[frontend] Add Blake2s circuit

fkondej · fkondej · commit 36a53145c401 · 2025-08-22T03:04:16.000+02:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -141,7 +141,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        example: [zklogin, sha256, keccak]
+        example: [zklogin, sha256, keccak, blake2s]
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
diff --git a/crates/examples/Cargo.toml b/crates/examples/Cargo.toml
@@ -19,6 +19,7 @@ tracing-profile.workspace = true
 
 [dev-dependencies]
 base64.workspace = true
+blake2.workspace = true
 jwt-simple.workspace = true
 rand.workspace = true
 sha2.workspace = true
diff --git a/crates/examples/examples/blake2s.rs b/crates/examples/examples/blake2s.rs
@@ -0,0 +1,117 @@
+use anyhow::{Result, ensure};
+use binius_examples::{Cli, ExampleCircuit};
+use binius_frontend::{
+	circuits::blake2s::Blake2s,
+	compiler::{CircuitBuilder, circuit::WitnessFiller},
+};
+use blake2::{Blake2s256, Digest};
+use clap::Args;
+use rand::prelude::*;
+
+/// Blake2s circuit example demonstrating the Blake2s hash function implementation
+struct Blake2sExample {
+	blake2s_gadget: Blake2s,
+}
+
+/// Circuit parameters that affect structure (compile-time configuration)
+#[derive(Args, Debug)]
+struct Params {
+	/// Maximum message length in bytes that the circuit can handle.
+	#[arg(long, default_value_t = 128)]
+	max_message_len: usize,
+}
+
+/// Instance data for witness population (runtime values)
+#[derive(Args, Debug)]
+#[group(multiple = false)]
+struct Instance {
+	/// Length of the randomly generated message, in bytes (defaults to half of --max-message-len).
+	#[arg(long)]
+	message_len: Option<usize>,
+
+	/// UTF-8 string to hash (if not provided, random bytes are generated)
+	#[arg(long)]
+	message_string: Option<String>,
+}
+
+impl ExampleCircuit for Blake2sExample {
+	type Params = Params;
+	type Instance = Instance;
+
+	fn build(params: Params, builder: &mut CircuitBuilder) -> Result<Self> {
+		// Create the Blake2s gadget with witness wires
+		let blake2s_gadget = Blake2s::new_witness(builder, params.max_message_len);
+
+		Ok(Self { blake2s_gadget })
+	}
+
+	fn populate_witness(&self, instance: Instance, w: &mut WitnessFiller) -> Result<()> {
+		// Determine the message bytes to hash
+		let message_bytes = if let Some(message_string) = instance.message_string {
+			// Use provided UTF-8 string
+			message_string.as_bytes().to_vec()
+		} else {
+			// Generate random bytes
+			let mut rng = StdRng::seed_from_u64(0);
+			let len = instance
+				.message_len
+				.unwrap_or(self.blake2s_gadget.max_message_len / 2);
+
+			let mut message_bytes = vec![0u8; len];
+			rng.fill_bytes(&mut message_bytes);
+			message_bytes
+		};
+
+		// Validate message length
+		ensure!(
+			message_bytes.len() <= self.blake2s_gadget.max_message_len,
+			"Message length ({}) exceeds maximum ({})",
+			message_bytes.len(),
+			self.blake2s_gadget.max_message_len
+		);
+
+		// Compute the expected Blake2s digest using the reference implementation
+		let mut hasher = Blake2s256::new();
+		hasher.update(&message_bytes);
+		let digest = hasher.finalize();
+		let digest_array: [u8; 32] = digest.into();
+
+		// Populate the witness values
+		self.blake2s_gadget.populate_message(w, &message_bytes);
+		self.blake2s_gadget.populate_digest(w, &digest_array);
+
+		Ok(())
+	}
+}
+
+fn main() -> Result<()> {
+	let _tracing_guard = tracing_profile::init_tracing()?;
+
+	// Create and run the CLI
+	Cli::<Blake2sExample>::new("blake2s")
+		.about("Blake2s hash function circuit example")
+		.long_about(
+			"Blake2s cryptographic hash function circuit implementation.\n\
+            \n\
+            This example demonstrates the Blake2s hash function which produces \
+            32-byte digests. Blake2s is optimized for 32-bit platforms and is \
+            faster than Blake2b on such architectures.\n\
+            \n\
+            The circuit supports variable-length messages up to the specified \
+            maximum length. It implements the full Blake2s algorithm as \
+            specified in RFC 7693, including 10 rounds of the compression \
+            function.\n\
+            \n\
+            Examples:\n\
+            \n\
+            Hash a string:\n\
+            cargo run --release --example blake2s -- --message-string \"Hello, World!\"\n\
+            \n\
+            Generate and hash random data (64 bytes):\n\
+            cargo run --release --example blake2s -- --message-len 64\n\
+            \n\
+            Test with maximum message length:\n\
+            cargo run --release --example blake2s -- --max-message-len 256 --message-len 256",
+		)
+		.run()
+}
diff --git a/crates/examples/snapshots/blake2s.snap b/crates/examples/snapshots/blake2s.snap
@@ -0,0 +1,11 @@
+blake2s circuit
+--
+Number of gates: 2929
+Number of evaluation instructions: 3209
+Number of AND constraints: 4027
+Number of MUL constraints: 0
+Length of value vec: 8192
+  Constants: 141
+  Inout: 0
+  Witness: 165
+  Internal: 3991
diff --git a/crates/frontend/src/circuits/blake2s.rs b/crates/frontend/src/circuits/blake2s.rs
diff --git a/crates/frontend/src/circuits/mod.rs b/crates/frontend/src/circuits/mod.rs
