Feat: Add BlackBox::Sha256Compression#203
Merged
Merged
Conversation
shreyas-londhe
force-pushed
the
sl/sha256-blackbox
branch
2 times, most recently
from
b1584d5 to
2d9c9b4
Compare
| /// Allocate a witness for a binary operation result, add the appropriate | ||
| /// WitnessBuilder for value computation, and collect the operation for later | ||
| /// constraint generation. Returns the witness index of the result. | ||
| pub(crate) fn add_binop( |
Collaborator
There was a problem hiding this comment.
Maybe we can just say here that you need to call add_binop_constrains on every collected_ops Vec that you pass into this method, if we end up needing to add more Binary ops than we did so far
veljkovranic
approved these changes
Sep 29, 2025
Collaborator
veljkovranic
left a comment
veljkovranic
left a comment
There was a problem hiding this comment.
Left a minor comment, otherwise great work!
Really awesome PR :)
shreyas-londhe
force-pushed
the
sl/sha256-blackbox
branch
from
722a711 to
489ae19
Compare
Bisht13
force-pushed
the
sl/sha256-blackbox
branch
from
489ae19 to
0926670
Compare
dcbuild3r
pushed a commit
that referenced
this pull request
May 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds complete SHA256 compression blackbox function support to
NoirToR1CSCompiler, enabling efficient SHA256 hashing in R1CS circuits with significant performance improvements through optimized binary operation batching.Key Innovation: Global Binary Operation Optimization
Implements novel approach to decouple binary operation value computation from constraint generation:
add_binop()allocates witnesses, addsWitnessBuilders for immediate value computation, and collects operationsadd_binop_constraints()processes all collected AND/XOR operations in a single batch with shared lookup tablesPerformance Results
Benchmarked on
complete_age_checkexample:Changes Made
Core Implementation
sha256_compression.rs: New module implementing SHA256 compression algorithmadd_sha256_compression(): Main entry point processing 16 input words + 8 hash values → 8 output wordsBinary Operation Batching
binops.rs: Refactored for collection-based processingadd_binop(): Collects operations while computing values immediatelyadd_binop_constraints(): Processes all collected operations with shared digital decomposition and lookup tablesWitnessBuilder Extensions
WitnessBuilder::U32Addition: Computesresult = (a + b) % 2^32,carry = (a + b) / 2^32WitnessBuilder::And/WitnessBuilder::Xor: Bitwise operations for 32-bit valuesprover/src/witness/witness_builder.rsIntegration
noir_to_r1cs.rs: Added SHA256 compression blackbox function handling with batched binary operation processing