You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

48 lines
1.8 KiB

  1. include "escalarmul.circom";
  2. template Pedersen(n) {
  3. signal input in[n];
  4. signal output out[2];
  5. var nexps = ((n-1) \ 253) + 1;
  6. var nlastbits = n - (nexps-1)*253;
  7. component escalarMuls[nexps];
  8. var PBASE = [
  9. [ 6842263847932328569390632736104801120816056295876316310227967232893658007436,
  10. 10520112236148895828506510766039255961372323270202387671483666293012156799229],
  11. [ 7512553369533424708326990019377586455744651641787163924108944444109352325495,
  12. 242060483180498555826438209654403949979206323274480625257315595534333598496],
  13. [ 480315709862415282411588615813248553518720286084247594626493599605932342246,
  14. 15016559215090999873142530067666085992648246670781771102893391410239675444873],
  15. [ 8311398801616893527636419786153024398643144699386228070202625261657263599049,
  16. 11125962584728296601438821974884453267303385157860713577195820780853779600315],
  17. [ 1924118814882677827825936037840538695314492559747259292440881566152665343441,
  18. 17232376423406964731689089286495480735310130852288107159412732879983310795144]
  19. ];
  20. var i;
  21. var j;
  22. var nexpbits;
  23. for (i=0; i<nexps; i++) {
  24. nexpbits = (i == nexps-1) ? nlastbits : 253;
  25. escalarMuls[i] = EscalarMul(nexpbits, PBASE[i]);
  26. for (j=0; j<nexpbits; j++) {
  27. escalarMuls[i].in[j] <== in[253*i + j];
  28. }
  29. if (i==0) {
  30. escalarMuls[i].inp[0] <== 0;
  31. escalarMuls[i].inp[1] <== 1;
  32. } else {
  33. escalarMuls[i].inp[0] <== escalarMuls[i-1].out[0];
  34. escalarMuls[i].inp[1] <== escalarMuls[i-1].out[1];
  35. }
  36. }
  37. escalarMuls[nexps-1].out[0] ==> out[0];
  38. escalarMuls[nexps-1].out[1] ==> out[1];
  39. }