feat(ssa_fuzzer): hash blackbox functions (#9479)

Co-authored-by: Innokentii Sennovskii <[email protected]>

Author: defkit

tooling/ssa_fuzzer/fuzzer/src/fuzz_lib/block_context.rs

@@ -1024,4 +1024,235 @@ mod tests {
             None => panic!("Program failed to execute"),
         }
     }
+
+    /// from_le_radix(to_le_radix(field)) == field
+    #[test]
+    fn smoke_test_field_to_bytes_to_field() {
+        let _ = env_logger::try_init();
+        let field_to_bytes_to_field_block = InstructionBlock {
+            instructions: vec![Instruction::FieldToBytesToField { field_idx: 1 }],
+        };
+        let instructions_blocks = vec![field_to_bytes_to_field_block];
+        let commands =
+            vec![FuzzerFunctionCommand::InsertSimpleInstructionBlock { instruction_block_idx: 0 }];
+        let main_func = FunctionData {
+            commands,
+            return_instruction_block_idx: 0,
+            return_type: ValueType::Field,
+        };
+        let fuzzer_data = FuzzerData {
+            instruction_blocks: instructions_blocks,
+            functions: vec![main_func],
+            initial_witness: default_witness(),
+        };
+        let result = fuzz_target(fuzzer_data, FuzzerOptions::default());
+        match result {
+            Some(result) => assert_eq!(result.get_return_value(), FieldElement::from(1_u32)),
+            None => panic!("Program failed to execute"),
+        }
+    }
+
+    /// blake2s(to_le_radix(0, 256, 32)) == blake2s computed with noir
+    ///
+    /// fn main(x: u8) -> pub Field {
+    ///     let x = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
+    ///     let hash = std::hash::blake2s(x);
+    ///     Field::from_le_bytes::<32>(hash)
+    /// }
+    /// [nargo_tests] Circuit output: Field(-9211429028062209127175291049466917975585300944217240748738694765619842249938)
+    #[test]
+    fn smoke_test_blake2s_hash() {
+        let _ = env_logger::try_init();
+        let blake2s_hash_block = InstructionBlock {
+            instructions: vec![Instruction::Blake2sHash { field_idx: 0, limbs_count: 32 }],
+        };
+        let instructions_blocks = vec![blake2s_hash_block];
+        let commands = vec![];
+        let main_func = FunctionData {
+            commands,
+            return_instruction_block_idx: 0,
+            return_type: ValueType::Field,
+        };
+        let fuzzer_data = FuzzerData {
+            instruction_blocks: instructions_blocks,
+            functions: vec![main_func],
+            initial_witness: default_witness(),
+        };
+        let result = fuzz_target(fuzzer_data, FuzzerOptions::default());
+        match result {
+            Some(result) => assert_eq!(
+                result.get_return_value(),
+                FieldElement::try_from_str(
+                    "-9211429028062209127175291049466917975585300944217240748738694765619842249938"
+                )
+                .unwrap()
+            ),
+            None => panic!("Program failed to execute"),
+        }
+    }
+
+    /// blake3(to_le_radix(0, 256, 32)) == blake3 computed with noir
+    ///
+    /// fn main(x: u8) -> pub Field {
+    ///     let x = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
+    ///     let hash = std::hash::blake3(x);
+    ///     Field::from_le_bytes::<32>(hash)
+    /// }
+    /// [nargo_tests] Circuit output: Field(11496696481601359239189947342432058980836600577383371976100559912527609453094)
+    #[test]
+    fn smoke_test_blake3_hash() {
+        let _ = env_logger::try_init();
+        let blake3_hash_block = InstructionBlock {
+            instructions: vec![Instruction::Blake3Hash { field_idx: 0, limbs_count: 32 }],
+        };
+        let instructions_blocks = vec![blake3_hash_block];
+        let commands = vec![];
+        let main_func = FunctionData {
+            commands,
+            return_instruction_block_idx: 0,
+            return_type: ValueType::Field,
+        };
+        let fuzzer_data = FuzzerData {
+            instruction_blocks: instructions_blocks,
+            functions: vec![main_func],
+            initial_witness: default_witness(),
+        };
+        let result = fuzz_target(fuzzer_data, FuzzerOptions::default());
+        match result {
+            Some(result) => assert_eq!(
+                result.get_return_value(),
+                FieldElement::try_from_str(
+                    "11496696481601359239189947342432058980836600577383371976100559912527609453094"
+                )
+                .unwrap()
+            ),
+            None => panic!("Program failed to execute"),
+        }
+    }
+
+    /// fn main() -> pub Field {
+    ///     let input: [u8; 16] = b.to_le_radix(256);
+    ///     let iv: [u8; 16] = b.to_le_radix(256);
+    ///     let key: [u8; 16] = b.to_le_radix(256);
+    ///     Field::from_le_bytes(std::aes128::aes128_encrypt(input, iv, key))
+    /// }
+    ///
+    /// [nargo_tests] Circuit output: Field(7228449286344697221705732525592563926191809635549234005020486075743434697058)
+    #[test]
+    fn smoke_test_aes128_encrypt() {
+        let _ = env_logger::try_init();
+        let aes128_encrypt_block = InstructionBlock {
+            instructions: vec![Instruction::Aes128Encrypt {
+                input_idx: 0,
+                input_limbs_count: 4,
+                key_idx: 0,
+                iv_idx: 0,
+            }],
+        };
+        let instructions_blocks = vec![aes128_encrypt_block];
+        let commands = vec![];
+        let main_func = FunctionData {
+            commands,
+            return_instruction_block_idx: 0,
+            return_type: ValueType::Field,
+        };
+        let fuzzer_data = FuzzerData {
+            instruction_blocks: instructions_blocks,
+            functions: vec![main_func],
+            initial_witness: default_witness(),
+        };
+        let result = fuzz_target(fuzzer_data, FuzzerOptions::default());
+        match result {
+            Some(result) => assert_eq!(
+                result.get_return_value(),
+                FieldElement::try_from_str(
+                    "7228449286344697221705732525592563926191809635549234005020486075743434697058"
+                )
+                .unwrap()
+            ),
+            None => panic!("Program failed to execute"),
+        }
+    }
+
+    /// fn main(a: Field, b: Field) -> pub u64 {
+    ///     let input: [u64; 25] = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
+    ///     std::hash::keccakf1600(input)[24]
+    /// }
+    ///
+    /// [nargo_tests] Circuit output: Field(16929593379567477321)
+    #[test]
+    fn smoke_test_keccakf1600() {
+        let _ = env_logger::try_init();
+        // default witness are fields
+        // so take the first one and cast it to u64
+        let arg_0_field = Argument { index: 0, value_type: ValueType::Field };
+        let cast_block = InstructionBlock {
+            instructions: vec![Instruction::Cast { lhs: arg_0_field, type_: ValueType::U64 }],
+        };
+        // taking the first defined u64 variable which is v0 as u64
+        let keccakf1600_block = InstructionBlock {
+            instructions: vec![Instruction::Keccakf1600Hash {
+                u64_indices: [0; 25],
+                load_elements_of_array: true, // load all elements of the array into defined variables
+            }],
+        };
+        let instructions_blocks = vec![cast_block, keccakf1600_block];
+        let commands =
+            vec![FuzzerFunctionCommand::InsertSimpleInstructionBlock { instruction_block_idx: 0 }];
+        // this function will take the last defined u64, which is equal to the last element of the keccakf1600 permuted array
+        let main_func =
+            FunctionData { commands, return_instruction_block_idx: 1, return_type: ValueType::U64 };
+        let fuzzer_data = FuzzerData {
+            instruction_blocks: instructions_blocks,
+            functions: vec![main_func],
+            initial_witness: default_witness(),
+        };
+        let result = fuzz_target(fuzzer_data, FuzzerOptions::default());
+        match result {
+            Some(result) => {
+                assert_eq!(result.get_return_value(), FieldElement::from(16929593379567477321_u64));
+            }
+            None => panic!("Program failed to execute"),
+        }
+    }
+
+    /// fn main(a: Field, b: Field) -> pub u32 {
+    ///     let input: [u32; 16] = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
+    ///     let state: [u32; 8] = [0, 0, 0, 0, 0, 0, 0, 0];
+    ///     std::hash::sha256_compression(input, state)[7]
+    /// }
+    ///
+    /// [nargo_tests] Circuit output: Field(3205228454)
+    #[test]
+    fn smoke_test_sha256_compression() {
+        let _ = env_logger::try_init();
+        let arg_0_field = Argument { index: 0, value_type: ValueType::Field };
+        let cast_block = InstructionBlock {
+            instructions: vec![Instruction::Cast { lhs: arg_0_field, type_: ValueType::U32 }],
+        };
+        let sha256_compression_block = InstructionBlock {
+            instructions: vec![Instruction::Sha256Compression {
+                input_indices: [0; 16],
+                state_indices: [0; 8],
+                load_elements_of_array: true,
+            }],
+        };
+        let instructions_blocks = vec![cast_block, sha256_compression_block];
+        let commands =
+            vec![FuzzerFunctionCommand::InsertSimpleInstructionBlock { instruction_block_idx: 0 }];
+        let main_func =
+            FunctionData { commands, return_instruction_block_idx: 1, return_type: ValueType::U32 };
+        let fuzzer_data = FuzzerData {
+            instruction_blocks: instructions_blocks,
+            functions: vec![main_func],
+            initial_witness: default_witness(),
+        };
+        let result = fuzz_target(fuzzer_data, FuzzerOptions::default());
+        match result {
+            Some(result) => {
+                assert_eq!(result.get_return_value(), FieldElement::from(3205228454_u32));
+            }
+            None => panic!("Program failed to execute"),
+        }
+    }
 }

tooling/ssa_fuzzer/fuzzer/src/fuzz_lib/fuzz_target_lib.rs

@@ -97,6 +97,43 @@ pub(crate) enum Instruction {
         value_index: usize,
         safe_index: bool,
     },
+
+    /// Field to bytes to field
+    /// Takes field, converts it to le_bytes
+    /// Then converts the le_bytes to field and stores it in the context
+    FieldToBytesToField { field_idx: usize },
+
+    /// Blake2s hash
+    /// Takes field, converts it to le_bytes of the size specified by `limbs_count`
+    /// Then hashes it with blake2s and stores the hash from le_bytes in the context
+    Blake2sHash { field_idx: usize, limbs_count: u8 },
+
+    /// Blake3 hash
+    /// Takes field, converts it to le_bytes of the size specified by `limbs_count`
+    /// Then hashes it with blake3 and stores the hash from le_bytes in the context
+    Blake3Hash { field_idx: usize, limbs_count: u8 },
+
+    /// Keccakf1600 hash
+    /// Takes array of u64 values and permutes it with keccakf1600
+    /// Stores the permuted array in the context
+    /// If `load_elements_of_array` is true, loads all elements of the permuted array into defined variables
+    Keccakf1600Hash { u64_indices: [usize; 25], load_elements_of_array: bool },
+
+    /// AES-128 encrypt
+    /// Takes input key and iv as fields, converts them to u8 arrays
+    /// Input is converted to u8 array of size `input_limbs_count`
+    /// Encrypts the input with AES-128 and converts encrypted array to field and stores it in the context
+    Aes128Encrypt { input_idx: usize, input_limbs_count: u8, key_idx: usize, iv_idx: usize },
+
+    /// SHA-256 compression
+    /// Takes input and state as arrays of u32 values
+    /// Compresses the input with SHA-256 and stores the result in the context
+    /// If `load_elements_of_array` is true, loads all elements of the compressed array into defined variables
+    Sha256Compression {
+        input_indices: [usize; 16],
+        state_indices: [usize; 8],
+        load_elements_of_array: bool,
+    },
 }
 
 /// Default instruction is XOR of two boolean values

tooling/ssa_fuzzer/fuzzer/src/fuzz_lib/instruction.rs

@@ -150,7 +150,10 @@ pub(crate) struct FuzzerOptions {
 impl Default for FuzzerOptions {
     fn default() -> Self {
         Self {
-            compile_options: CompileOptions { show_ssa: true, ..Default::default() },
+            compile_options: CompileOptions {
+                show_ssa_pass: vec!["Dead Instruction Elimination".to_string()],
+                ..Default::default()
+            },
             max_ssa_blocks_num: 100,
             max_instructions_num: 1000,
             max_iterations_num: 1000,

tooling/ssa_fuzzer/fuzzer/src/fuzz_lib/options.rs

@@ -189,6 +189,15 @@ impl InstructionMutator for InstructionArgumentsMutation {
                     mutate_bool(safe_index, rng, BASIC_SAFE_INDEX_MUTATION_CONFIGURATION);
                 }
             },
+            Instruction::FieldToBytesToField { .. }
+            | Instruction::Blake2sHash { .. }
+            | Instruction::Blake3Hash { .. }
+            | Instruction::Keccakf1600Hash { .. }
+            | Instruction::Aes128Encrypt { .. }
+            | Instruction::Sha256Compression { .. } => {
+                // TODO: Implement mutations for these instructions
+                // doesn't leave it as unimplemented, because fuzzer will try to mutate it anyway
+            }
         }
     }
 }