From 30c6cf55b9c4bb55dccb44e028f41da6b8dbd34a Mon Sep 17 00:00:00 2001 From: Jordi Baylina Date: Thu, 12 Dec 2019 16:49:58 +0100 Subject: [PATCH] Alias Check and Babyjub adapted --- circuits/escalarmulfix.circom | 6 +- src/utils.js | 87 ++++++++++++++++++++++++++++ test/aliascheck.js | 36 ++++++------ test/babyjub.js | 104 +++++++++++++++------------------- test/circuits/in.json | 2 +- test/sha256.js | 8 +-- 6 files changed, 159 insertions(+), 84 deletions(-) create mode 100644 src/utils.js diff --git a/circuits/escalarmulfix.circom b/circuits/escalarmulfix.circom index 8e3e031..e2c0998 100644 --- a/circuits/escalarmulfix.circom +++ b/circuits/escalarmulfix.circom @@ -176,6 +176,9 @@ template SegmentMulFix(nWindows) { cadders[i].in1[0] <== cadders[i-1].out[0]; cadders[i].in1[1] <== cadders[i-1].out[1]; } + for (j=0; j<3; j++) { + windows[i].in[j] <== e[3*i+j]; + } if (i=0)) { + let c = Number(r.and(bigInt(255))); + buff[o] = c; + o--; + r = r.shiftRight(8); + } + if (r.gt(bigInt.zero)) throw new Error("Number does not feed in buffer"); + return buff; +} + + +function stringifyBigInts(o) { + if ((typeof(o) == "bigint") || o.isZero !== undefined) { + return o.toString(10); + } else if (Array.isArray(o)) { + return o.map(stringifyBigInts); + } else if (typeof o == "object") { + const res = {}; + for (let k in o) { + res[k] = stringifyBigInts(o[k]); + } + return res; + } else { + return o; + } +} + +function unstringifyBigInts(o) { + if ((typeof(o) == "string") && (/^[0-9]+$/.test(o) )) { + return bigInt(o); + } else if (Array.isArray(o)) { + return o.map(unstringifyBigInts); + } else if (typeof o == "object") { + const res = {}; + for (let k in o) { + res[k] = unstringifyBigInts(o[k]); + } + return res; + } else { + return o; + } +} diff --git a/test/aliascheck.js b/test/aliascheck.js index 85ff2ae..aff1de0 100644 --- a/test/aliascheck.js +++ b/test/aliascheck.js @@ -1,11 +1,12 @@ const chai = require("chai"); const path = require("path"); -const snarkjs = require("snarkjs"); const compiler = require("circom"); const assert = chai.assert; -const bigInt = snarkjs.bigInt; +const bigInt = require("big-integer"); + +const tester = require("circom").tester; function print(circuit, w, s) { console.log(s + ": " + w[circuit.getSignalIdx(s)]); @@ -14,7 +15,7 @@ function print(circuit, w, s) { function getBits(v, n) { const res = []; for (let i=0; i { - let circuit; - before( async() => { - const cirDef = await compiler(path.join(__dirname, "circuits", "aliascheck_test.circom")); +describe("Aliascheck test", function () { + this.timeout(100000); - circuit = new snarkjs.Circuit(cirDef); + let cir; + before( async() => { - console.log("NConstrains: " + circuit.nConstraints); + cir = await tester(path.join(__dirname, "circuits", "aliascheck_test.circom")); }); it("Satisfy the aliastest 0", async () => { const inp = getBits(bigInt.zero, 254); - circuit.calculateWitness({in: inp}); + await cir.calculateWitness({in: inp}); }); it("Satisfy the aliastest 3", async () => { const inp = getBits(bigInt(3), 254); - circuit.calculateWitness({in: inp}); + await cir.calculateWitness({in: inp}); }); it("Satisfy the aliastest q-1", async () => { - const inp = getBits(q.sub(bigInt.one), 254); - circuit.calculateWitness({in: inp}); + const inp = getBits(q.minus(bigInt.one), 254); + await cir.calculateWitness({in: inp}); }); - it("Nhot not satisfy an input of q", async () => { + it("Should not satisfy an input of q", async () => { const inp = getBits(q, 254); try { - circuit.calculateWitness({in: inp}); + await cir.calculateWitness({in: inp}); assert(false); } catch(err) { assert(/Constraint\sdoesn't\smatch(.*)1\s!=\s0/.test(err.message) ); } }); - it("Nhot not satisfy all ones", async () => { + it("Should not satisfy all ones", async () => { - const inp = getBits(bigInt(1).shl(254).sub(bigInt(1)), 254); + const inp = getBits(bigInt(1).shiftLeft(254).minus(bigInt.one), 254); try { - circuit.calculateWitness({in: inp}); + await cir.calculateWitness({in: inp}); assert(false); } catch(err) { assert(/Constraint\sdoesn't\smatch(.*)1\s!=\s0/.test(err.message) ); diff --git a/test/babyjub.js b/test/babyjub.js index c650cfa..d41c039 100644 --- a/test/babyjub.js +++ b/test/babyjub.js @@ -1,103 +1,89 @@ const chai = require("chai"); const path = require("path"); -const snarkjs = require("snarkjs"); -const compiler = require("circom"); const createBlakeHash = require("blake-hash"); const eddsa = require("../src/eddsa.js"); const assert = chai.assert; -const bigInt = require("snarkjs").bigInt; +const bigInt = require("big-integer"); +const tester = require("circom").tester; +const utils = require("../src/utils.js"); describe("Baby Jub test", function () { let circuitAdd; let circuitTest; + let circuitPbk; this.timeout(100000); before( async() => { - const cirDefAdd = await compiler(path.join(__dirname, "circuits", "babyadd_tester.circom")); - circuitAdd = new snarkjs.Circuit(cirDefAdd); - console.log("NConstrains BabyAdd: " + circuitAdd.nConstraints); + circuitAdd = await tester(path.join(__dirname, "circuits", "babyadd_tester.circom")); - const cirDefTest = await compiler(path.join(__dirname, "circuits", "babycheck_test.circom")); - circuitTest = new snarkjs.Circuit(cirDefTest); - console.log("NConstrains BabyTest: " + circuitTest.nConstraints); - - const cirDefPbk = await compiler(path.join(__dirname, "circuits", "babypbk_test.circom")); - circuitPbk = new snarkjs.Circuit(cirDefPbk); - console.log("NConstrains BabyPbk: " + circuitPbk.nConstraints); + circuitTest = await tester(path.join(__dirname, "circuits", "babycheck_test.circom")); + circuitPbk = await tester(path.join(__dirname, "circuits", "babypbk_test.circom")); }); it("Should add point (0,1) and (0,1)", async () => { const input={ - x1: snarkjs.bigInt(0), - y1: snarkjs.bigInt(1), - x2: snarkjs.bigInt(0), - y2: snarkjs.bigInt(1) + x1: bigInt(0), + y1: bigInt(1), + x2: bigInt(0), + y2: bigInt(1) }; - const w = circuitAdd.calculateWitness(input); - - const xout = w[circuitAdd.getSignalIdx("main.xout")]; - const yout = w[circuitAdd.getSignalIdx("main.yout")]; + const w = await circuitAdd.calculateWitness(input); - assert(xout.equals(0)); - assert(yout.equals(1)); + await circuitAdd.assertOut(w, {xout: bigInt(0), yout: bigInt(1)}); }); it("Should add 2 same numbers", async () => { const input={ - x1: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - y1: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"), - x2: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - y2: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475") + x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), + y1: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"), + x2: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), + y2: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475") }; - const w = circuitAdd.calculateWitness(input); + const w = await circuitAdd.calculateWitness(input); - const xout = w[circuitAdd.getSignalIdx("main.xout")]; - const yout = w[circuitAdd.getSignalIdx("main.yout")]; + await circuitAdd.assertOut(w, { + xout: bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"), + yout: bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889") + }); - assert(xout.equals(snarkjs.bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"))); - assert(yout.equals(snarkjs.bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"))); }); it("Should add 2 different numbers", async () => { const input={ - x1: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - y1: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"), - x2: snarkjs.bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"), - y2: snarkjs.bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311") + x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), + y1: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"), + x2: bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"), + y2: bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311") }; - const w = circuitAdd.calculateWitness(input); + const w = await circuitAdd.calculateWitness(input); - const xout = w[circuitAdd.getSignalIdx("main.xout")]; - const yout = w[circuitAdd.getSignalIdx("main.yout")]; + await circuitAdd.assertOut(w, { + xout: bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937"), + yout: bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499") + }); - /* - console.log(xout.toString()); - console.log(yout.toString()); - */ - - assert(xout.equals(snarkjs.bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937"))); - assert(yout.equals(snarkjs.bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499"))); }); - it("Should check 0 is a valid poiny", async() => { - const w = circuitTest.calculateWitness({x: 0, y:1}); - assert(circuitTest.checkWitness(w)); + it("Should check (0,1) is a valid poiny", async() => { + const w = await circuitTest.calculateWitness({x: 0, y:1}); + // TODO Check constraints + // assert(circuitTest.checkWitness(w)); }); - it("Should check 0 is an invalid poiny", async() => { + it("Should check (1,0) is an invalid point", async() => { try { - circuitTest.calculateWitness({x: 1, y: 0}); + await circuitTest.calculateWitness({x: 1, y: 0}); assert(false, "Should be a valid point"); } catch(err) { assert(/Constraint\sdoesn't\smatch(.*)168700\s!=\s1/.test(err.message) ); @@ -108,18 +94,20 @@ describe("Baby Jub test", function () { const rawpvk = Buffer.from("0001020304050607080900010203040506070809000102030405060708090021", "hex"); const pvk = eddsa.pruneBuffer(createBlakeHash("blake512").update(rawpvk).digest().slice(0,32)); - const S = bigInt.leBuff2int(pvk).shr(3); + const S = utils.leBuff2int(pvk).shiftRight(3); const A = eddsa.prv2pub(rawpvk); const input = { - in : S, - Ax : A[0], - Ay : A[1] - } + in : S + }; + + const w = await circuitPbk.calculateWitness(input); + + await circuitPbk.assertOut(w, {Ax : A[0], Ay: A[1]}); - const w = circuitPbk.calculateWitness(input); - assert(circuitPbk.checkWitness(w)); + // TODO Check constraints + // assert(circuitPbk.checkWitness(w)); }); }); diff --git a/test/circuits/in.json b/test/circuits/in.json index fba610b..702f06c 100644 --- a/test/circuits/in.json +++ b/test/circuits/in.json @@ -1 +1 @@ -{"in":[0,1,1,0,0,0,0,1,0,1,1,0,0,0,1,0,0,1,1,0,0,0,1,1,0,1,1,0,0,1,0,0,0,1,1,0,0,0,1,0,0,1,1,0,0,0,1,1,0,1,1,0,0,1,0,0,0,1,1,0,0,1,0,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,0,0,0,1,1,0,0,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,0,0,1,1,0,0,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,1,0,0,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,1,0,0,0,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,1,0,1,1,0,1,0,0,0,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,0,0,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,1,0,1,1,0,1,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,1,0,1,1,0,1,1,1,0,0,1,1,0,1,1,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,1,0,0,1,1,0,1,1,1,1,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1,0,1,1,1,1,0,1,1,1,0,0,0,0,0,1,1,1,0,0,0,1]} +{"in":"3876493977147089964395646989418653640709890493868463039177063670701706079087","Ax":"7544364404313686108640297486043592597084907953513982229886192880342666171487","Ay":"2721089742146723067451923493488918617350881493409568860627491866568993834336"} diff --git a/test/sha256.js b/test/sha256.js index 375a10f..3b1cd62 100644 --- a/test/sha256.js +++ b/test/sha256.js @@ -7,7 +7,7 @@ const assert = chai.assert; const sha256 = require("./helpers/sha256"); -const c_tester = require("circom").c_tester; +const tester = require("circom").tester; // const printSignal = require("./helpers/printsignal"); @@ -50,7 +50,7 @@ describe("SHA256 test", function () { }); it("Should calculate a hash of 1 compressor", async () => { - const cir = await c_tester(path.join(__dirname, "circuits", "sha256_2_test.circom")); + const cir = await tester(path.join(__dirname, "circuits", "sha256_2_test.circom")); const witness = await cir.calculateWitness({ "a": "1", "b": "2" }); @@ -71,7 +71,7 @@ describe("SHA256 test", function () { }).timeout(1000000); it("Should calculate a hash of 2 compressor", async () => { - const cir = await c_tester(path.join(__dirname, "circuits", "sha256_test512.circom")); + const cir = await tester(path.join(__dirname, "circuits", "sha256_test512.circom")); const b = new Buffer.alloc(64); for (let i=0; i<64; i++) { @@ -92,7 +92,7 @@ describe("SHA256 test", function () { }).timeout(1000000); it ("Should calculate a hash of 2 compressor", async () => { - const cir = await c_tester(path.join(__dirname, "circuits", "sha256_test448.circom")); + const cir = await tester(path.join(__dirname, "circuits", "sha256_test448.circom")); const testStr = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";