sha256_construction.hpp
Go to the documentation of this file.
1 //---------------------------------------------------------------------------//
2 // Copyright (c) 2018-2021 Mikhail Komarov <nemo@nil.foundation>
3 // Copyright (c) 2020-2021 Nikita Kaskov <nbering@nil.foundation>
4 //
5 // MIT License
6 //
7 // Permission is hereby granted, free of charge, to any person obtaining a copy
8 // of this software and associated documentation files (the "Software"), to deal
9 // in the Software without restriction, including without limitation the rights
10 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 // copies of the Software, and to permit persons to whom the Software is
12 // furnished to do so, subject to the following conditions:
13 //
14 // The above copyright notice and this permission notice shall be included in all
15 // copies or substantial portions of the Software.
16 //
17 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 // SOFTWARE.
24 //---------------------------------------------------------------------------//
25 // @file Declaration of interfaces for components for the SHA256 message schedule and round function.
26 //---------------------------------------------------------------------------//
27 
28 #ifndef CRYPTO3_ZK_BLUEPRINT_SHA256_COMPONENTS_HPP
29 #define CRYPTO3_ZK_BLUEPRINT_SHA256_COMPONENTS_HPP
30 
31 #include <nil/crypto3/hash/sha2.hpp>
32 
33 #include <nil/crypto3/zk/components/packing.hpp>
34 #include <nil/crypto3/zk/components/hashes/hash_io.hpp>
35 #include <nil/crypto3/zk/components/hashes/sha256/sha256_aux.hpp>
36 
37 #include <nil/crypto3/zk/components/blueprint_variable.hpp>
38 
39 namespace nil {
40  namespace crypto3 {
41  namespace zk {
42  namespace components {
43 
44  template<typename FieldType>
45  class sha256_message_schedule_component : public component<FieldType> {
46  public:
47  std::vector<blueprint_variable_vector<FieldType>> W_bits;
48  std::vector<std::shared_ptr<packing_component<FieldType>>> pack_W;
49 
50  std::vector<blueprint_variable<FieldType>> sigma0;
51  std::vector<blueprint_variable<FieldType>> sigma1;
52  std::vector<std::shared_ptr<small_sigma_component<FieldType>>> compute_sigma0;
53  std::vector<std::shared_ptr<small_sigma_component<FieldType>>> compute_sigma1;
54  std::vector<blueprint_variable<FieldType>> unreduced_W;
55  std::vector<std::shared_ptr<lastbits_component<FieldType>>> mod_reduce_W;
56 
57  public:
58  blueprint_variable_vector<FieldType> M;
59  blueprint_variable_vector<FieldType> packed_W;
60  sha256_message_schedule_component(blueprint<FieldType> &bp,
61  const blueprint_variable_vector<FieldType> &M,
62  const blueprint_variable_vector<FieldType> &packed_W) :
63  component<FieldType>(bp),
64  M(M), packed_W(packed_W) {
65 
66  W_bits.resize(64);
67 
68  pack_W.resize(16);
69  for (std::size_t i = 0; i < 16; ++i) {
70  W_bits[i] = blueprint_variable_vector<FieldType>(
71  M.rbegin() + (15 - i) * hashes::sha2<256>::word_bits,
72  M.rbegin() + (16 - i) * hashes::sha2<256>::word_bits);
73 
74  pack_W[i].reset(new packing_component<FieldType>(bp, W_bits[i], packed_W[i]));
75  }
76 
77  /* NB: some of those will be un-allocated */
78  sigma0.resize(64);
79  sigma1.resize(64);
80  compute_sigma0.resize(64);
81  compute_sigma1.resize(64);
82  unreduced_W.resize(64);
83  mod_reduce_W.resize(64);
84 
85  for (std::size_t i = 16; i < block::detail::shacal2_policy<256>::rounds; ++i) {
86  /* allocate result variables for sigma0/sigma1 invocations */
87  sigma0[i].allocate(bp);
88  sigma1[i].allocate(bp);
89 
90  /* compute sigma0/sigma1 */
91  compute_sigma0[i].reset(
92  new small_sigma_component<FieldType>(bp, W_bits[i - 15], sigma0[i], 7, 18, 3));
93  compute_sigma1[i].reset(
94  new small_sigma_component<FieldType>(bp, W_bits[i - 2], sigma1[i], 17, 19, 10));
95 
96  /* unreduced_W = sigma0(W_{i-15}) + sigma1(W_{i-2}) + W_{i-7} + W_{i-16} before modulo
97  * 2^32
98  */
99  unreduced_W[i].allocate(bp);
100 
101  /* allocate the bit representation of packed_W[i] */
102  W_bits[i].allocate(bp, hashes::sha2<256>::word_bits);
103 
104  /* and finally reduce this into packed and bit representations */
105  mod_reduce_W[i].reset(new lastbits_component<FieldType>(
106  bp, unreduced_W[i], hashes::sha2<256>::word_bits + 2, packed_W[i], W_bits[i]));
107  }
108  }
109 
110  void generate_r1cs_constraints() {
111  for (std::size_t i = 0; i < 16; ++i) {
112  pack_W[i]->generate_r1cs_constraints(
113  false); // do not enforce bitness here; caller be aware.
114  }
115 
116  for (std::size_t i = 16; i < block::detail::shacal2_policy<256>::rounds; ++i) {
117  compute_sigma0[i]->generate_r1cs_constraints();
118  compute_sigma1[i]->generate_r1cs_constraints();
119 
120  this->bp.add_r1cs_constraint(snark::r1cs_constraint<FieldType>(
121  1, sigma0[i] + sigma1[i] + packed_W[i - 16] + packed_W[i - 7], unreduced_W[i]));
122 
123  mod_reduce_W[i]->generate_r1cs_constraints();
124  }
125  }
126 
127  void generate_r1cs_witness() {
128  for (std::size_t i = 0; i < 16; ++i) {
129  pack_W[i]->generate_r1cs_witness_from_bits();
130  }
131 
132  for (std::size_t i = 16; i < block::detail::shacal2_policy<256>::rounds; ++i) {
133  compute_sigma0[i]->generate_r1cs_witness();
134  compute_sigma1[i]->generate_r1cs_witness();
135 
136  this->bp.val(unreduced_W[i]) = this->bp.val(sigma0[i]) + this->bp.val(sigma1[i]) +
137  this->bp.val(packed_W[i - 16]) +
138  this->bp.val(packed_W[i - 7]);
139 
140  mod_reduce_W[i]->generate_r1cs_witness();
141  }
142  }
143  };
144 
145  template<typename FieldType>
146  class sha256_round_function_component : public component<FieldType> {
147  public:
148  blueprint_variable<FieldType> sigma0;
149  blueprint_variable<FieldType> sigma1;
150  std::shared_ptr<big_sigma_component<FieldType>> compute_sigma0;
151  std::shared_ptr<big_sigma_component<FieldType>> compute_sigma1;
152  blueprint_variable<FieldType> choice;
153  blueprint_variable<FieldType> majority;
154  std::shared_ptr<choice_component<FieldType>> compute_choice;
155  std::shared_ptr<majority_component<FieldType>> compute_majority;
156  blueprint_variable<FieldType> packed_d;
157  std::shared_ptr<packing_component<FieldType>> pack_d;
158  blueprint_variable<FieldType> packed_h;
159  std::shared_ptr<packing_component<FieldType>> pack_h;
160  blueprint_variable<FieldType> unreduced_new_a;
161  blueprint_variable<FieldType> unreduced_new_e;
162  std::shared_ptr<lastbits_component<FieldType>> mod_reduce_new_a;
163  std::shared_ptr<lastbits_component<FieldType>> mod_reduce_new_e;
164  blueprint_variable<FieldType> packed_new_a;
165  blueprint_variable<FieldType> packed_new_e;
166 
167  public:
168  blueprint_linear_combination_vector<FieldType> a;
169  blueprint_linear_combination_vector<FieldType> b;
170  blueprint_linear_combination_vector<FieldType> c;
171  blueprint_linear_combination_vector<FieldType> d;
172  blueprint_linear_combination_vector<FieldType> e;
173  blueprint_linear_combination_vector<FieldType> f;
174  blueprint_linear_combination_vector<FieldType> g;
175  blueprint_linear_combination_vector<FieldType> h;
176  blueprint_variable<FieldType> W;
177  long K;
178  blueprint_linear_combination_vector<FieldType> new_a;
179  blueprint_linear_combination_vector<FieldType> new_e;
180 
181  sha256_round_function_component(blueprint<FieldType> &bp,
182  const blueprint_linear_combination_vector<FieldType> &a,
183  const blueprint_linear_combination_vector<FieldType> &b,
184  const blueprint_linear_combination_vector<FieldType> &c,
185  const blueprint_linear_combination_vector<FieldType> &d,
186  const blueprint_linear_combination_vector<FieldType> &e,
187  const blueprint_linear_combination_vector<FieldType> &f,
188  const blueprint_linear_combination_vector<FieldType> &g,
189  const blueprint_linear_combination_vector<FieldType> &h,
190  const blueprint_variable<FieldType> &W,
191  const long &K,
192  const blueprint_linear_combination_vector<FieldType> &new_a,
193  const blueprint_linear_combination_vector<FieldType> &new_e) :
194  component<FieldType>(bp),
195  a(a), b(b), c(c), d(d), e(e), f(f), g(g), h(h), W(W), K(K), new_a(new_a), new_e(new_e) {
196 
197  /* compute sigma0 and sigma1 */
198  sigma0.allocate(bp);
199  sigma1.allocate(bp);
200  compute_sigma0.reset(new big_sigma_component<FieldType>(bp, a, sigma0, 2, 13, 22));
201  compute_sigma1.reset(new big_sigma_component<FieldType>(bp, e, sigma1, 6, 11, 25));
202 
203  /* compute choice */
204  choice.allocate(bp);
205  compute_choice.reset(new choice_component<FieldType>(bp, e, f, g, choice));
206 
207  /* compute majority */
208  majority.allocate(bp);
209  compute_majority.reset(new majority_component<FieldType>(bp, a, b, c, majority));
210 
211  /* pack d */
212  packed_d.allocate(bp);
213  pack_d.reset(new packing_component<FieldType>(bp, d, packed_d));
214 
215  /* pack h */
216  packed_h.allocate(bp);
217  pack_h.reset(new packing_component<FieldType>(bp, h, packed_h));
218 
219  /* compute the actual results for the round */
220  unreduced_new_a.allocate(bp);
221  unreduced_new_e.allocate(bp);
222 
223  packed_new_a.allocate(bp);
224  packed_new_e.allocate(bp);
225 
226  mod_reduce_new_a.reset(new lastbits_component<FieldType>(
227  bp, unreduced_new_a, hashes::sha2<256>::word_bits + 3, packed_new_a, new_a));
228  mod_reduce_new_e.reset(new lastbits_component<FieldType>(
229  bp, unreduced_new_e, hashes::sha2<256>::word_bits + 3, packed_new_e, new_e));
230  }
231 
232  void generate_r1cs_constraints() {
233  compute_sigma0->generate_r1cs_constraints();
234  compute_sigma1->generate_r1cs_constraints();
235 
236  compute_choice->generate_r1cs_constraints();
237  compute_majority->generate_r1cs_constraints();
238 
239  pack_d->generate_r1cs_constraints(false);
240  pack_h->generate_r1cs_constraints(false);
241 
242  this->bp.add_r1cs_constraint(snark::r1cs_constraint<FieldType>(
243  1, packed_h + sigma1 + choice + K + W + sigma0 + majority, unreduced_new_a));
244 
245  this->bp.add_r1cs_constraint(snark::r1cs_constraint<FieldType>(
246  1, packed_d + packed_h + sigma1 + choice + K + W, unreduced_new_e));
247 
248  mod_reduce_new_a->generate_r1cs_constraints();
249  mod_reduce_new_e->generate_r1cs_constraints();
250  }
251 
252  void generate_r1cs_witness() {
253  compute_sigma0->generate_r1cs_witness();
254  compute_sigma1->generate_r1cs_witness();
255 
256  compute_choice->generate_r1cs_witness();
257  compute_majority->generate_r1cs_witness();
258  pack_d->generate_r1cs_witness_from_bits();
259  pack_h->generate_r1cs_witness_from_bits();
260 
261  this->bp.val(unreduced_new_a) = this->bp.val(packed_h) + this->bp.val(sigma1) +
262  this->bp.val(choice) + typename FieldType::value_type(K) +
263  this->bp.val(W) + this->bp.val(sigma0) + this->bp.val(majority);
264  this->bp.val(unreduced_new_e) = this->bp.val(packed_d) + this->bp.val(packed_h) +
265  this->bp.val(sigma1) + this->bp.val(choice) +
266  typename FieldType::value_type(K) + this->bp.val(W);
267 
268  mod_reduce_new_a->generate_r1cs_witness();
269  mod_reduce_new_e->generate_r1cs_witness();
270  }
271  };
272 
273  template<typename FieldType>
274  blueprint_linear_combination_vector<FieldType> SHA256_default_IV(blueprint<FieldType> &bp) {
275  using namespace hashes::detail;
276 
277  typename sha2_policy<256>::state_type iv = sha2_policy<256>::iv_generator()();
278 
279  blueprint_linear_combination_vector<FieldType> result;
280  result.reserve(hashes::sha2<256>::digest_bits);
281 
282  for (std::size_t i = 0; i < hashes::sha2<256>::digest_bits; ++i) {
283  int iv_val =
284  iv[i / hashes::sha2<256>::word_bits] >> (31 - (i % hashes::sha2<256>::word_bits)) & 1;
285 
286  blueprint_linear_combination<FieldType> iv_element;
287  iv_element.assign(bp, iv_val * blueprint_variable<FieldType>(0));
288  iv_element.evaluate(bp);
289 
290  result.emplace_back(iv_element);
291  }
292 
293  return result;
294  }
295 
296  } // namespace components
297  } // namespace zk
298  } // namespace crypto3
299 } // namespace nil
300 
301 #endif // CRYPTO3_ZK_BLUEPRINT_SHA256_COMPONENTS_HPP
blueprint_variable.hpp
nil::crypto3::hashes::sha2
SHA2.
Definition: sha2.hpp:46
nil::crypto3::zk::components::big_sigma_component
Definition: sha256_aux.hpp:188
nil::crypto3::zk::components::blueprint_linear_combination_vector
Definition: blueprint_linear_combination.hpp:115
nil::crypto3::zk::components::blueprint_linear_combination
Definition: blueprint_linear_combination.hpp:47
nil::crypto3::zk::components::blueprint_linear_combination::assign
void assign(blueprint< field_type > &bp, const snark::linear_combination< field_type > &lc)
Definition: blueprint_linear_combination.hpp:65
nil::crypto3::zk::components::blueprint_linear_combination::evaluate
void evaluate(blueprint< field_type > &bp) const
Definition: blueprint_linear_combination.hpp:71
nil::crypto3::zk::components::blueprint_variable_vector
Definition: blueprint_variable.hpp:57
nil::crypto3::zk::components::blueprint_variable
Definition: blueprint_variable.hpp:46
nil::crypto3::zk::components::blueprint
Definition: blueprint.hpp:46
nil::crypto3::zk::components::choice_component
Definition: sha256_aux.hpp:237
nil::crypto3::zk::components::component
Definition: component.hpp:37
nil::crypto3::zk::components::component::bp
blueprint< FieldType > & bp
Definition: component.hpp:39
nil::crypto3::zk::components::lastbits_component
Definition: sha256_aux.hpp:40
nil::crypto3::zk::components::majority_component
Definition: sha256_aux.hpp:284
nil::crypto3::zk::components::packing_component
Definition: packing.hpp:57
nil::crypto3::zk::components::sha256_message_schedule_component
Definition: sha256_construction.hpp:45
nil::crypto3::zk::components::sha256_message_schedule_component::M
blueprint_variable_vector< FieldType > M
Definition: sha256_construction.hpp:58
nil::crypto3::zk::components::sha256_message_schedule_component::sigma0
std::vector< blueprint_variable< FieldType > > sigma0
Definition: sha256_construction.hpp:50
nil::crypto3::zk::components::sha256_message_schedule_component::pack_W
std::vector< std::shared_ptr< packing_component< FieldType > > > pack_W
Definition: sha256_construction.hpp:48
nil::crypto3::zk::components::sha256_message_schedule_component::mod_reduce_W
std::vector< std::shared_ptr< lastbits_component< FieldType > > > mod_reduce_W
Definition: sha256_construction.hpp:55
nil::crypto3::zk::components::sha256_message_schedule_component::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: sha256_construction.hpp:110
nil::crypto3::zk::components::sha256_message_schedule_component::compute_sigma1
std::vector< std::shared_ptr< small_sigma_component< FieldType > > > compute_sigma1
Definition: sha256_construction.hpp:53
nil::crypto3::zk::components::sha256_message_schedule_component::compute_sigma0
std::vector< std::shared_ptr< small_sigma_component< FieldType > > > compute_sigma0
Definition: sha256_construction.hpp:52
nil::crypto3::zk::components::sha256_message_schedule_component::unreduced_W
std::vector< blueprint_variable< FieldType > > unreduced_W
Definition: sha256_construction.hpp:54
nil::crypto3::zk::components::sha256_message_schedule_component::generate_r1cs_witness
void generate_r1cs_witness()
Definition: sha256_construction.hpp:127
nil::crypto3::zk::components::sha256_message_schedule_component::sigma1
std::vector< blueprint_variable< FieldType > > sigma1
Definition: sha256_construction.hpp:51
nil::crypto3::zk::components::sha256_message_schedule_component::sha256_message_schedule_component
sha256_message_schedule_component(blueprint< FieldType > &bp, const blueprint_variable_vector< FieldType > &M, const blueprint_variable_vector< FieldType > &packed_W)
Definition: sha256_construction.hpp:60
nil::crypto3::zk::components::sha256_message_schedule_component::W_bits
std::vector< blueprint_variable_vector< FieldType > > W_bits
Definition: sha256_construction.hpp:47
nil::crypto3::zk::components::sha256_message_schedule_component::packed_W
blueprint_variable_vector< FieldType > packed_W
Definition: sha256_construction.hpp:59
nil::crypto3::zk::components::sha256_round_function_component
Definition: sha256_construction.hpp:146
nil::crypto3::zk::components::sha256_round_function_component::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: sha256_construction.hpp:232
nil::crypto3::zk::components::sha256_round_function_component::d
blueprint_linear_combination_vector< FieldType > d
Definition: sha256_construction.hpp:171
nil::crypto3::zk::components::sha256_round_function_component::W
blueprint_variable< FieldType > W
Definition: sha256_construction.hpp:176
nil::crypto3::zk::components::sha256_round_function_component::pack_d
std::shared_ptr< packing_component< FieldType > > pack_d
Definition: sha256_construction.hpp:157
nil::crypto3::zk::components::sha256_round_function_component::sha256_round_function_component
sha256_round_function_component(blueprint< FieldType > &bp, const blueprint_linear_combination_vector< FieldType > &a, const blueprint_linear_combination_vector< FieldType > &b, const blueprint_linear_combination_vector< FieldType > &c, const blueprint_linear_combination_vector< FieldType > &d, const blueprint_linear_combination_vector< FieldType > &e, const blueprint_linear_combination_vector< FieldType > &f, const blueprint_linear_combination_vector< FieldType > &g, const blueprint_linear_combination_vector< FieldType > &h, const blueprint_variable< FieldType > &W, const long &K, const blueprint_linear_combination_vector< FieldType > &new_a, const blueprint_linear_combination_vector< FieldType > &new_e)
Definition: sha256_construction.hpp:181
nil::crypto3::zk::components::sha256_round_function_component::K
long K
Definition: sha256_construction.hpp:177
nil::crypto3::zk::components::sha256_round_function_component::packed_h
blueprint_variable< FieldType > packed_h
Definition: sha256_construction.hpp:158
nil::crypto3::zk::components::sha256_round_function_component::b
blueprint_linear_combination_vector< FieldType > b
Definition: sha256_construction.hpp:169
nil::crypto3::zk::components::sha256_round_function_component::h
blueprint_linear_combination_vector< FieldType > h
Definition: sha256_construction.hpp:175
nil::crypto3::zk::components::sha256_round_function_component::majority
blueprint_variable< FieldType > majority
Definition: sha256_construction.hpp:153
nil::crypto3::zk::components::sha256_round_function_component::new_e
blueprint_linear_combination_vector< FieldType > new_e
Definition: sha256_construction.hpp:179
nil::crypto3::zk::components::sha256_round_function_component::packed_d
blueprint_variable< FieldType > packed_d
Definition: sha256_construction.hpp:156
nil::crypto3::zk::components::sha256_round_function_component::compute_majority
std::shared_ptr< majority_component< FieldType > > compute_majority
Definition: sha256_construction.hpp:155
nil::crypto3::zk::components::sha256_round_function_component::compute_choice
std::shared_ptr< choice_component< FieldType > > compute_choice
Definition: sha256_construction.hpp:154
nil::crypto3::zk::components::sha256_round_function_component::new_a
blueprint_linear_combination_vector< FieldType > new_a
Definition: sha256_construction.hpp:178
nil::crypto3::zk::components::sha256_round_function_component::sigma1
blueprint_variable< FieldType > sigma1
Definition: sha256_construction.hpp:149
nil::crypto3::zk::components::sha256_round_function_component::packed_new_a
blueprint_variable< FieldType > packed_new_a
Definition: sha256_construction.hpp:164
nil::crypto3::zk::components::sha256_round_function_component::e
blueprint_linear_combination_vector< FieldType > e
Definition: sha256_construction.hpp:172
nil::crypto3::zk::components::sha256_round_function_component::g
blueprint_linear_combination_vector< FieldType > g
Definition: sha256_construction.hpp:174
nil::crypto3::zk::components::sha256_round_function_component::generate_r1cs_witness
void generate_r1cs_witness()
Definition: sha256_construction.hpp:252
nil::crypto3::zk::components::sha256_round_function_component::compute_sigma0
std::shared_ptr< big_sigma_component< FieldType > > compute_sigma0
Definition: sha256_construction.hpp:150
nil::crypto3::zk::components::sha256_round_function_component::f
blueprint_linear_combination_vector< FieldType > f
Definition: sha256_construction.hpp:173
nil::crypto3::zk::components::sha256_round_function_component::packed_new_e
blueprint_variable< FieldType > packed_new_e
Definition: sha256_construction.hpp:165
nil::crypto3::zk::components::sha256_round_function_component::compute_sigma1
std::shared_ptr< big_sigma_component< FieldType > > compute_sigma1
Definition: sha256_construction.hpp:151
nil::crypto3::zk::components::sha256_round_function_component::sigma0
blueprint_variable< FieldType > sigma0
Definition: sha256_construction.hpp:148
nil::crypto3::zk::components::sha256_round_function_component::c
blueprint_linear_combination_vector< FieldType > c
Definition: sha256_construction.hpp:170
nil::crypto3::zk::components::sha256_round_function_component::a
blueprint_linear_combination_vector< FieldType > a
Definition: sha256_construction.hpp:168
nil::crypto3::zk::components::sha256_round_function_component::mod_reduce_new_e
std::shared_ptr< lastbits_component< FieldType > > mod_reduce_new_e
Definition: sha256_construction.hpp:163
nil::crypto3::zk::components::sha256_round_function_component::unreduced_new_e
blueprint_variable< FieldType > unreduced_new_e
Definition: sha256_construction.hpp:161
nil::crypto3::zk::components::sha256_round_function_component::choice
blueprint_variable< FieldType > choice
Definition: sha256_construction.hpp:152
nil::crypto3::zk::components::sha256_round_function_component::unreduced_new_a
blueprint_variable< FieldType > unreduced_new_a
Definition: sha256_construction.hpp:160
nil::crypto3::zk::components::sha256_round_function_component::pack_h
std::shared_ptr< packing_component< FieldType > > pack_h
Definition: sha256_construction.hpp:159
nil::crypto3::zk::components::sha256_round_function_component::mod_reduce_new_a
std::shared_ptr< lastbits_component< FieldType > > mod_reduce_new_a
Definition: sha256_construction.hpp:162
nil::crypto3::zk::components::small_sigma_component
Definition: sha256_aux.hpp:139
hash_io.hpp
nil::crypto3::zk::components::SHA256_default_IV
blueprint_linear_combination_vector< FieldType > SHA256_default_IV(blueprint< FieldType > &bp)
Definition: sha256_construction.hpp:274
nil
Definition: pair.hpp:31
sha256_aux.hpp
nil::crypto3::zk::snark::r1cs_constraint
Definition: r1cs.hpp:60