diff --git a/circuits/README.md b/circuits/README.md
new file mode 100644
index 0000000..6c9e76a
--- /dev/null
+++ b/circuits/README.md
@@ -0,0 +1,14 @@
+* compconstant - Returns 1 if `in` (expanded to binary array) > `ct`
+* aliascheck - check if `in` (expanded to binary array) oveflowed its 254 bits (<= -1)
+* babyjub - twisted Edwards curve 168700.x^2 + y^2 = 1 + 168696.x^2.y^2
+ * BabyAdd - (`xout`,`yout`) = (`x1`,`y1`) + (`x2`,`y2`)
+ * BabyDbl - (`xout`,`yout`) = 2*(`x`,`y`)
+ * BabyCheck - check that (`x`,`y`) is on the curve
+* binsub - binary subtraction
+* gates - logical gates
+* mimc - SNARK-friendly hash Minimal Multiplicative Complexity.
+ * https://eprint.iacr.org/2016/492.pdf
+ * zcash/zcash#2233
+* smt - Sparse Merkle Tree
+ * https://ethresear.ch/t/optimizing-sparse-merkle-trees/3751
+* montgomery https://en.wikipedia.org/wiki/Montgomery_curve
\ No newline at end of file
diff --git a/circuits/babyjub.circom b/circuits/babyjub.circom
index a2e6b6b..c6fe41c 100644
--- a/circuits/babyjub.circom
+++ b/circuits/babyjub.circom
@@ -17,6 +17,9 @@
along with circom. If not, see .
*/
+include "bitify.circom";
+include "escalarmulfix.circom";
+
template BabyAdd() {
signal input x1;
signal input y1;
@@ -77,3 +80,27 @@ template BabyCheck() {
a*x2 + y2 === 1 + d*x2*y2;
}
+
+// Extracts the public key from private key
+template BabyPbk() {
+ signal private input in;
+ signal output Ax;
+ signal output Ay;
+
+ var BASE8 = [
+ 17777552123799933955779906779655732241715742912184938656739573121738514868268,
+ 2626589144620713026669568689430873010625803728049924121243784502389097019475
+ ];
+
+ component pvkBits = Num2Bits(253);
+ pvkBits.in <== in;
+
+ component mulFix = EscalarMulFix(253, BASE8);
+
+ var i;
+ for (i=0; i<253; i++) {
+ mulFix.e[i] <== pvkBits.out[i];
+ }
+ Ax <== mulFix.out[0];
+ Ay <== mulFix.out[1];
+}
diff --git a/circuits/multiplexer.circom b/circuits/multiplexer.circom
index 0c8f594..091bd2b 100644
--- a/circuits/multiplexer.circom
+++ b/circuits/multiplexer.circom
@@ -90,12 +90,17 @@ template Decoder(w) {
}
-template Multiplexor(wIn, nIn) {
+template Multiplexer(wIn, nIn) {
signal input inp[nIn][wIn];
signal input sel;
signal output out[wIn];
- component Decoder(nIn) dec;
- component EscalarProduct(nIn) ep[wIn];
+ component dec = Decoder(nIn);
+ component ep[wIn];
+
+ for (var k=0; k dec.inp;
for (var j=0; j {
@@ -97,4 +104,22 @@ describe("Baby Jub test", function () {
}
});
+ it("Should extract the public key from the private one", async () => {
+
+ const rawpvk = Buffer.from("0001020304050607080900010203040506070809000102030405060708090021", "hex");
+ const pvk = eddsa.pruneBuffer(createBlakeHash("blake512").update(rawpvk).digest().slice(0,32));
+ const S = bigInt.leBuff2int(pvk).shr(3);
+
+ const A = eddsa.prv2pub(rawpvk);
+
+ const input = {
+ in : S,
+ Ax : A[0],
+ Ay : A[1]
+ }
+
+ const w = circuitPbk.calculateWitness(input);
+ assert(circuitPbk.checkWitness(w));
+ });
+
});
diff --git a/test/circuits/babypbk_test.circom b/test/circuits/babypbk_test.circom
new file mode 100644
index 0000000..2583bb9
--- /dev/null
+++ b/test/circuits/babypbk_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/babyjub.circom";
+
+component main = BabyPbk();
\ No newline at end of file