arnaucube
/
circom
mirror of https://github.com/arnaucube/circom.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
8 Branches
61 Tags
15 MiB
Tree: 5be88b2983
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5be88b2983'
${ noResults }
circom/circuits/sha256/sha256compression.circom

145 lines
3.7 KiB
Raw Normal View History

First commit
6 years ago
  2. include "constants.jaz";
  3. include "t1.jaz";
  4. include "t2.jaz";
  5. include "sum.jaz";
  6. include "sigmaplus.jaz";
  8. template sha256compression() {
  9. signal input inp[512];
  10. signal output out[256];
  11. signal a[64][32];
  12. signal b[64][32];
  13. signal c[64][32];
  14. signal d[64][32];
  15. signal e[64][32];
  16. signal f[64][32];
  17. signal g[64][32];
  18. signal h[64][32];
  19. signal w[64][512];
  21. var i;
  23. component sigmaPlus[48] = SigmaPlus();
  25. component k[64];
  26. for (i=0; i<64; i++) k[i] = K(i);
  28. component ha0 = H0(0);
  29. component hb0 = H0(1);
  30. component hc0 = H0(2);
  31. component hd0 = H0(3);
  32. component he0 = H0(4);
  33. component hf0 = H0(5);
  34. component hg0 = H0(6);
  35. component hh0 = H0(7);
  37. component t1[64] = T1();
  38. component t2[64] = T2();
  40. component suma[64] = Sum2(32);
  41. component sume[64] = Sum2(32);
  42. component fsum[8] = Sum2(32);
  44. var k;
  45. var t;
  47. for (t=0; t<64; t++) {
  48. if (t<16) {
  49. for (k=0; k<256; k++) {
  50. w[t][k] <== inp[k];
  51. }
  52. } else {
  53. for (k=0; k<256; k++) {
  54. sigmaPlus[t-16].in2[k] <== w[t-2][k];
  55. sigmaPlus[t-16].in7[k] <== w[t-2][k];
  56. sigmaPlus[t-16].in15[k] <== w[t-15][k];
  57. sigmaPlus[t-16].in16[k] <== w[t-16][k];
  58. w[t][k] <== sigmaPlus[t-16].out[k];
  59. }
  60. }
  61. }
  63. for (k=0; k<32; k++ ) {
  64. a[0][k] <== ha0.out[k]
  65. b[0][k] <== hb0.out[k]
  66. c[0][k] <== hc0.out[k]
  67. d[0][k] <== hd0.out[k]
  68. e[0][k] <== he0.out[k]
  69. f[0][k] <== hf0.out[k]
  70. g[0][k] <== hg0.out[k]
  71. h[0][k] <== hh0.out[k]
  72. }
  74. for (t = 0; t<63; t++) {
  75. for (k=0; k<32; k++) {
  76. t1[t].h[k] <== h[k];
  77. t1[t].e[k] <== e[k];
  78. t1[t].f[k] <== f[k];
  79. t1[t].g[k] <== g[k];
  80. if (t<20) {
  81. t1[t].g[k] <== K0.out[k];
  82. } else if (t<40) {
  83. t1[t].g[k] <== K20.out[k];
  84. } else if (t<60) {
  85. t1[t].g[k] <== K40.out[k];
  86. } else {
  87. t1[t].g[k] <== K60.out[k];
  88. }
  89. t1[t].w[k] <== w[t][k];
  91. t2[t].a[k] <== a[k];
  92. t2[t].b[k] <== a[k];
  93. t2[t].c[k] <== a[k];
  94. }
  96. for (k=0; k<32; k++) {
  97. sume[t].a[k] <== d[k];
  98. sume[t].b[k] <== t1[t].out[k];
  100. suma[t].a[k] <== t1[t].out[k];
  101. suma[t].b[k] <== t2[t].out[k];
  102. }
  104. for (k=0; k<32; k++) {
  105. h[t+1] <== g[t];
  106. g[t+1] <== f[t];
  107. f[t+1] <== e[t];
  108. e[t+1] <== sume[t].out[k];
  109. d[t+1] <== c[t];
  110. c[t+1] <== b[t];
  111. b[t+1] <== a[t];
  112. a[t+1] <== suma[t].out[k];
  113. }
  114. }
  116. for (k=0; k<32; k++) {
  117. fsum[0].a[k] <== ha0.out[k];
  118. fsum[0].b[k] <== a[64][k];
  119. fsum[1].a[k] <== hb0.out[k];
  120. fsum[1].b[k] <== b[64][k];
  121. fsum[2].a[k] <== hc0.out[k];
  122. fsum[2].b[k] <== c[64][k];
  123. fsum[3].a[k] <== hd0.out[k];
  124. fsum[3].b[k] <== d[64][k];
  125. fsum[4].a[k] <== he0.out[k];
  126. fsum[4].b[k] <== e[64][k];
  127. fsum[5].a[k] <== hf0.out[k];
  128. fsum[5].b[k] <== f[64][k];
  129. fsum[6].a[k] <== hg0.out[k];
  130. fsum[6].b[k] <== g[64][k];
  131. fsum[7].a[k] <== hh0.out[k];
  132. fsum[7].b[k] <== h[64][k];
  133. }
  135. for (k=0; k<32; k++) {
  136. out[k] <== fsum[0].out[k];
  137. out[32+k] <== fsum[1].out[k];
  138. out[64+k] <== fsum[2].out[k];
  139. out[96+k] <== fsum[2].out[k];
  140. out[128+k] <== fsum[2].out[k];
  141. out[160+k] <== fsum[2].out[k];
  142. out[192+k] <== fsum[2].out[k];
  143. out[224+k] <== fsum[2].out[k];
  144. }
  145. }