({ DOM_SEP__CONTRACT_ADDRESS_V2, public_keys_hash, partial_address });
295
296 EmbeddedCurvePoint g1 = EmbeddedCurvePoint::one();
297 EmbeddedCurvePoint preaddress_public_key = g1 * Fq(preaddress);
298 EmbeddedCurvePoint address_point = preaddress_public_key + instance.public_keys.incoming_viewing_key;
299
300 builder.process({ { .address = address_point.x(),
301 .instance = instance,
302 .salted_initialization_hash = salted_initialization_hash,
303 .partial_address = partial_address,
304 .public_keys_hash = public_keys_hash,
305 .preaddress = preaddress,
306 .preaddress_public_key = preaddress_public_key,
307 .address_point = address_point } },
308 trace);
309
310 EXPECT_THROW_WITH_MESSAGE(
311 check_relation<address_derivation_relation>(trace, address_derivation_relation::SR_IVK_ON_CURVE_CHECK),
312 "IVK_ON_CURVE_CHECK");
313}
314
315} // namespace
316} // namespace bb::avm2::constraining
address_derivation_event.hpp
address_derivation_trace.hpp
EXPECT_THROW_WITH_MESSAGE
#define EXPECT_THROW_WITH_MESSAGE(code, expectedMessageRegex)
Definition assert.hpp:193
instance
std::shared_ptr< Napi::ThreadSafeFunction > instance
Definition avm_simulate_napi.cpp:128
DOM_SEP__SALTED_INITIALIZATION_HASH
#define DOM_SEP__SALTED_INITIALIZATION_HASH
Definition aztec_constants.hpp:270
DOM_SEP__CONTRACT_ADDRESS_V2
#define DOM_SEP__CONTRACT_ADDRESS_V2
Definition aztec_constants.hpp:274
DOM_SEP__PARTIAL_ADDRESS
#define DOM_SEP__PARTIAL_ADDRESS
Definition aztec_constants.hpp:273
aztec_types.hpp
mock_gt
StrictMock< MockGreaterThan > mock_gt
Definition bc_hashing.test.cpp:59
perm_mem_event_emitter
EventEmitter< Poseidon2PermutationMemoryEvent > perm_mem_event_emitter
Definition bc_hashing.test.cpp:57
perm_event_emitter
EventEmitter< Poseidon2PermutationEvent > perm_event_emitter
Definition bc_hashing.test.cpp:56
hash_event_emitter
EventEmitter< Poseidon2HashEvent > hash_event_emitter
Definition bc_hashing.test.cpp:55
poseidon2_builder
Poseidon2TraceBuilder poseidon2_builder
Definition bc_hashing.test.cpp:62
check_relation.hpp
bb::avm2::address_derivation
Definition address_derivation.hpp:33
bb::avm2::poseidon2_hash
Definition poseidon2_hash.hpp:34
bb::avm2::scalar_mul
Definition scalar_mul.hpp:34
bb::avm2::tracegen::AluTraceBuilder::process
void process(const simulation::EventEmitterInterface< simulation::AluEvent >::Container &events, TraceContainer &trace)
Process the ALU events and populate the ALU relevant columns in the trace.
Definition alu_trace.cpp:410
bb::avm2::tracegen::Poseidon2TraceBuilder::process_hash
void process_hash(const simulation::EventEmitterInterface< simulation::Poseidon2HashEvent >::Container &hash_events, TraceContainer &trace)
Processes the hash events for the Poseidon2 hash function. It populates the columns for the poseidon2...
Definition poseidon2_trace.cpp:105
bb::avm2::tracegen::TraceContainer::set
void set(Column col, uint32_t row, const FF &value)
Definition trace_container.cpp:39
bb::crypto::Poseidon2
Native Poseidon2 hash function implementation.
Definition poseidon2.hpp:22
bb::crypto::Poseidon2< crypto::Poseidon2Bn254ScalarFieldParams >::hash
static FF hash(const std::vector< FF > &input)
Hashes a vector of field elements.
bb::group
group class. Represents an elliptic curve group element. Group is parametrised by Fq and Fr
Definition group.hpp:38
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
trace
TestTraceContainer trace
Definition data_copy.test.cpp:63
contract_crypto.hpp
ecc_events.hpp
ecc_trace.hpp
event_emitter.hpp
flavor_settings.hpp
address_derivation.hpp
lookups_address_derivation.hpp
mock_execution_id_manager.hpp
mock_gt.hpp
bb::avm2::constraining::TEST
TEST(AvmFixedVKTests, FixedVKCommitments)
Test that the fixed VK commitments agree with the ones computed from precomputed columns.
Definition avm_fixed_vk.test.cpp:52
bb::avm2::simulation::hash_public_keys
FF hash_public_keys(const PublicKeys &public_keys)
Definition contract_crypto.cpp:79
bb::avm2::simulation::compute_contract_address
FF compute_contract_address(const ContractInstance &contract_instance)
Definition contract_crypto.cpp:94
bb::avm2::testing::random_contract_instance
ContractInstance random_contract_instance()
Definition fixtures.cpp:159
bb::avm2::testing::empty_trace
TestTraceContainer empty_trace()
Definition fixtures.cpp:153
bb::avm2::lookup_address_derivation_salted_initialization_hash_poseidon2_1_settings
lookup_settings< lookup_address_derivation_salted_initialization_hash_poseidon2_1_settings_ > lookup_address_derivation_salted_initialization_hash_poseidon2_1_settings
Definition lookups_address_derivation.hpp:71
bb::avm2::EmbeddedCurvePoint
StandardAffinePoint< AvmFlavorSettings::EmbeddedCurve::AffineElement > EmbeddedCurvePoint
Definition field.hpp:12
bb::avm2::Fq
AvmFlavorSettings::G1::Fq Fq
Definition field.hpp:11
bb::avm2::AffinePoint
grumpkin::g1::affine_element AffinePoint
Definition aztec_types.hpp:20
poseidon2_params.hpp
poseidon2_trace.hpp
pure_to_radix.hpp
address_derivation.hpp
test_trace_container.hpp