feat: multi_scalar_mul blackbox func (#6097)

Fixes noir-lang/noir#4928 Fixes noir-lang/noir#4932 **Note**: Noticed that we have [lookup table](https://github.com/AztecProtocol/aztec-packages/blob/46749ac9f32d4720efb380fb3a0e10a8ab1c345d/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/plookup_tables/fixed_base/fixed_base.hpp#L15) for fixed base in BB. Not sure if it's still needed after nuking the fixed based scalar mul.
AztecProtocol · May 7, 2024 · f6b1ba6 · f6b1ba6
1 parent 475c743
commit f6b1ba6
Show file tree

Hide file tree

Showing 68 changed files with 627 additions and 1,256 deletions.
diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp
@@ -84,14 +84,10 @@ void build_constraints(Builder& builder, AcirFormat const& constraint_system, bo
     for (const auto& constraint : constraint_system.poseidon2_constraints) {
         create_poseidon2_permutations(builder, constraint);
     }
-    // Add fixed base scalar mul constraints
-    for (const auto& constraint : constraint_system.fixed_base_scalar_mul_constraints) {
-        create_fixed_base_constraint(builder, constraint);
-    }
 
-    // Add variable base scalar mul constraints
-    for (const auto& constraint : constraint_system.variable_base_scalar_mul_constraints) {
-        create_variable_base_constraint(builder, constraint);
+    // Add multi scalar mul constraints
+    for (const auto& constraint : constraint_system.multi_scalar_mul_constraints) {
+        create_multi_scalar_mul_constraint(builder, constraint);
     }
 
     // Add ec add constraints

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp
@@ -8,16 +8,15 @@
 #include "ec_operations.hpp"
 #include "ecdsa_secp256k1.hpp"
 #include "ecdsa_secp256r1.hpp"
-#include "fixed_base_scalar_mul.hpp"
 #include "keccak_constraint.hpp"
 #include "logic_constraint.hpp"
+#include "multi_scalar_mul.hpp"
 #include "pedersen.hpp"
 #include "poseidon2_constraint.hpp"
 #include "range_constraint.hpp"
 #include "recursion_constraint.hpp"
 #include "schnorr_verify.hpp"
 #include "sha256_constraint.hpp"
-#include "variable_base_scalar_mul.hpp"
 #include <utility>
 
 namespace acir_format {
@@ -48,8 +47,7 @@ struct AcirFormat {
     std::vector<PedersenConstraint> pedersen_constraints;
     std::vector<PedersenHashConstraint> pedersen_hash_constraints;
     std::vector<Poseidon2Constraint> poseidon2_constraints;
-    std::vector<FixedBaseScalarMul> fixed_base_scalar_mul_constraints;
-    std::vector<VariableBaseScalarMul> variable_base_scalar_mul_constraints;
+    std::vector<MultiScalarMul> multi_scalar_mul_constraints;
     std::vector<EcAdd> ec_add_constraints;
     std::vector<RecursionConstraint> recursion_constraints;
     std::vector<BigIntFromLeBytes> bigint_from_le_bytes_constraints;
@@ -83,8 +81,7 @@ struct AcirFormat {
                    pedersen_constraints,
                    pedersen_hash_constraints,
                    poseidon2_constraints,
-                   fixed_base_scalar_mul_constraints,
-                   variable_base_scalar_mul_constraints,
+                   multi_scalar_mul_constraints,
                    ec_add_constraints,
                    recursion_constraints,
                    poly_triple_constraints,

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp
@@ -47,8 +47,7 @@ TEST_F(AcirFormatTests, TestASingleConstraintNoPubInputs)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},
@@ -164,8 +163,7 @@ TEST_F(AcirFormatTests, TestLogicGateFromNoirCircuit)
                                   .pedersen_constraints = {},
                                   .pedersen_hash_constraints = {},
                                   .poseidon2_constraints = {},
-                                  .fixed_base_scalar_mul_constraints = {},
-                                  .variable_base_scalar_mul_constraints = {},
+                                  .multi_scalar_mul_constraints = {},
                                   .ec_add_constraints = {},
                                   .recursion_constraints = {},
                                   .bigint_from_le_bytes_constraints = {},
@@ -233,8 +231,7 @@ TEST_F(AcirFormatTests, TestSchnorrVerifyPass)
                                   .pedersen_constraints = {},
                                   .pedersen_hash_constraints = {},
                                   .poseidon2_constraints = {},
-                                  .fixed_base_scalar_mul_constraints = {},
-                                  .variable_base_scalar_mul_constraints = {},
+                                  .multi_scalar_mul_constraints = {},
                                   .ec_add_constraints = {},
                                   .recursion_constraints = {},
                                   .bigint_from_le_bytes_constraints = {},
@@ -329,8 +326,7 @@ TEST_F(AcirFormatTests, TestSchnorrVerifySmallRange)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},
@@ -444,8 +440,7 @@ TEST_F(AcirFormatTests, TestVarKeccak)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},
@@ -492,8 +487,7 @@ TEST_F(AcirFormatTests, TestKeccakPermutation)
                                   .pedersen_constraints = {},
                                   .pedersen_hash_constraints = {},
                                   .poseidon2_constraints = {},
-                                  .fixed_base_scalar_mul_constraints = {},
-                                  .variable_base_scalar_mul_constraints = {},
+                                  .multi_scalar_mul_constraints = {},
                                   .ec_add_constraints = {},
                                   .recursion_constraints = {},
                                   .bigint_from_le_bytes_constraints = {},

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp
@@ -310,19 +310,10 @@ void handle_blackbox_func_call(Program::Opcode::BlackBoxFuncCall const& arg, Aci
                     .result = arg.output.value,
                     .signature = map(arg.signature, [](auto& e) { return e.witness.value; }),
                 });
-            } else if constexpr (std::is_same_v<T, Program::BlackBoxFuncCall::FixedBaseScalarMul>) {
-                af.fixed_base_scalar_mul_constraints.push_back(FixedBaseScalarMul{
-                    .low = arg.low.witness.value,
-                    .high = arg.high.witness.value,
-                    .pub_key_x = arg.outputs[0].value,
-                    .pub_key_y = arg.outputs[1].value,
-                });
-            } else if constexpr (std::is_same_v<T, Program::BlackBoxFuncCall::VariableBaseScalarMul>) {
-                af.variable_base_scalar_mul_constraints.push_back(VariableBaseScalarMul{
-                    .point_x = arg.point_x.witness.value,
-                    .point_y = arg.point_y.witness.value,
-                    .scalar_low = arg.scalar_low.witness.value,
-                    .scalar_high = arg.scalar_high.witness.value,
+            } else if constexpr (std::is_same_v<T, Program::BlackBoxFuncCall::MultiScalarMul>) {
+                af.multi_scalar_mul_constraints.push_back(MultiScalarMul{
+                    .points = map(arg.points, [](auto& e) { return e.witness.value; }),
+                    .scalars = map(arg.scalars, [](auto& e) { return e.witness.value; }),
                     .out_point_x = arg.outputs[0].value,
                     .out_point_y = arg.outputs[1].value,
                 });

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/bigint_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/bigint_constraint.test.cpp
@@ -184,8 +184,7 @@ TEST_F(BigIntTests, TestBigIntConstraintMultiple)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},
@@ -253,8 +252,7 @@ TEST_F(BigIntTests, TestBigIntConstraintSimple)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = { from_le_bytes_constraint_bigint1 },
@@ -307,8 +305,7 @@ TEST_F(BigIntTests, TestBigIntConstraintReuse)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},
@@ -365,8 +362,7 @@ TEST_F(BigIntTests, TestBigIntConstraintReuse2)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},
@@ -444,8 +440,7 @@ TEST_F(BigIntTests, TestBigIntDIV)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = { from_le_bytes_constraint_bigint1, from_le_bytes_constraint_bigint2 },

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp
@@ -126,8 +126,7 @@ TEST_F(UltraPlonkRAM, TestBlockConstraint)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.test.cpp
@@ -66,8 +66,7 @@ TEST_F(EcOperations, TestECOperations)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = { ec_add_constraint },
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp
@@ -106,8 +106,7 @@ TEST_F(ECDSASecp256k1, TestECDSAConstraintSucceed)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},
@@ -156,8 +155,7 @@ TEST_F(ECDSASecp256k1, TestECDSACompilesForVerifier)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},
@@ -201,8 +199,7 @@ TEST_F(ECDSASecp256k1, TestECDSAConstraintFail)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.test.cpp
@@ -140,8 +140,7 @@ TEST(ECDSASecp256r1, test_hardcoded)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},
@@ -192,8 +191,7 @@ TEST(ECDSASecp256r1, TestECDSAConstraintSucceed)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},
@@ -242,8 +240,7 @@ TEST(ECDSASecp256r1, TestECDSACompilesForVerifier)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},
@@ -287,8 +284,7 @@ TEST(ECDSASecp256r1, TestECDSAConstraintFail)
         .pedersen_constraints = {},
         .pedersen_hash_constraints = {},
         .poseidon2_constraints = {},
-        .fixed_base_scalar_mul_constraints = {},
-        .variable_base_scalar_mul_constraints = {},
+        .multi_scalar_mul_constraints = {},
         .ec_add_constraints = {},
         .recursion_constraints = {},
         .bigint_from_le_bytes_constraints = {},

diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.cpp
diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.hpp
diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/multi_scalar_mul.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/multi_scalar_mul.cpp
@@ -0,0 +1,48 @@
+#include "multi_scalar_mul.hpp"
+#include "barretenberg/dsl/types.hpp"
+#include "barretenberg/ecc/curves/bn254/fr.hpp"
+#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"
+#include "barretenberg/plonk_honk_shared/arithmetization/gate_data.hpp"
+#include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp"
+
+namespace acir_format {
+
+template <typename Builder> void create_multi_scalar_mul_constraint(Builder& builder, const MultiScalarMul& input)
+{
+    using cycle_group_ct = bb::stdlib::cycle_group<Builder>;
+    using cycle_scalar_ct = typename bb::stdlib::cycle_group<Builder>::cycle_scalar;
+    using field_ct = bb::stdlib::field_t<Builder>;
+
+    std::vector<cycle_group_ct> points;
+    std::vector<cycle_scalar_ct> scalars;
+
+    for (size_t i = 0; i < input.points.size(); i += 2) {
+        // Instantiate the input point/variable base as `cycle_group_ct`
+        auto point_x = field_ct::from_witness_index(&builder, input.points[i]);
+        auto point_y = field_ct::from_witness_index(&builder, input.points[i + 1]);
+        cycle_group_ct input_point(point_x, point_y, false);
+
+        // Reconstruct the scalar from the low and high limbs
+        field_ct scalar_low_as_field = field_ct::from_witness_index(&builder, input.scalars[i]);
+        field_ct scalar_high_as_field = field_ct::from_witness_index(&builder, input.scalars[i + 1]);
+        cycle_scalar_ct scalar(scalar_low_as_field, scalar_high_as_field);
+
+        // Add the point and scalar to the vectors
+        points.push_back(input_point);
+        scalars.push_back(scalar);
+    }
+
+    // Call batch_mul to multiply the points and scalars and sum the results
+    auto output_point = cycle_group_ct::batch_mul(scalars, points);
+
+    // Add the constraints
+    builder.assert_equal(output_point.x.get_witness_index(), input.out_point_x);
+    builder.assert_equal(output_point.y.get_witness_index(), input.out_point_y);
+}
+
+template void create_multi_scalar_mul_constraint<UltraCircuitBuilder>(UltraCircuitBuilder& builder,
+                                                                      const MultiScalarMul& input);
+template void create_multi_scalar_mul_constraint<GoblinUltraCircuitBuilder>(GoblinUltraCircuitBuilder& builder,
+                                                                            const MultiScalarMul& input);
+
+} // namespace acir_format