You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

106 lines
2.4 KiB

6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
  1. /*
  2. Copyright 2018 0KIMS association.
  3. This file is part of circom (Zero Knowledge Circuit Compiler).
  4. circom is a free software: you can redistribute it and/or modify it
  5. under the terms of the GNU General Public License as published by
  6. the Free Software Foundation, either version 3 of the License, or
  7. (at your option) any later version.
  8. circom is distributed in the hope that it will be useful, but WITHOUT
  9. ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  10. or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
  11. License for more details.
  12. You should have received a copy of the GNU General Public License
  13. along with circom. If not, see <https://www.gnu.org/licenses/>.
  14. */
  15. include "bitify.circom";
  16. include "escalarmulfix.circom";
  17. template BabyAdd() {
  18. signal input x1;
  19. signal input y1;
  20. signal input x2;
  21. signal input y2;
  22. signal output xout;
  23. signal output yout;
  24. signal beta;
  25. signal gamma;
  26. signal delta;
  27. signal tau;
  28. var a = 168700;
  29. var d = 168696;
  30. beta <== x1*y2;
  31. gamma <== y1*x2;
  32. delta <== (-a*x1+y1)*(x2 + y2);
  33. tau <== beta * gamma;
  34. xout <-- (beta + gamma) / (1+ d*tau);
  35. (1+ d*tau) * xout === (beta + gamma);
  36. yout <-- (delta + a*beta - gamma) / (1-d*tau);
  37. (1-d*tau)*yout === (delta + a*beta - gamma);
  38. }
  39. template BabyDbl() {
  40. signal input x;
  41. signal input y;
  42. signal output xout;
  43. signal output yout;
  44. component adder = BabyAdd();
  45. adder.x1 <== x;
  46. adder.y1 <== y;
  47. adder.x2 <== x;
  48. adder.y2 <== y;
  49. adder.xout ==> xout;
  50. adder.yout ==> yout;
  51. }
  52. template BabyCheck() {
  53. signal input x;
  54. signal input y;
  55. signal x2;
  56. signal y2;
  57. var a = 168700;
  58. var d = 168696;
  59. x2 <== x*x;
  60. y2 <== y*y;
  61. a*x2 + y2 === 1 + d*x2*y2;
  62. }
  63. // Extracts the public key from private key
  64. template BabyPbk() {
  65. signal private input in;
  66. signal output Ax;
  67. signal output Ay;
  68. var BASE8[2] = [
  69. 5299619240641551281634865583518297030282874472190772894086521144482721001553,
  70. 16950150798460657717958625567821834550301663161624707787222815936182638968203
  71. ];
  72. component pvkBits = Num2Bits(253);
  73. pvkBits.in <== in;
  74. component mulFix = EscalarMulFix(253, BASE8);
  75. var i;
  76. for (i=0; i<253; i++) {
  77. mulFix.e[i] <== pvkBits.out[i];
  78. }
  79. Ax <== mulFix.out[0];
  80. Ay <== mulFix.out[1];
  81. }