Struct o1vm::keccak::constraints::Env

pub struct Env<Fp> {
    pub constraints: Vec<Expr<ConstantExpr<Fp>, Column>>,
    pub lookups: Vec<RAMLookup<Expr<ConstantExpr<Fp>, Column>, LookupTableIDs>>,
}

This struct contains all that needs to be kept track of during the execution of the Keccak step interpreter

Fields

constraints: Vec<Expr<ConstantExpr<Fp>, Column>>

Constraints that are added to the circuit

lookups: Vec<RAMLookup<Expr<ConstantExpr<Fp>, Column>, LookupTableIDs>>

Variables that are looked up in the circuit

Trait Implementations

impl<F: Field> ArithHelpers<F> for Env<F>

fn two_pow(x: u64) -> Self::Variable

Returns a variable representing the value 2^x

fn zero() -> Self::Variable

Returns a variable representing the value zero

fn one() -> Self::Variable

Returns a variable representing the value one

fn two() -> Self::Variable

Returns a variable representing the value two

impl<F: Field> BoolHelpers<F> for Env<F>

fn is_boolean(x: Self::Variable) -> Self::Variable

Degree-2 variable encoding whether the input is a boolean value (0 = yes)

fn not(x: Self::Variable) -> Self::Variable

Degree-1 variable encoding the negation of the input Note: it only works as expected if the input is a boolean value

fn is_one(x: Self::Variable) -> Self::Variable

Degree-1 variable encoding whether the input is the value one (0 = yes)

fn is_nonzero(x: Self::Variable, x_inv: Self::Variable) -> Self::Variable

Degree-2 variable encoding whether the first input is nonzero (0 = yes). It requires the second input to be the multiplicative inverse of the first. Note: if the first input is zero, there is no multiplicative inverse.

fn is_zero( x: Self::Variable, x_inv: Self::Variable, z: Self::Variable ) -> (Self::Variable, Self::Variable)

fn xor(x: Self::Variable, y: Self::Variable) -> Self::Variable

Degree-2 variable encoding the XOR of two variables which should be boolean (1 = true)

fn or(x: Self::Variable, y: Self::Variable) -> Self::Variable

Degree-2 variable encoding the OR of two variables, which should be boolean (1 = true)

fn either_zero(x: Self::Variable, y: Self::Variable) -> Self::Variable

Degree-2 variable encoding whether at least one of the two inputs is zero (0 = yes)

impl<Fp: Clone> Clone for Env<Fp>

fn clone(&self) -> Env<Fp>

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<Fp: Debug> Debug for Env<Fp>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<F: Field> Default for Env<F>

fn default() -> Self

Returns the “default value” for a type.

impl<F: Field> Interpreter<F> for Env<F>

type Variable = Operations<ExprInner<Operations<ConstantExprInner<F>>, Column>>

fn constant(x: u64) -> Self::Variable

Creates a variable from a constant integer

fn constant_field(x: F) -> Self::Variable

Creates a variable from a constant field element

fn variable(&self, column: KeccakColumn) -> Self::Variable

Returns the variable corresponding to a given column alias.

fn constrain( &mut self, _tag: Constraint, if_true: Self::Variable, x: Self::Variable )

Adds one KeccakConstraint to the environment if the selector holds

fn add_lookup( &mut self, if_true: Self::Variable, lookup: RAMLookup<Self::Variable, LookupTableIDs> )

Adds a given Lookup to the environment if the condition holds

impl<F: Field> KeccakInterpreter<F> for Env<F>

fn constraints(&mut self, step: Steps)

Creates all 879 constraints/checks to the environment:

fn constrain_flags(&mut self, step: Steps)where Self: Interpreter<F>,

Constrains 136 checks of correctness of mode flags

fn constrain_booleanity(&mut self, step: Steps)where Self: Interpreter<F>,

Constrains 136 checks of booleanity for some mode flags.

fn constrain_sponge(&mut self, step: Steps)

Constrains 354 checks of sponge steps

fn constrain_absorb(&mut self, step: Steps)

Constrains 332 checks of absorb sponges

fn constrain_padding(&mut self, step: Steps)

Constrains 6 checks of padding absorb sponges

fn constrain_squeeze(&mut self, step: Steps)

Constrains 16 checks of squeeze sponges

fn constrain_round(&mut self, step: Steps)

Constrains 389 checks of round steps

fn constrain_theta(&mut self, step: Steps) -> Vec<Vec<Vec<Self::Variable>>>

Constrains 35 checks of the theta algorithm in round steps

fn constrain_pirho( &mut self, step: Steps, state_e: Vec<Vec<Vec<Self::Variable>>> ) -> Vec<Vec<Vec<Self::Variable>>>

Constrains 150 checks of the pirho algorithm in round steps

fn constrain_chi( &mut self, step: Steps, state_b: Vec<Vec<Vec<Self::Variable>>> ) -> Vec<Vec<Vec<Self::Variable>>>

Constrains 200 checks of the chi algorithm in round steps

fn constrain_iota( &mut self, step: Steps, state_f: Vec<Vec<Vec<Self::Variable>>> )

Constrains 4 checks of the iota algorithm in round steps

fn lookups(&mut self, step: Steps)

Creates all possible lookups to the Keccak constraints environment:

fn lookup_syscall_preimage(&mut self, step: Steps)

When in Absorb mode, reads Lookups containing the 136 bytes of the block of the preimage

fn lookup_syscall_hash(&mut self, step: Steps)

When in Squeeze mode, writes a Lookup containing the 31byte output of the hash (excludes the MSB)

fn lookup_steps(&mut self, step: Steps)

Reads a Lookup containing the input of a step and writes a Lookup containing the output of the next step

fn lookups_sponge(&mut self, step: Steps)

Adds the 601 lookups required for the sponge

fn lookups_round_theta(&mut self, step: Steps)

Adds the 120 lookups required for Theta in the round

fn lookups_round_pirho(&mut self, step: Steps)

Adds the 700 lookups required for PiRho in the round

fn lookups_round_chi(&mut self, step: Steps)

Adds the 800 lookups required for Chi in the round

fn lookups_round_iota(&mut self, step: Steps)

Adds the 1 lookup required for Iota in the round

fn is_sponge(&self, step: Steps) -> Self::Variable

SELECTOR OPERATIONS /// Returns a degree-2 variable that encodes whether the current step is a sponge (1 = yes)

fn is_absorb(&self, step: Steps) -> Self::Variable

Returns a variable that encodes whether the current step is an absorb sponge (1 = yes)

fn is_squeeze(&self, step: Steps) -> Self::Variable

Returns a variable that encodes whether the current step is a squeeze sponge (1 = yes)

fn is_root(&self, step: Steps) -> Self::Variable

Returns a variable that encodes whether the current step is the first absorb sponge (1 = yes)

fn is_pad(&self, step: Steps) -> Self::Variable

Returns a degree-1 variable that encodes whether the current step is the last absorb sponge (1 = yes)

fn is_round(&self, step: Steps) -> Self::Variable

Returns a variable that encodes whether the current step is a permutation round (1 = yes)

fn mode_absorb(&self, step: Steps) -> Self::Variable

Returns a variable that encodes whether the current step is an absorb sponge (1 = yes)

fn mode_squeeze(&self, step: Steps) -> Self::Variable

Returns a variable that encodes whether the current step is a squeeze sponge (1 = yes)

fn mode_root(&self, step: Steps) -> Self::Variable

Returns a variable that encodes whether the current step is the first absorb sponge (1 = yes)

fn mode_pad(&self, step: Steps) -> Self::Variable

Returns a degree-1 variable that encodes whether the current step is the last absorb sponge (1 = yes)

fn mode_rootpad(&self, step: Steps) -> Self::Variable

Returns a degree-1 variable that encodes whether the current step is the first and last absorb sponge (1 = yes)

fn mode_round(&self, step: Steps) -> Self::Variable

Returns a variable that encodes whether the current step is a permutation round (1 = yes)

fn from_shifts( shifts: &[Self::Variable], i: Option<usize>, y: Option<usize>, x: Option<usize>, q: Option<usize> ) -> Self::Variable

COLUMN OPERATIONS /// This function returns the composed sparse variable from shifts of any correct length:

fn from_quarters( quarters: &[Self::Variable], y: Option<usize>, x: usize ) -> Self::Variable

This function returns the composed variable from dense quarters of any correct length:

fn round(&self) -> Self::Variable

Returns a variable that encodes the current round number [0..24)

fn pad_length(&self) -> Self::Variable

Returns a variable that encodes the bytelength of the padding if any [0..136)

fn two_to_pad(&self) -> Self::Variable

Returns a variable that encodes the value 2^pad_length

fn in_padding(&self, idx: usize) -> Self::Variable

Returns a variable that encodes whether the idx-th byte of the new block is involved in the padding (1 = yes)

fn pad_suffix(&self, idx: usize) -> Self::Variable

Returns a variable that encodes the idx-th chunk of the padding suffix

fn bytes_block(&self, idx: usize) -> Vec<Self::Variable>

Returns a variable that encodes the idx-th block of bytes of the new block by composing the bytes variables, with idx in [0..5)

fn pad_bytes_flags(&self) -> [Self::Variable; 136]

Returns the 136 flags indicating which bytes of the new block are involved in the padding, as variables

fn flags_block(&self, idx: usize) -> Vec<Self::Variable>

Returns a vector of pad bytes flags as variables, with idx in [0..5)

fn block_in_padding(&self, idx: usize) -> Self::Variable

This function returns a degree-2 variable that is computed as the accumulated value of the operation byte * flag * 2^8 for each byte block and flag block of the new block. This function will be used in constraints to determine whether the padding is located at the end of the preimage data, as consecutive bits that are involved in the padding.

fn round_constants(&self) -> [Self::Variable; 4]

Returns the 4 expanded quarters that encode the round constant, as variables

fn old_state(&self, idx: usize) -> Self::Variable

Returns the idx-th old state expanded quarter, as a variable

fn new_state(&self, idx: usize) -> Self::Variable

Returns the idx-th new state expanded quarter, as a variable

fn xor_state(&self, idx: usize) -> Self::Variable

Returns the output of an absorb sponge, which is the XOR of the old state and the new state

fn sponge_zeros(&self) -> [Self::Variable; 32]

Returns the last 32 terms that are added to the new block in an absorb sponge, as variables which should be zeros

fn vec_sponge_shifts(&self) -> [Self::Variable; 400]

Returns the 400 terms that compose the shifts of the sponge, as variables

fn sponge_shifts(&self, idx: usize) -> Self::Variable

Returns the idx-th term of the shifts of the sponge, as a variable

fn sponge_bytes(&self) -> [Self::Variable; 200]

Returns the 200 bytes of the sponge, as variables

fn sponge_byte(&self, idx: usize) -> Self::Variable

Returns the idx-th byte of the sponge, as a variable

fn state_a(&self, y: usize, x: usize, q: usize) -> Self::Variable

Returns the (y,x,q)-th input of the theta algorithm, as a variable

fn vec_shifts_c(&self) -> [Self::Variable; 80]

Returns the 80 variables corresponding to ThetaShiftsC

fn shifts_c(&self, i: usize, x: usize, q: usize) -> Self::Variable

Returns the (i,x,q)-th variable of ThetaShiftsC

fn vec_dense_c(&self) -> [Self::Variable; 20]

Returns the 20 variables corresponding to ThetaDenseC

fn dense_c(&self, x: usize, q: usize) -> Self::Variable

Returns the (x,q)-th term of ThetaDenseC, as a variable

fn vec_quotient_c(&self) -> [Self::Variable; 5]

Returns the 5 variables corresponding to ThetaQuotientC

fn quotient_c(&self, x: usize) -> Self::Variable

Returns the (x)-th term of ThetaQuotientC, as a variable

fn vec_remainder_c(&self) -> [Self::Variable; 20]

Returns the 20 variables corresponding to ThetaRemainderC

fn remainder_c(&self, x: usize, q: usize) -> Self::Variable

Returns the (x,q)-th variable of ThetaRemainderC

fn vec_dense_rot_c(&self) -> [Self::Variable; 20]

Returns the 20 variables corresponding to ThetaDenseRotC

fn dense_rot_c(&self, x: usize, q: usize) -> Self::Variable

Returns the (x,q)-th variable of ThetaDenseRotC

fn vec_expand_rot_c(&self) -> [Self::Variable; 20]

Returns the 20 variables corresponding to ThetaExpandRotC

fn expand_rot_c(&self, x: usize, q: usize) -> Self::Variable

Returns the (x,q)-th variable of ThetaExpandRotC

fn vec_shifts_e(&self) -> [Self::Variable; 400]

Returns the 400 variables corresponding to PiRhoShiftsE

fn shifts_e(&self, i: usize, y: usize, x: usize, q: usize) -> Self::Variable

Returns the (i,y,x,q)-th variable of PiRhoShiftsE

fn vec_dense_e(&self) -> [Self::Variable; 100]

Returns the 100 variables corresponding to PiRhoDenseE

fn dense_e(&self, y: usize, x: usize, q: usize) -> Self::Variable

Returns the (y,x,q)-th variable of PiRhoDenseE

fn vec_quotient_e(&self) -> [Self::Variable; 100]

Returns the 100 variables corresponding to PiRhoQuotientE

fn quotient_e(&self, y: usize, x: usize, q: usize) -> Self::Variable

Returns the (y,x,q)-th variable of PiRhoQuotientE

fn vec_remainder_e(&self) -> [Self::Variable; 100]

Returns the 100 variables corresponding to PiRhoRemainderE

fn remainder_e(&self, y: usize, x: usize, q: usize) -> Self::Variable

Returns the (y,x,q)-th variable of PiRhoRemainderE

fn vec_dense_rot_e(&self) -> [Self::Variable; 100]

Returns the 100 variables corresponding to PiRhoDenseRotE

fn dense_rot_e(&self, y: usize, x: usize, q: usize) -> Self::Variable

Returns the (y,x,q)-th variable of PiRhoDenseRotE

fn vec_expand_rot_e(&self) -> [Self::Variable; 100]

Returns the 100 variables corresponding to PiRhoExpandRotE

fn expand_rot_e(&self, y: usize, x: usize, q: usize) -> Self::Variable

Returns the (y,x,q)-th variable of PiRhoExpandRotE

fn vec_shifts_b(&self) -> [Self::Variable; 400]

Returns the 400 variables corresponding to ChiShiftsB

fn shifts_b(&self, i: usize, y: usize, x: usize, q: usize) -> Self::Variable

Returns the (i,y,x,q)-th variable of ChiShiftsB

fn vec_shifts_sum(&self) -> [Self::Variable; 400]

Returns the 400 variables corresponding to ChiShiftsSum

fn shifts_sum(&self, i: usize, y: usize, x: usize, q: usize) -> Self::Variable

Returns the (i,y,x,q)-th variable of ChiShiftsSum

fn state_g(&self, idx: usize) -> Self::Variable

Returns the idx-th output of a round step as a variable

fn hash_index(&self) -> Self::Variable

Returns the hash index as a variable

fn block_index(&self) -> Self::Variable

Returns the block index as a variable

fn step_index(&self) -> Self::Variable

Returns the step index as a variable

fn input(&self) -> [Self::Variable; 100]

Returns the 100 step input variables, which correspond to the:

fn input_of_step(&self) -> Vec<Self::Variable>

Returns a slice of the input variables of the current step including the current hash index and step index

fn output(&self) -> [Self::Variable; 100]

Returns the 100 step output variables, which correspond to the:

fn output_of_step(&self) -> Vec<Self::Variable>

Returns a slice of the output variables of the current step (= input of next step) including the current hash index and step index

impl<F: Field> LogupHelpers<F> for Env<F>

fn lookup_rc16(&mut self, flag: Self::Variable, value: Self::Variable)

Adds a lookup to the RangeCheck16 table

fn lookup_reset( &mut self, flag: Self::Variable, dense: Self::Variable, sparse: Self::Variable )

Adds a lookup to the Reset table

fn lookup_sparse(&mut self, flag: Self::Variable, value: Self::Variable)

Adds a lookup to the Shift table

fn lookup_byte(&mut self, flag: Self::Variable, value: Self::Variable)

Adds a lookup to the Byte table

fn lookup_pad(&mut self, flag: Self::Variable, value: Vec<Self::Variable>)

Adds a lookup to the Pad table

fn lookup_round_constants( &mut self, flag: Self::Variable, value: Vec<Self::Variable> )

Adds a lookup to the RoundConstants table

fn read_syscall(&mut self, flag: Self::Variable, value: Vec<Self::Variable>)

fn write_syscall(&mut self, flag: Self::Variable, value: Vec<Self::Variable>)