You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

830 lines
12 KiB

  1. # CircomLib/Circuits
  2. ## Description
  3. - This folder contains circuit templates for standard operations and many cryptographic primitives.
  4. - Below you can find specifications of each function. In the representation of elements, there are three tyes:
  5. - Binary
  6. - String
  7. - Field element (the field is specified in each case. We consider 2 possible fields: Fp and Fr, where p... and r... .)
  8. ## Table of Contents
  9. [TOC]
  10. ## Jordi
  11. * compconstant - Returns 1 if `in` (expanded to binary array) > `ct`
  12. * aliascheck - check if `in` (expanded to binary array) oveflowed its 254 bits (<= -1)
  13. * babyjub - twisted Edwards curve 168700.x^2 + y^2 = 1 + 168696.x^2.y^2
  14. * BabyAdd - (`xout`,`yout`) = (`x1`,`y1`) + (`x2`,`y2`)
  15. * BabyDbl - (`xout`,`yout`) = 2*(`x`,`y`)
  16. * BabyCheck - check that (`x`,`y`) is on the curve
  17. * binsub - binary subtraction
  18. * gates - logical gates
  19. * mimc - SNARK-friendly hash Minimal Multiplicative Complexity.
  20. * https://eprint.iacr.org/2016/492.pdf
  21. * zcash/zcash#2233
  22. * smt - Sparse Merkle Tree
  23. * https://ethresear.ch/t/optimizing-sparse-merkle-trees/3751
  24. * montgomery https://en.wikipedia.org/wiki/Montgomery_curve
  25. ## Circuits
  26. ### sha256
  27. Folder containing the implementation of sha256 hash circuit.
  28. ### smt
  29. Folder containing the circuit implementation of Sparse Merkle Trees.
  30. ### aliascheck
  31. - `AliasCheck()`
  32. - DESCRIPTION
  33. - SCHEMA
  34. - INPUT
  35. - OUTPUT
  36. - BENCHMARKS
  37. - EXAMPLE
  38. ### babyjub
  39. Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby_jubjub) in twisted Edwards form. (TODO: Expose here the characteristics of the curve?)
  40. - `BabyAdd()`
  41. - DESCRIPTION
  42. It adds two points on the Baby Jubjub curve. More specifically, given two points P1 = (`x1`, `y1`) and P2 = (`x2`, `y2`) it returns a point P3 = (`xout`, `yout`) such that
  43. (`xout`, `yout`) = (`x1`,`y1`) + (`x2`,`y2`)
  44. = ((`x1y2`+`y1x2`)/(1+`dx1x2y1y2`)),(`y1y2`-`ax1x2`)/(1-`dx1x2y1y2`))
  45. - SCHEMA
  46. ```
  47. var a var d
  48. | |
  49. | |
  50. ______v_________v_______
  51. input x1 ----> | |
  52. input y1 ----> | BabyAdd() | ----> output xout
  53. input x2 ----> | | ----> output yout
  54. input y2 ----> |________________________|
  55. ```
  56. - INPUTS
  57. | Input | Representation | Description | |
  58. | ------------- | ------------- | ------------- | ------------- |
  59. | `x1` | Bigint | Field element of Fp | First coordinate of a point (x1, y1) on E. |
  60. | `y1` | Bigint | Field element of Fp | Second coordinate of a point (x1, y1) on E. |
  61. | `x2` | Bigint | Field element of Fp | First coordinate of a point (x2, y2) on E. |
  62. | `y2` | Bigint | Field element of Fp | Second coordinate of a point (x2, y2) on E. |
  63. Requirement: at least `x1`!=`x2` or `y1`!=`y2`.
  64. - OUTPUT
  65. | Input | Representation | Description | |
  66. | ------------- | ------------- | ------------- | ------------- |
  67. | `xout` | Bigint | Field element of Fp | First coordinate of the addition point (xout, yout) = (x1, y1) + (x2, y2). |
  68. | `yout` | Bigint | Field element of Fp | Second coordinate of the addition point (xout, yout) = (x1, y1) + (x2, y2). |
  69. - BENCHMARKS (constraints)
  70. - EXAMPLE
  71. - `BabyDbl()`
  72. - DESCRIPTION : doubles a point (`xout`,`yout`) = 2*(`x`,`y`).
  73. - SCHEMA
  74. - INPUT
  75. - OUTPUT
  76. - BENCHMARKS
  77. - EXAMPLE
  78. - `BabyCheck()`
  79. - DESCRIPTION : checks if a given point is in the curve.
  80. - SCHEMA
  81. - INPUT
  82. - OUTPUT
  83. - BENCHMARKS
  84. - EXAMPLE
  85. - `BabyPbk()`
  86. - DESCRIPTION: : given a private key, it returns the associated public key.
  87. - SCHEMA
  88. - INPUT
  89. - OUTPUT
  90. - BENCHMARKS
  91. - EXAMPLE
  92. ### binsub
  93. - `BinSub(n)`
  94. - DESCRIPTION: binary substraction.
  95. - SCHEMA
  96. - INPUT
  97. - OUTPUT
  98. - BENCHMARKS
  99. - EXAMPLE
  100. ### binsum
  101. - `nbits(a)`
  102. - DESCRIPTION : binary sum.
  103. - SCHEMA
  104. - INPUT
  105. - OUTPUT
  106. - BENCHMARKS
  107. - EXAMPLE
  108. - `BinSum(n, ops)`
  109. - DESCRIPTION
  110. - SCHEMA
  111. - INPUT
  112. - OUTPUT
  113. - BENCHMARKS
  114. - EXAMPLE
  115. ### bitify
  116. - `Num2Bits()`
  117. - DESCRIPTION
  118. - SCHEMA
  119. - INPUT
  120. - OUTPUT
  121. - BENCHMARKS
  122. - EXAMPLE
  123. - `Num2Bits_strict()`
  124. - DESCRIPTION
  125. - SCHEMA
  126. - INPUT
  127. - OUTPUT
  128. - BENCHMARKS
  129. - EXAMPLE
  130. - `Bits2Num()`
  131. - DESCRIPTION
  132. - SCHEMA
  133. - INPUT
  134. - OUTPUT
  135. - BENCHMARKS
  136. - EXAMPLE
  137. - `Bits2Num_strict()`
  138. - DESCRIPTION
  139. - SCHEMA
  140. - INPUT
  141. - OUTPUT
  142. - BENCHMARKS
  143. - EXAMPLE
  144. - `Num2BitsNeg()`
  145. - DESCRIPTION
  146. - SCHEMA
  147. - INPUT
  148. - OUTPUT
  149. - BENCHMARKS
  150. - EXAMPLE
  151. ### comparators
  152. - `IsZero() `
  153. - DESCRIPTION
  154. - SCHEMA
  155. - INPUT
  156. - OUTPUT
  157. - BENCHMARKS
  158. - EXAMPLE
  159. - `IsEqual()`
  160. - DESCRIPTION
  161. - SCHEMA
  162. - INPUT
  163. - OUTPUT
  164. - BENCHMARKS
  165. - EXAMPLE
  166. - `ForceEqualIfEnabled()`
  167. - DESCRIPTION
  168. - SCHEMA
  169. - INPUT
  170. - OUTPUT
  171. - BENCHMARKS
  172. - EXAMPLE
  173. - `LessThan()`
  174. - DESCRIPTION
  175. - SCHEMA
  176. - INPUT
  177. - OUTPUT
  178. - BENCHMARKS
  179. - EXAMPLE
  180. - `GreaterThan()`
  181. - DESCRIPTION
  182. - SCHEMA
  183. - INPUT
  184. - OUTPUT
  185. - BENCHMARKS
  186. - EXAMPLE
  187. - `GreaterEqThan()`
  188. - DESCRIPTION
  189. - SCHEMA
  190. - INPUT
  191. - OUTPUT
  192. - BENCHMARKS
  193. - EXAMPLE
  194. ### compconstant
  195. - `CompConstant(ct)`
  196. - DESCRIPTION
  197. - SCHEMA
  198. - INPUT
  199. - OUTPUT
  200. - BENCHMARKS
  201. - EXAMPLE
  202. ### eddsa
  203. Edwards Digital Signature Algorithm in Baby Jubjbub (link a eddsa)
  204. - `EdDSAVerifier(n)`
  205. - DESCRIPTION
  206. - SCHEMA
  207. - INPUT
  208. - OUTPUT
  209. - BENCHMARKS
  210. - EXAMPLE
  211. ### eddsamimc
  212. - `EdDSAMiMCVerifier()`
  213. - DESCRIPTION
  214. - SCHEMA
  215. - INPUT
  216. - OUTPUT
  217. - BENCHMARKS
  218. - EXAMPLE
  219. ### eddsamimcsponge
  220. - `EdDSAMiMCSpongeVerifier()`
  221. - DESCRIPTION
  222. - SCHEMA
  223. - INPUT
  224. - OUTPUT
  225. - BENCHMARKS
  226. - EXAMPLE
  227. ### eddsaposeidon
  228. - `EdDSAPoseidonVerifier()`
  229. - DESCRIPTION
  230. - SCHEMA
  231. - INPUT
  232. - OUTPUT
  233. - BENCHMARKS
  234. - EXAMPLE
  235. ### escalarmul
  236. - `EscalarMulWindow(base, k)`
  237. - DESCRIPTION
  238. - SCHEMA
  239. - INPUT
  240. - OUTPUT
  241. - BENCHMARKS
  242. - EXAMPLE
  243. - `EscalarMul(n, base)`
  244. - DESCRIPTION
  245. - SCHEMA
  246. - INPUT
  247. - OUTPUT
  248. - BENCHMARKS
  249. - EXAMPLE
  250. ### escalarmulany
  251. - `Multiplexor2()`
  252. - DESCRIPTION
  253. - SCHEMA
  254. - INPUT
  255. - OUTPUT
  256. - BENCHMARKS
  257. - EXAMPLE
  258. - `BitElementMulAny()`
  259. - DESCRIPTION
  260. - SCHEMA
  261. - INPUT
  262. - OUTPUT
  263. - BENCHMARKS
  264. - EXAMPLE
  265. - `SegmentMulAny(n)`
  266. - DESCRIPTION
  267. - SCHEMA
  268. - INPUT
  269. - OUTPUT
  270. - BENCHMARKS
  271. - EXAMPLE
  272. - `EscalarMulAny(n)`
  273. - DESCRIPTION
  274. - SCHEMA
  275. - INPUT
  276. - OUTPUT
  277. - BENCHMARKS
  278. - EXAMPLE
  279. ### escalarmulfix
  280. - `WindowMulFix()`
  281. - DESCRIPTION
  282. - SCHEMA
  283. - INPUT
  284. - OUTPUT
  285. - BENCHMARKS
  286. - EXAMPLE
  287. - `SegmentMulFix(nWindows)`
  288. - DESCRIPTION
  289. - SCHEMA
  290. - INPUT
  291. - OUTPUT
  292. - BENCHMARKS
  293. - EXAMPLE
  294. - `EscalarMulFix(n, BASE)`
  295. - DESCRIPTION
  296. - SCHEMA
  297. - INPUT
  298. - OUTPUT
  299. - BENCHMARKS
  300. - EXAMPLE
  301. ### escalarmulw4table
  302. - `pointAdd`
  303. - DESCRIPTION
  304. - SCHEMA
  305. - INPUT
  306. - OUTPUT
  307. - BENCHMARKS
  308. - EXAMPLE
  309. - `EscalarMulW4Table`
  310. - DESCRIPTION
  311. - SCHEMA
  312. - INPUT
  313. - OUTPUT
  314. - BENCHMARKS
  315. - EXAMPLE
  316. ### gates
  317. - `XOR`
  318. - DESCRIPTION
  319. - SCHEMA
  320. - INPUT
  321. - OUTPUT
  322. - BENCHMARKS
  323. - EXAMPLE
  324. - `AND`
  325. - DESCRIPTION
  326. - SCHEMA
  327. - INPUT
  328. - OUTPUT
  329. - BENCHMARKS
  330. - EXAMPLE
  331. - `OR`
  332. - DESCRIPTION
  333. - SCHEMA
  334. - INPUT
  335. - OUTPUT
  336. - BENCHMARKS
  337. - EXAMPLE
  338. - `NOT`
  339. - DESCRIPTION
  340. - SCHEMA
  341. - INPUT
  342. - OUTPUT
  343. - BENCHMARKS
  344. - EXAMPLE
  345. - `NAND`
  346. - DESCRIPTION
  347. - SCHEMA
  348. - INPUT
  349. - OUTPUT
  350. - BENCHMARKS
  351. - EXAMPLE
  352. - `NOR`
  353. - DESCRIPTION
  354. - SCHEMA
  355. - INPUT
  356. - OUTPUT
  357. - BENCHMARKS
  358. - EXAMPLE
  359. - `MultiAND`
  360. - DESCRIPTION
  361. - SCHEMA
  362. - INPUT
  363. - OUTPUT
  364. - BENCHMARKS
  365. - EXAMPLE
  366. ### mimc
  367. Implementation of MiMC-7 hash in Fp being... (link to description of the hash)
  368. - `MiMC7(nrounds)`
  369. - DESCRIPTION
  370. - SCHEMA
  371. - INPUT
  372. - OUTPUT
  373. - BENCHMARKS
  374. - EXAMPLE
  375. - `MultiMiMC7(nInputs, nRounds)`
  376. - DESCRIPTION
  377. - SCHEMA
  378. - INPUT
  379. - OUTPUT
  380. - BENCHMARKS
  381. - EXAMPLE
  382. ### mimcsponge
  383. - `MiMCSponge(nInputs, nRounds, nOutputs)`
  384. - DESCRIPTION
  385. - SCHEMA
  386. - INPUT
  387. - OUTPUT
  388. - BENCHMARKS
  389. - EXAMPLE
  390. - `MiMCFeistel(nrounds)`
  391. - DESCRIPTION
  392. - SCHEMA
  393. - INPUT
  394. - OUTPUT
  395. - BENCHMARKS
  396. - EXAMPLE
  397. ### montgomery
  398. - `Edwards2Montgomery()`
  399. - DESCRIPTION
  400. - SCHEMA
  401. - INPUT
  402. - OUTPUT
  403. - BENCHMARKS
  404. - EXAMPLE
  405. - `Montgomery2Edwards()`
  406. - DESCRIPTION
  407. - SCHEMA
  408. - INPUT
  409. - OUTPUT
  410. - BENCHMARKS
  411. - EXAMPLE
  412. - `MontgomeryAdd()`
  413. - DESCRIPTION
  414. - SCHEMA
  415. - INPUT
  416. - OUTPUT
  417. - BENCHMARKS
  418. - EXAMPLE
  419. - `MontgomeryDouble()`
  420. - DESCRIPTION
  421. - SCHEMA
  422. - INPUT
  423. - OUTPUT
  424. - BENCHMARKS
  425. - EXAMPLE
  426. ### multiplexer
  427. - `log2(a)`
  428. - DESCRIPTION
  429. - SCHEMA
  430. - INPUT
  431. - OUTPUT
  432. - BENCHMARKS
  433. - EXAMPLE
  434. - `EscalarProduct(w)`
  435. - DESCRIPTION
  436. - SCHEMA
  437. - INPUT
  438. - OUTPUT
  439. - BENCHMARKS
  440. - EXAMPLE
  441. - `Decoder(w)`
  442. - DESCRIPTION
  443. - SCHEMA
  444. - INPUT
  445. - OUTPUT
  446. - BENCHMARKS
  447. - EXAMPLE
  448. - `Multiplexer(wIn, nIn)`
  449. - DESCRIPTION
  450. - SCHEMA
  451. - INPUT
  452. - OUTPUT
  453. - BENCHMARKS
  454. - EXAMPLE
  455. ### mux1
  456. - `MultiMux1(n)`
  457. - DESCRIPTION
  458. - SCHEMA
  459. - INPUT
  460. - OUTPUT
  461. - BENCHMARKS
  462. - EXAMPLE
  463. - `Mux1()`
  464. - DESCRIPTION
  465. - SCHEMA
  466. - INPUT
  467. - OUTPUT
  468. - BENCHMARKS
  469. - EXAMPLE
  470. ### mux2
  471. - `MultiMux2(n)`
  472. - DESCRIPTION
  473. - SCHEMA
  474. - INPUT
  475. - OUTPUT
  476. - BENCHMARKS
  477. - EXAMPLE
  478. - `Mux2()`
  479. - DESCRIPTION
  480. - SCHEMA
  481. - INPUT
  482. - OUTPUT
  483. - BENCHMARKS
  484. - EXAMPLE
  485. ### mux3
  486. - `MultiMux3(n)`
  487. - DESCRIPTION
  488. - SCHEMA
  489. - INPUT
  490. - OUTPUT
  491. - BENCHMARKS
  492. - EXAMPLE
  493. - `Mux3()`
  494. - DESCRIPTION
  495. - SCHEMA
  496. - INPUT
  497. - OUTPUT
  498. - BENCHMARKS
  499. - EXAMPLE
  500. ### mux4
  501. - `MultiMux4(n)`
  502. - DESCRIPTION
  503. - SCHEMA
  504. - INPUT
  505. - OUTPUT
  506. - BENCHMARKS
  507. - EXAMPLE
  508. - `Mux4()`
  509. - DESCRIPTION
  510. - SCHEMA
  511. - INPUT
  512. - OUTPUT
  513. - BENCHMARKS
  514. - EXAMPLE
  515. ### pedersen_old
  516. Old version of the Pedersen hash (do not use any
  517. more?).
  518. ### pedersen
  519. - `Window4()`
  520. - DESCRIPTION
  521. - SCHEMA
  522. - INPUT
  523. - OUTPUT
  524. - BENCHMARKS
  525. - EXAMPLE
  526. - `Segment(nWindows)`
  527. - DESCRIPTION
  528. - SCHEMA
  529. - INPUT
  530. - OUTPUT
  531. - BENCHMARKS
  532. - EXAMPLE
  533. - `Pedersen(n)`
  534. - DESCRIPTION
  535. - SCHEMA
  536. - INPUT
  537. - OUTPUT
  538. - BENCHMARKS
  539. - EXAMPLE
  540. ### pointbits
  541. - `sqrt(n)`
  542. - DESCRIPTION
  543. - SCHEMA
  544. - INPUT
  545. - OUTPUT
  546. - BENCHMARKS
  547. - EXAMPLE
  548. - `Bits2Point()`
  549. - DESCRIPTION
  550. - SCHEMA
  551. - INPUT
  552. - OUTPUT
  553. - BENCHMARKS
  554. - EXAMPLE
  555. - `Bits2Point_Strict()`
  556. - DESCRIPTION
  557. - SCHEMA
  558. - INPUT
  559. - OUTPUT
  560. - BENCHMARKS
  561. - EXAMPLE
  562. - `Point2Bits`
  563. - DESCRIPTION
  564. - SCHEMA
  565. - INPUT
  566. - OUTPUT
  567. - BENCHMARKS
  568. - EXAMPLE
  569. - `Point2Bits_Strict`
  570. - DESCRIPTION
  571. - SCHEMA
  572. - INPUT
  573. - OUTPUT
  574. - BENCHMARKS
  575. - EXAMPLE
  576. ### poseidon
  577. Implementation of Poseidon hash function (LINK)
  578. - `Sigma()`
  579. - DESCRIPTION
  580. - SCHEMA
  581. - INPUT
  582. - OUTPUT
  583. - BENCHMARKS
  584. - EXAMPLE
  585. - `Ark(t, C)`
  586. - DESCRIPTION
  587. - SCHEMA
  588. - INPUT
  589. - OUTPUT
  590. - BENCHMARKS
  591. - EXAMPLE
  592. - `Mix(t, M)`
  593. - DESCRIPTION
  594. - SCHEMA
  595. - INPUT
  596. - OUTPUT
  597. - BENCHMARKS
  598. - EXAMPLE
  599. - `Poseidon(nInputs, t, nRoundsF, nRoundsP)`
  600. - DESCRIPTION
  601. - SCHEMA
  602. - INPUT
  603. - OUTPUT
  604. - BENCHMARKS
  605. - EXAMPLE
  606. ### sign
  607. - `Sign()`
  608. - DESCRIPTION
  609. - SCHEMA
  610. - INPUT
  611. - OUTPUT
  612. - BENCHMARKS
  613. - EXAMPLE
  614. ### switcher
  615. - `Switcher()`
  616. - DESCRIPTION
  617. - SCHEMA
  618. - INPUT
  619. - OUTPUT
  620. - BENCHMARKS
  621. - EXAMPLE