diff --git a/calcpedersenbases/calcpedersenbases.js b/calcpedersenbases/calcpedersenbases.js index b24842a..0008a9d 100644 --- a/calcpedersenbases/calcpedersenbases.js +++ b/calcpedersenbases/calcpedersenbases.js @@ -64,8 +64,8 @@ function generatePoint(S) { const g = [ - bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")]; + bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"), + bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")]; // Sanity check if (!babyJub.inCurve(g)) { diff --git a/circuits/babyjub.circom b/circuits/babyjub.circom index c6fe41c..73cb84c 100644 --- a/circuits/babyjub.circom +++ b/circuits/babyjub.circom @@ -88,8 +88,8 @@ template BabyPbk() { signal output Ay; var BASE8 = [ - 17777552123799933955779906779655732241715742912184938656739573121738514868268, - 2626589144620713026669568689430873010625803728049924121243784502389097019475 + 5299619240641551281634865583518297030282874472190772894086521144482721001553, + 16950150798460657717958625567821834550301663161624707787222815936182638968203 ]; component pvkBits = Num2Bits(253); diff --git a/circuits/eddsa.circom b/circuits/eddsa.circom index 37e4a7e..1026774 100644 --- a/circuits/eddsa.circom +++ b/circuits/eddsa.circom @@ -123,8 +123,8 @@ template EdDSAVerifier(n) { // Calculate left side of equation left = S*B8 var BASE8 = [ - 17777552123799933955779906779655732241715742912184938656739573121738514868268, - 2626589144620713026669568689430873010625803728049924121243784502389097019475 + 5299619240641551281634865583518297030282874472190772894086521144482721001553, + 16950150798460657717958625567821834550301663161624707787222815936182638968203 ]; component mulFix = EscalarMulFix(256, BASE8); for (i=0; i<256; i++) { diff --git a/circuits/eddsamimc.circom b/circuits/eddsamimc.circom index b3a6a77..aef5df5 100644 --- a/circuits/eddsamimc.circom +++ b/circuits/eddsamimc.circom @@ -101,8 +101,8 @@ template EdDSAMiMCVerifier() { // Calculate left side of equation left = S*B8 var BASE8 = [ - 17777552123799933955779906779655732241715742912184938656739573121738514868268, - 2626589144620713026669568689430873010625803728049924121243784502389097019475 + 5299619240641551281634865583518297030282874472190772894086521144482721001553, + 16950150798460657717958625567821834550301663161624707787222815936182638968203 ]; component mulFix = EscalarMulFix(253, BASE8); for (i=0; i<253; i++) { diff --git a/circuits/eddsamimcsponge.circom b/circuits/eddsamimcsponge.circom index 419fb91..af38d57 100644 --- a/circuits/eddsamimcsponge.circom +++ b/circuits/eddsamimcsponge.circom @@ -101,8 +101,8 @@ template EdDSAMiMCSpongeVerifier() { // Calculate left side of equation left = S*B8 var BASE8 = [ - 17777552123799933955779906779655732241715742912184938656739573121738514868268, - 2626589144620713026669568689430873010625803728049924121243784502389097019475 + 5299619240641551281634865583518297030282874472190772894086521144482721001553, + 16950150798460657717958625567821834550301663161624707787222815936182638968203 ]; component mulFix = EscalarMulFix(253, BASE8); for (i=0; i<253; i++) { diff --git a/circuits/eddsaposeidon.circom b/circuits/eddsaposeidon.circom index d887247..6674747 100644 --- a/circuits/eddsaposeidon.circom +++ b/circuits/eddsaposeidon.circom @@ -100,8 +100,8 @@ template EdDSAPoseidonVerifier() { // Calculate left side of equation left = S*B8 var BASE8 = [ - 17777552123799933955779906779655732241715742912184938656739573121738514868268, - 2626589144620713026669568689430873010625803728049924121243784502389097019475 + 5299619240641551281634865583518297030282874472190772894086521144482721001553, + 16950150798460657717958625567821834550301663161624707787222815936182638968203 ]; component mulFix = EscalarMulFix(253, BASE8); for (i=0; i<253; i++) { diff --git a/src/babyjub.js b/src/babyjub.js index 50aed18..b3630fd 100644 --- a/src/babyjub.js +++ b/src/babyjub.js @@ -7,19 +7,23 @@ exports.inCurve = inCurve; exports.inSubgroup = inSubgroup; exports.packPoint = packPoint; exports.unpackPoint = unpackPoint; +exports.Generator = [ + bigInt("995203441582195749578291179787384436505546430278305826713579947235728471134"), + bigInt("5472060717959818805561601436314318772137091100104008585924551046643952123905") +]; exports.Base8 = [ - bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475") + bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"), + bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203") ]; exports.order = bigInt("21888242871839275222246405745257275088614511777268538073601725287587578984328"); exports.subOrder = exports.order.shr(3); exports.p = bn128.r; +exports.A = bigInt("168700"); +exports.D = bigInt("168696"); function addPoint(a,b) { const q = bn128.r; - const cta = bigInt("168700"); - const d = bigInt("168696"); const res = []; @@ -27,8 +31,8 @@ function addPoint(a,b) { res[0] = bigInt((a[0]*b[1] + b[0]*a[1]) * bigInt(bigInt("1") + d*a[0]*b[0]*a[1]*b[1]).inverse(q)).affine(q); res[1] = bigInt((a[1]*b[1] - cta*a[0]*b[0]) * bigInt(bigInt("1") - d*a[0]*b[0]*a[1]*b[1]).inverse(q)).affine(q); */ - res[0] = bigInt((bigInt(a[0]).mul(b[1]).add(bigInt(b[0]).mul(a[1]))).mul(bigInt(bigInt("1").add(d.mul(a[0]).mul(b[0]).mul(a[1]).mul(b[1]))).inverse(q))).affine(q); - res[1] = bigInt((bigInt(a[1]).mul(b[1]).sub(cta.mul(a[0]).mul(b[0]))).mul(bigInt(bigInt("1").sub(d.mul(a[0]).mul(b[0]).mul(a[1]).mul(b[1]))).inverse(q))).affine(q); + res[0] = bigInt((bigInt(a[0]).mul(b[1]).add(bigInt(b[0]).mul(a[1]))).mul(bigInt(bigInt("1").add(exports.D.mul(a[0]).mul(b[0]).mul(a[1]).mul(b[1]))).inverse(q))).affine(q); + res[1] = bigInt((bigInt(a[1]).mul(b[1]).sub(exports.A.mul(a[0]).mul(b[0]))).mul(bigInt(bigInt("1").sub(exports.D.mul(a[0]).mul(b[0]).mul(a[1]).mul(b[1]))).inverse(q))).affine(q); return res; } @@ -58,15 +62,12 @@ function inSubgroup(P) { function inCurve(P) { const F = bn128.Fr; - const a = bigInt("168700"); - const d = bigInt("168696"); - const x2 = F.square(P[0]); const y2 = F.square(P[1]); if (!F.equals( - F.add(F.mul(a, x2), y2), - F.add(F.one, F.mul(F.mul(x2, y2), d)))) return false; + F.add(F.mul(exports.A, x2), y2), + F.add(F.one, F.mul(F.mul(x2, y2), exports.D)))) return false; return true; } @@ -92,14 +93,11 @@ function unpackPoint(_buff) { P[1] = bigInt.leBuff2int(buff); if (P[1].greaterOrEquals(exports.p)) return null; - const a = bigInt("168700"); - const d = bigInt("168696"); - const y2 = F.square(P[1]); let x = F.sqrt(F.div( F.sub(F.one, y2), - F.sub(a, F.mul(d, y2)))); + F.sub(exports.A, F.mul(exports.D, y2)))); if (x == null) return null; diff --git a/test/babyjub_js.js b/test/babyjub_js.js index 33fa988..8e1fc33 100644 --- a/test/babyjub_js.js +++ b/test/babyjub_js.js @@ -28,6 +28,16 @@ describe("Baby Jub js test", function () { assert(out[1].equals(1)); }); + it("Should base be 8*generator", () => { + let res; + res = babyjub.addPoint(babyjub.Generator, babyjub.Generator); + res = babyjub.addPoint(res, res); + res = babyjub.addPoint(res, res); + + assert(res[0].equals(babyjub.Base8[0])); + assert(res[1].equals(babyjub.Base8[1])); + }); + it("Should add 2 same numbers", () => { const p1 = [ diff --git a/test/circuits/circuit.json b/test/circuits/circuit.json new file mode 100644 index 0000000..495528b --- /dev/null +++ b/test/circuits/circuit.json @@ -0,0 +1,776 @@ +{ + "mainCode": "{\n {\n }\n}\n", + "signalName2Idx": { + "one": 0, + "main.in": 33, + "main.out[0][0]": 1, + "main.out[0][1]": 2, + "main.out[1][0]": 3, + "main.out[1][1]": 4, + "main.out[2][0]": 5, + "main.out[2][1]": 6, + "main.out[3][0]": 7, + "main.out[3][1]": 8, + "main.out[4][0]": 9, + "main.out[4][1]": 10, + "main.out[5][0]": 11, + "main.out[5][1]": 12, + "main.out[6][0]": 13, + "main.out[6][1]": 14, + "main.out[7][0]": 15, + "main.out[7][1]": 16, + "main.out[8][0]": 17, + "main.out[8][1]": 18, + "main.out[9][0]": 19, + "main.out[9][1]": 20, + "main.out[10][0]": 21, + "main.out[10][1]": 22, + "main.out[11][0]": 23, + "main.out[11][1]": 24, + "main.out[12][0]": 25, + "main.out[12][1]": 26, + "main.out[13][0]": 27, + "main.out[13][1]": 28, + "main.out[14][0]": 29, + "main.out[14][1]": 30, + "main.out[15][0]": 31, + "main.out[15][1]": 32, + "main.escalarMul.out[0][0]": 34, + "main.escalarMul.out[0][1]": 35, + "main.escalarMul.out[1][0]": 36, + "main.escalarMul.out[1][1]": 37, + "main.escalarMul.out[2][0]": 38, + "main.escalarMul.out[2][1]": 39, + "main.escalarMul.out[3][0]": 40, + "main.escalarMul.out[3][1]": 41, + "main.escalarMul.out[4][0]": 42, + "main.escalarMul.out[4][1]": 43, + "main.escalarMul.out[5][0]": 44, + "main.escalarMul.out[5][1]": 45, + "main.escalarMul.out[6][0]": 46, + "main.escalarMul.out[6][1]": 47, + "main.escalarMul.out[7][0]": 48, + "main.escalarMul.out[7][1]": 49, + "main.escalarMul.out[8][0]": 50, + "main.escalarMul.out[8][1]": 51, + "main.escalarMul.out[9][0]": 52, + "main.escalarMul.out[9][1]": 53, + "main.escalarMul.out[10][0]": 54, + "main.escalarMul.out[10][1]": 55, + "main.escalarMul.out[11][0]": 56, + "main.escalarMul.out[11][1]": 57, + "main.escalarMul.out[12][0]": 58, + "main.escalarMul.out[12][1]": 59, + "main.escalarMul.out[13][0]": 60, + "main.escalarMul.out[13][1]": 61, + "main.escalarMul.out[14][0]": 62, + "main.escalarMul.out[14][1]": 63, + "main.escalarMul.out[15][0]": 64, + "main.escalarMul.out[15][1]": 65 + }, + "components": [ + { + "name": "main", + "params": {}, + "template": "Main", + "inputSignals": 1 + }, + { + "name": "main.escalarMul", + "params": { + "base": [ + "5299619240641551281634865583518297030282874472190772894086521144482721001553", + "16950150798460657717958625567821834550301663161624707787222815936182638968203" + ], + "k": "0" + }, + "template": "EscalarMulW4Table", + "inputSignals": 0 + } + ], + "componentName2Idx": { + "main": 0, + "main.escalarMul": 1 + }, + "signals": [ + { + "names": [ + "one" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[0][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[0][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[1][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[1][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[2][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[2][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[3][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[3][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[4][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[4][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[5][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[5][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[6][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[6][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[7][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[7][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[8][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[8][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[9][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[9][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[10][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[10][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[11][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[11][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[12][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[12][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[13][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[13][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[14][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[14][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[15][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[15][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.in" + ], + "triggerComponents": [ + 0 + ] + }, + { + "names": [ + "main.escalarMul.out[0][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[0][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[1][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[1][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[2][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[2][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[3][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[3][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[4][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[4][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[5][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[5][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[6][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[6][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[7][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[7][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[8][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[8][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[9][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[9][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[10][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[10][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[11][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[11][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[12][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[12][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[13][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[13][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[14][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[14][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[15][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.escalarMul.out[15][1]" + ], + "triggerComponents": [] + } + ], + "constraints": [ + [ + {}, + { + "33": "1" + }, + { + "1": "21888242871839275222246405745257275088548364400416034343698204186575808495616" + } + ], + [ + {}, + {}, + { + "2": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "1" + } + ], + [ + {}, + {}, + { + "3": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "5299619240641551281634865583518297030282874472190772894086521144482721001553" + } + ], + [ + {}, + {}, + { + "4": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "16950150798460657717958625567821834550301663161624707787222815936182638968203" + } + ], + [ + {}, + {}, + { + "5": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "10031262171927540148667355526369034398030886437092045105752248699557385197826" + } + ], + [ + {}, + {}, + { + "6": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "633281375905621697187330766174974863687049529291089048651929454608812697683" + } + ], + [ + {}, + {}, + { + "7": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "2763488322167937039616325905516046217694264098671987087929565332380420898366" + } + ], + [ + {}, + {}, + { + "8": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "15305195750036305661220525648961313310481046260814497672243197092298550508693" + } + ], + [ + {}, + {}, + { + "9": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "12252886604826192316928789929706397349846234911198931249025449955069330867144" + } + ], + [ + {}, + {}, + { + "10": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "1286140751908834028607023759717162073146610688084909004843365841635476459484" + } + ], + [ + {}, + {}, + { + "11": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "11480966271046430430613841218147196773252373073876138147006741179837832100836" + } + ], + [ + {}, + {}, + { + "12": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "15148236048131954717802795400425086368006776860859772698778589175317365693546" + } + ], + [ + {}, + {}, + { + "13": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "10483991165196995731760716870725509190315033255344071753161464961897900552628" + } + ], + [ + {}, + {}, + { + "14": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "16822899191463256771813724222715007505997804748105685077895991386716774358231" + } + ], + [ + {}, + {}, + { + "15": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "20092560661213339045022877747484245238324772779820628739268223482659246842641" + } + ], + [ + {}, + {}, + { + "16": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "12112450042127193446189577552007703839818242727902437791835414514847797088033" + } + ], + [ + {}, + {}, + { + "17": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "7582035475627193640797276505418002166691739036475590846121162698650004832581" + } + ], + [ + {}, + {}, + { + "18": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "7801528930831391612913542953849263092120765287178679640990215688947513841260" + } + ], + [ + {}, + {}, + { + "19": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "4705897243203718691035604313913899717760209962238015362153877735592901317263" + } + ], + [ + {}, + {}, + { + "20": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "11533909001000295577818857040682494493436124051895563619976413559559984357704" + } + ], + [ + {}, + {}, + { + "21": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "153240920024090527149238595127650983736082984617707450012091413752625486998" + } + ], + [ + {}, + {}, + { + "22": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "4020276081434545615309760015178511782232038136121596626881988383789905359767" + } + ], + [ + {}, + {}, + { + "23": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "21605515851820432880964235241069234202284600780825340516808373216881770219365" + } + ], + [ + {}, + {}, + { + "24": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "18856460861531942120859708048677603751294231190189224157283439874962410808705" + } + ], + [ + {}, + {}, + { + "25": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "13745444942333935831105476262872495530232646590228527111681360848540626474828" + } + ], + [ + {}, + {}, + { + "26": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "12593235468414968750242085888471035041062129592669413010808753916989521208231" + } + ], + [ + {}, + {}, + { + "27": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "2645068156583085050795409844793952496341966587935372213947442411891928926825" + } + ], + [ + {}, + {}, + { + "28": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "18721023485287444620535873833099074300132272004358512346950884094158923211889" + } + ], + [ + {}, + {}, + { + "29": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "6271573312546148160329629673815240458676221818610765478794395550121752710497" + } + ], + [ + {}, + {}, + { + "30": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "20729133862440981855920571719405839551572203482913253618619962546642052100217" + } + ], + [ + {}, + {}, + { + "31": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "5958787406588418500595239545974275039455545059833263445973445578199987122248" + } + ], + [ + {}, + {}, + { + "32": "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "33": "6291453822075498887551694851992571215511219854100590306020486222643399599966" + } + ] + ], + "templates": { + "EscalarMulW4Table": "function(ctx) {\n ctx.setVar(\"dbl\", [], ctx.getVar(\"base\",[]));\n for (ctx.setVar(\"i\", [], \"0\");bigInt(bigInt(ctx.getVar(\"i\",[])).lt(bigInt(bigInt(ctx.getVar(\"k\",[])).mul(bigInt(\"4\")).mod(__P__))) ? 1 : 0).neq(bigInt(0));(ctx.setVar(\"i\", [], bigInt(ctx.getVar(\"i\",[])).add(bigInt(\"1\")).mod(__P__))).add(__P__).sub(bigInt(1)).mod(__P__)) { \n {\n ctx.setVar(\"dbl\", [], ctx.callFunction(\"pointAdd\", [ctx.getVar(\"dbl\",[\"0\"]),ctx.getVar(\"dbl\",[\"1\"]),ctx.getVar(\"dbl\",[\"0\"]),ctx.getVar(\"dbl\",[\"1\"])]));\n }\n\n }\n ctx.setSignal(\"out\", [\"0\",\"0\"], \"0\");\n ctx.assert(ctx.getSignal(\"out\", [\"0\",\"0\"]), \"0\");\n ctx.setSignal(\"out\", [\"0\",\"1\"], \"1\");\n ctx.assert(ctx.getSignal(\"out\", [\"0\",\"1\"]), \"1\");\n for (ctx.setVar(\"i\", [], \"1\");bigInt(bigInt(ctx.getVar(\"i\",[])).lt(bigInt(\"16\")) ? 1 : 0).neq(bigInt(0));(ctx.setVar(\"i\", [], bigInt(ctx.getVar(\"i\",[])).add(bigInt(\"1\")).mod(__P__))).add(__P__).sub(bigInt(1)).mod(__P__)) { \n {\n ctx.setVar(\"p\", [], ctx.callFunction(\"pointAdd\", [ctx.getSignal(\"out\", [bigInt(ctx.getVar(\"i\",[])).add(__P__).sub(bigInt(\"1\")).mod(__P__),\"0\"]),ctx.getSignal(\"out\", [bigInt(ctx.getVar(\"i\",[])).add(__P__).sub(bigInt(\"1\")).mod(__P__),\"1\"]),ctx.getVar(\"dbl\",[\"0\"]),ctx.getVar(\"dbl\",[\"1\"])]));\n ctx.setSignal(\"out\", [ctx.getVar(\"i\",[]),\"0\"], ctx.getVar(\"p\",[\"0\"]));\n ctx.assert(ctx.getSignal(\"out\", [ctx.getVar(\"i\",[]),\"0\"]), ctx.getVar(\"p\",[\"0\"]));\n ctx.setSignal(\"out\", [ctx.getVar(\"i\",[]),\"1\"], ctx.getVar(\"p\",[\"1\"]));\n ctx.assert(ctx.getSignal(\"out\", [ctx.getVar(\"i\",[]),\"1\"]), ctx.getVar(\"p\",[\"1\"]));\n }\n\n }\n}\n", + "Main": "function(ctx) {\n ctx.setVar(\"base\", [], [\"5299619240641551281634865583518297030282874472190772894086521144482721001553\",\"16950150798460657717958625567821834550301663161624707787222815936182638968203\"]);\n for (ctx.setVar(\"i\", [], \"0\");bigInt(bigInt(ctx.getVar(\"i\",[])).lt(bigInt(\"16\")) ? 1 : 0).neq(bigInt(0));(ctx.setVar(\"i\", [], bigInt(ctx.getVar(\"i\",[])).add(bigInt(\"1\")).mod(__P__))).add(__P__).sub(bigInt(1)).mod(__P__)) { \n {\n ctx.setSignal(\"out\", [ctx.getVar(\"i\",[]),\"0\"], bigInt(ctx.getPin(\"escalarMul\", [], \"out\", [ctx.getVar(\"i\",[]),\"0\"])).mul(bigInt(ctx.getSignal(\"in\", []))).mod(__P__));\n ctx.assert(ctx.getSignal(\"out\", [ctx.getVar(\"i\",[]),\"0\"]), bigInt(ctx.getPin(\"escalarMul\", [], \"out\", [ctx.getVar(\"i\",[]),\"0\"])).mul(bigInt(ctx.getSignal(\"in\", []))).mod(__P__));\n ctx.setSignal(\"out\", [ctx.getVar(\"i\",[]),\"1\"], bigInt(ctx.getPin(\"escalarMul\", [], \"out\", [ctx.getVar(\"i\",[]),\"1\"])).mul(bigInt(ctx.getSignal(\"in\", []))).mod(__P__));\n ctx.assert(ctx.getSignal(\"out\", [ctx.getVar(\"i\",[]),\"1\"]), bigInt(ctx.getPin(\"escalarMul\", [], \"out\", [ctx.getVar(\"i\",[]),\"1\"])).mul(bigInt(ctx.getSignal(\"in\", []))).mod(__P__));\n }\n\n }\n}\n" + }, + "functions": { + "pointAdd": { + "params": [ + "x1", + "y1", + "x2", + "y2" + ], + "func": "function(ctx) {\n ctx.setVar(\"a\", [], \"168700\");\n ctx.setVar(\"d\", [], \"168696\");\n ctx.setVar(\"res\", [\"0\"], bigInt(bigInt(bigInt(ctx.getVar(\"x1\",[])).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__)).add(bigInt(bigInt(ctx.getVar(\"y1\",[])).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__))).mod(__P__)).mul( bigInt(bigInt(\"1\").add(bigInt(bigInt(bigInt(bigInt(bigInt(ctx.getVar(\"d\",[])).mul(bigInt(ctx.getVar(\"x1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__))).mod(__P__)).inverse(__P__) ).mod(__P__));\n ctx.setVar(\"res\", [\"1\"], bigInt(bigInt(bigInt(ctx.getVar(\"y1\",[])).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__)).add(__P__).sub(bigInt(bigInt(bigInt(ctx.getVar(\"a\",[])).mul(bigInt(ctx.getVar(\"x1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__))).mod(__P__)).mul( bigInt(bigInt(\"1\").add(__P__).sub(bigInt(bigInt(bigInt(bigInt(bigInt(ctx.getVar(\"d\",[])).mul(bigInt(ctx.getVar(\"x1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__))).mod(__P__)).inverse(__P__) ).mod(__P__));\n return ctx.getVar(\"res\",[]);;\n}\n" + } + }, + "nPrvInputs": 0, + "nPubInputs": 1, + "nInputs": 1, + "nOutputs": 32, + "nVars": 34, + "nConstants": 32, + "nSignals": 66 +} \ No newline at end of file diff --git a/test/circuits/escalarmul_min_test.circom b/test/circuits/escalarmul_min_test.circom index ca468e8..b497348 100644 --- a/test/circuits/escalarmul_min_test.circom +++ b/test/circuits/escalarmul_min_test.circom @@ -7,8 +7,8 @@ template Main() { var i; - var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268, - 2626589144620713026669568689430873010625803728049924121243784502389097019475] + var base = [5299619240641551281634865583518297030282874472190772894086521144482721001553, + 16950150798460657717958625567821834550301663161624707787222815936182638968203] component escalarMul = EscalarMul(256, base); diff --git a/test/circuits/escalarmul_test.circom b/test/circuits/escalarmul_test.circom index 99c84b8..62c1db1 100644 --- a/test/circuits/escalarmul_test.circom +++ b/test/circuits/escalarmul_test.circom @@ -6,8 +6,8 @@ template Main() { signal input in; signal output out[2]; - var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268, - 2626589144620713026669568689430873010625803728049924121243784502389097019475] + var base = [5299619240641551281634865583518297030282874472190772894086521144482721001553, + 16950150798460657717958625567821834550301663161624707787222815936182638968203] component n2b = Num2Bits(253); diff --git a/test/circuits/escalarmul_test_min.circom b/test/circuits/escalarmul_test_min.circom index ca468e8..b497348 100644 --- a/test/circuits/escalarmul_test_min.circom +++ b/test/circuits/escalarmul_test_min.circom @@ -7,8 +7,8 @@ template Main() { var i; - var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268, - 2626589144620713026669568689430873010625803728049924121243784502389097019475] + var base = [5299619240641551281634865583518297030282874472190772894086521144482721001553, + 16950150798460657717958625567821834550301663161624707787222815936182638968203] component escalarMul = EscalarMul(256, base); diff --git a/test/circuits/escalarmulfix_test.circom b/test/circuits/escalarmulfix_test.circom index e24e564..9a9d777 100644 --- a/test/circuits/escalarmulfix_test.circom +++ b/test/circuits/escalarmulfix_test.circom @@ -6,8 +6,8 @@ template Main() { signal input e; signal output out[2]; - var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268, - 2626589144620713026669568689430873010625803728049924121243784502389097019475] + var base = [5299619240641551281634865583518297030282874472190772894086521144482721001553, + 16950150798460657717958625567821834550301663161624707787222815936182638968203] component n2b = Num2Bits(253); diff --git a/test/circuits/escalarmulw4table.circom b/test/circuits/escalarmulw4table.circom index b40f45b..85c5507 100644 --- a/test/circuits/escalarmulw4table.circom +++ b/test/circuits/escalarmulw4table.circom @@ -1,6 +1,6 @@ include "../../circuits/escalarmulw4table.circom"; -var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268, - 2626589144620713026669568689430873010625803728049924121243784502389097019475] +var base = [5299619240641551281634865583518297030282874472190772894086521144482721001553, + 16950150798460657717958625567821834550301663161624707787222815936182638968203] component main = EscalarMulW4Table(base, 0); diff --git a/test/circuits/escalarmulw4table_test.circom b/test/circuits/escalarmulw4table_test.circom index ae7412d..59508f3 100644 --- a/test/circuits/escalarmulw4table_test.circom +++ b/test/circuits/escalarmulw4table_test.circom @@ -1,6 +1,17 @@ include "../../circuits/escalarmulw4table.circom"; -var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268, - 2626589144620713026669568689430873010625803728049924121243784502389097019475]; -component main = EscalarMulW4Table(base, 0); +template Main() { + signal input in; + signal output out[16][2]; + var base = [5299619240641551281634865583518297030282874472190772894086521144482721001553, + 16950150798460657717958625567821834550301663161624707787222815936182638968203]; + + component escalarMul = EscalarMulW4Table(base, 0); + for (var i=0; i<16; i++) { + out[i][0] <== escalarMul.out[i][0]*in; + out[i][1] <== escalarMul.out[i][1]*in; + } +} + +component main = Main(); diff --git a/test/circuits/escalarmulw4table_test3.circom b/test/circuits/escalarmulw4table_test3.circom index e8733ec..bcfb4ba 100644 --- a/test/circuits/escalarmulw4table_test3.circom +++ b/test/circuits/escalarmulw4table_test3.circom @@ -1,6 +1,17 @@ include "../../circuits/escalarmulw4table.circom"; -var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268, - 2626589144620713026669568689430873010625803728049924121243784502389097019475] -component main = EscalarMulW4Table(base, 3); +template Main() { + signal input in; + signal output out[16][2]; + var base = [5299619240641551281634865583518297030282874472190772894086521144482721001553, + 16950150798460657717958625567821834550301663161624707787222815936182638968203]; + + component escalarMul = EscalarMulW4Table(base, 3); + for (var i=0; i<16; i++) { + out[i][0] <== escalarMul.out[i][0]*in; + out[i][1] <== escalarMul.out[i][1]*in; + } +} + +component main = Main(); diff --git a/test/eddsa_js.js b/test/eddsa_js.js index c4e8f54..199bb2f 100644 --- a/test/eddsa_js.js +++ b/test/eddsa_js.js @@ -23,24 +23,24 @@ describe("EdDSA js test", function () { const pubKey = eddsa.prv2pub(prvKey); assert.equal(pubKey[0].toString(), - "2610057752638682202795145288373380503107623443963127956230801721756904484787"); + "13277427435165878497778222415993513565335242147425444199013288855685581939618"); assert.equal(pubKey[1].toString(), - "16617171478497210597712478520507818259149717466230047843969353176573634386897"); + "13622229784656158136036771217484571176836296686641868549125388198837476602820"); const pPubKey = babyJub.packPoint(pubKey); const signature = eddsa.signMiMC(prvKey, msg); assert.equal(signature.R8[0].toString(), - "4974729414807584049518234760796200867685098748448054182902488636762478901554"); + "11384336176656855268977457483345535180380036354188103142384839473266348197733"); assert.equal(signature.R8[1].toString(), - "18714049394522540751536514815950425694461287643205706667341348804546050128733"); + "15383486972088797283337779941324724402501462225528836549661220478783371668959"); assert.equal(signature.S.toString(), - "2171284143457722024136077617757713039502332290425057126942676527240038689549"); + "2523202440825208709475937830811065542425109372212752003460238913256192595070"); const pSignature = eddsa.packSignature(signature); assert.equal(pSignature.toString("hex"), ""+ - "5dfb6f843c023fe3e52548ccf22e55c81b426f7af81b4f51f7152f2fcfc65f29"+ - "0dab19c5a0a75973cd75a54780de0c3a41ede6f57396fe99b5307fff3ce7cc04"); + "dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+ + "7ed40dab29bf993c928e789d007387998901a24913d44fddb64b1f21fc149405"); const uSignature = eddsa.unpackSignature(pSignature); assert(eddsa.verifyMiMC(msg, uSignature, pubKey)); diff --git a/test/escalarmul.js b/test/escalarmul.js index 27e5108..bc9e13b 100644 --- a/test/escalarmul.js +++ b/test/escalarmul.js @@ -36,10 +36,10 @@ describe("Exponentioation test", () => { console.log("NConstrains: " + circuit.nConstraints); - const w = circuit.calculateWitness({}); + const w = circuit.calculateWitness({in: 1}); - let g = [bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")] + let g = [bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"), + bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")] dbl= [bigInt("0"), snarkjs.bigInt("1")]; @@ -72,10 +72,10 @@ describe("Exponentioation test", () => { console.log("NConstrains: " + circuit.nConstraints); - const w = circuit.calculateWitness({}); + const w = circuit.calculateWitness({in: 1}); - let g = [snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")] + let g = [snarkjs.bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"), + snarkjs.bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")] for (let i=0; i<12;i++) { g = addPoint(g,g); @@ -116,8 +116,8 @@ describe("Exponentioation test", () => { assert(circuit.checkWitness(w)); - let g = [snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")] + let g = [snarkjs.bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"), + snarkjs.bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")] let c = [0n, 1n]; diff --git a/test/escalarmulany.js b/test/escalarmulany.js index 09fea66..2d33827 100644 --- a/test/escalarmulany.js +++ b/test/escalarmulany.js @@ -18,8 +18,8 @@ describe("Escalarmul test", function () { this.timeout(100000); let g = [ - snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475") + snarkjs.bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"), + snarkjs.bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203") ]; before( async() => { diff --git a/test/escalarmulfix.js b/test/escalarmulfix.js index fc13ea8..77f6c97 100644 --- a/test/escalarmulfix.js +++ b/test/escalarmulfix.js @@ -54,8 +54,8 @@ describe("Escalarmul test", function () { const s = bigInt("2351960337287830298912035165133676222414898052661454064215017316447594616519"); const base8 = [ - bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475") + bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"), + bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203") ]; const w = circuit.calculateWitness({"e": s}); @@ -74,8 +74,8 @@ describe("Escalarmul test", function () { it("Should generate scalar mul of the firsts 50 elements", async () => { const base8 = [ - bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475") + bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"), + bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203") ]; for (let i=0; i<50; i++) { diff --git a/test/montgomery.js b/test/montgomery.js index a7986df..0de3ca0 100644 --- a/test/montgomery.js +++ b/test/montgomery.js @@ -15,8 +15,8 @@ describe("Montgomery test", function () { let circuitMDouble; let g = [ - snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")]; + snarkjs.bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"), + snarkjs.bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")]; let mg, mg2, g2, g3, mg3;