Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
Classes | Enumerations | Functions
invert_differential.fuzzer.cpp File Reference

Differential fuzzer for Bernstein-Yang modular inverse vs Fermat (modexp). More...

#include "barretenberg/ecc/curves/bn254/fq.hpp"
#include "barretenberg/ecc/curves/bn254/fr.hpp"
#include "barretenberg/ecc/fields/bernstein_yang_inverse.hpp"
#include "barretenberg/ecc/fields/field.fuzzer.hpp"
#include <cassert>
#include <cstddef>
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <vector>

Go to the source code of this file.

Classes

struct  VMPhaseHeader
 Header structure for each VM execution phase. More...
 

Enumerations

enum class  FieldType : uint8_t {
  BN254_FQ = 0 , BN254_FR = 1 , BN254_FQ = 0 , BN254_FR = 1 ,
  SECP256K1_FQ = 2 , SECP256K1_FR = 3 , SECP256R1_FQ = 4 , SECP256R1_FR = 5
}
 

Functions

int LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
 

Detailed Description

Differential fuzzer for Bernstein-Yang modular inverse vs Fermat (modexp).

Reuses the FieldVM driver from multi_field.fuzzer.cpp to generate diverse field elements via sequences of arithmetic operations. After each VM phase it takes the last element produced (the highest-indexed non-zero slot in the VM's internal state, with a fallback to slot 0) and computes its inverse three different ways:

  • A: pow(modulus_minus_two) — Fermat's little theorem (modexp).
  • B: invert_vartime<Native5x64> — safegcd, 5×64-bit limb kernel (selected on native targets, BATCH=62).
  • C: invert_vartime<Wasm9x29> — safegcd, 9×29-bit limb kernel (selected on WASM targets, BATCH=58).

All three are compared in canonical (non-Montgomery) form. Any discrepancy triggers an abort with full diagnostic output (field type, input, all three outputs, plus Montgomery checks a * X ?= 1 for each). Cross-checking the WASM kernel here gives it libFuzzer coverage even though libFuzzer itself doesn't run under WASM — both kernels are plain C++ classes.

Only 254-bit primes are tested (BN254 Fr/Fq, Grumpkin shares the BN254 curves), since the 5-limb signed BY state requires p < 2^255 and the production field::invert() dispatch also gates on this. 256-bit primes (secp256k1/r1) don't use BY and are skipped.

Definition in file invert_differential.fuzzer.cpp.

Enumeration Type Documentation

◆ FieldType

enum class FieldType : uint8_t
strong
Enumerator
BN254_FQ 
BN254_FR 
BN254_FQ 

BN254 curve base field.

BN254_FR 

BN254 curve scalar field.

SECP256K1_FQ 

Secp256k1 curve base field.

SECP256K1_FR 

Secp256k1 curve scalar field.

SECP256R1_FQ 

Secp256r1 curve base field.

SECP256R1_FR 

Secp256r1 curve scalar field.

Definition at line 47 of file invert_differential.fuzzer.cpp.

Function Documentation

◆ LLVMFuzzerTestOneInput()

int LLVMFuzzerTestOneInput ( const unsigned char *  data,
size_t  size 
)

Definition at line 201 of file invert_differential.fuzzer.cpp.