mirror of
https://github.com/arnaucube/circomlib.git
synced 2026-02-06 18:56:43 +01:00
pedersen working
This commit is contained in:
Jordi Baylina
62
src/eddsa.js
62
src/eddsa.js
@@ -1,11 +1,13 @@
|
||||
const createBlakeHash = require("blake-hash");
|
||||
const bigInt = require("snarkjs").bigInt;
|
||||
const bigInt = require("big-integer");
|
||||
const babyJub = require("./babyjub");
|
||||
const utils = require("./utils");
|
||||
const pedersenHash = require("./pedersenHash").hash;
|
||||
const mimc7 = require("./mimc7");
|
||||
const poseidon = require("./poseidon.js");
|
||||
const mimcsponge = require("./mimcsponge");
|
||||
|
||||
|
||||
exports.prv2pub= prv2pub;
|
||||
exports.sign = sign;
|
||||
exports.signMiMC = signMiMC;
|
||||
@@ -30,26 +32,26 @@ function pruneBuffer(_buff) {
|
||||
|
||||
function prv2pub(prv) {
|
||||
const sBuff = pruneBuffer(createBlakeHash("blake512").update(prv).digest().slice(0,32));
|
||||
let s = bigInt.leBuff2int(sBuff);
|
||||
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shr(3));
|
||||
let s = utils.leBuff2int(sBuff);
|
||||
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shiftRight(3));
|
||||
return A;
|
||||
}
|
||||
|
||||
function sign(prv, msg) {
|
||||
const h1 = createBlakeHash("blake512").update(prv).digest();
|
||||
const sBuff = pruneBuffer(h1.slice(0,32));
|
||||
const s = bigInt.leBuff2int(sBuff);
|
||||
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shr(3));
|
||||
const s = utils.leBuff2int(sBuff);
|
||||
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shiftRight(3));
|
||||
|
||||
const rBuff = createBlakeHash("blake512").update(Buffer.concat([h1.slice(32,64), msg])).digest();
|
||||
let r = bigInt.leBuff2int(rBuff);
|
||||
let r = utils.leBuff2int(rBuff);
|
||||
r = r.mod(babyJub.subOrder);
|
||||
const R8 = babyJub.mulPointEscalar(babyJub.Base8, r);
|
||||
const R8p = babyJub.packPoint(R8);
|
||||
const Ap = babyJub.packPoint(A);
|
||||
const hmBuff = pedersenHash(Buffer.concat([R8p, Ap, msg]));
|
||||
const hm = bigInt.leBuff2int(hmBuff);
|
||||
const S = r.add(hm.mul(s)).mod(babyJub.subOrder);
|
||||
const hm = utils.leBuff2int(hmBuff);
|
||||
const S = r.add(hm.times(s)).mod(babyJub.subOrder);
|
||||
return {
|
||||
R8: R8,
|
||||
S: S
|
||||
@@ -59,16 +61,16 @@ function sign(prv, msg) {
|
||||
function signMiMC(prv, msg) {
|
||||
const h1 = createBlakeHash("blake512").update(prv).digest();
|
||||
const sBuff = pruneBuffer(h1.slice(0,32));
|
||||
const s = bigInt.leBuff2int(sBuff);
|
||||
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shr(3));
|
||||
const s = utils.leBuff2int(sBuff);
|
||||
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shiftRight(3));
|
||||
|
||||
const msgBuff = bigInt.leInt2Buff(msg, 32);
|
||||
const msgBuff = utils.leInt2Buff(msg, 32);
|
||||
const rBuff = createBlakeHash("blake512").update(Buffer.concat([h1.slice(32,64), msgBuff])).digest();
|
||||
let r = bigInt.leBuff2int(rBuff);
|
||||
let r = utils.leBuff2int(rBuff);
|
||||
r = r.mod(babyJub.subOrder);
|
||||
const R8 = babyJub.mulPointEscalar(babyJub.Base8, r);
|
||||
const hm = mimc7.multiHash([R8[0], R8[1], A[0], A[1], msg]);
|
||||
const S = r.add(hm.mul(s)).mod(babyJub.subOrder);
|
||||
const S = r.add(hm.times(s)).mod(babyJub.subOrder);
|
||||
return {
|
||||
R8: R8,
|
||||
S: S
|
||||
@@ -78,16 +80,16 @@ function signMiMC(prv, msg) {
|
||||
function signMiMCSponge(prv, msg) {
|
||||
const h1 = createBlakeHash("blake512").update(prv).digest();
|
||||
const sBuff = pruneBuffer(h1.slice(0,32));
|
||||
const s = bigInt.leBuff2int(sBuff);
|
||||
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shr(3));
|
||||
const s = utils.leBuff2int(sBuff);
|
||||
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shiftRight(3));
|
||||
|
||||
const msgBuff = bigInt.leInt2Buff(msg, 32);
|
||||
const msgBuff = utils.leInt2Buff(msg, 32);
|
||||
const rBuff = createBlakeHash("blake512").update(Buffer.concat([h1.slice(32,64), msgBuff])).digest();
|
||||
let r = bigInt.leBuff2int(rBuff);
|
||||
let r = utils.leBuff2int(rBuff);
|
||||
r = r.mod(babyJub.subOrder);
|
||||
const R8 = babyJub.mulPointEscalar(babyJub.Base8, r);
|
||||
const hm = mimcsponge.multiHash([R8[0], R8[1], A[0], A[1], msg]);
|
||||
const S = r.add(hm.mul(s)).mod(babyJub.subOrder);
|
||||
const S = r.add(hm.times(s)).mod(babyJub.subOrder);
|
||||
return {
|
||||
R8: R8,
|
||||
S: S
|
||||
@@ -97,17 +99,17 @@ function signMiMCSponge(prv, msg) {
|
||||
function signPoseidon(prv, msg) {
|
||||
const h1 = createBlakeHash("blake512").update(prv).digest();
|
||||
const sBuff = pruneBuffer(h1.slice(0,32));
|
||||
const s = bigInt.leBuff2int(sBuff);
|
||||
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shr(3));
|
||||
const s = utils.leBuff2int(sBuff);
|
||||
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shiftRight(3));
|
||||
|
||||
const msgBuff = bigInt.leInt2Buff(msg, 32);
|
||||
const msgBuff = utils.leInt2Buff(msg, 32);
|
||||
const rBuff = createBlakeHash("blake512").update(Buffer.concat([h1.slice(32,64), msgBuff])).digest();
|
||||
let r = bigInt.leBuff2int(rBuff);
|
||||
let r = utils.leBuff2int(rBuff);
|
||||
r = r.mod(babyJub.subOrder);
|
||||
const R8 = babyJub.mulPointEscalar(babyJub.Base8, r);
|
||||
const hash = poseidon.createHash(6, 8, 57);
|
||||
const hm = hash([R8[0], R8[1], A[0], A[1], msg]);
|
||||
const S = r.add(hm.mul(s)).mod(babyJub.subOrder);
|
||||
const S = r.add(hm.times(s)).mod(babyJub.subOrder);
|
||||
return {
|
||||
R8: R8,
|
||||
S: S
|
||||
@@ -128,10 +130,10 @@ function verify(msg, sig, A) {
|
||||
const R8p = babyJub.packPoint(sig.R8);
|
||||
const Ap = babyJub.packPoint(A);
|
||||
const hmBuff = pedersenHash(Buffer.concat([R8p, Ap, msg]));
|
||||
const hm = bigInt.leBuff2int(hmBuff);
|
||||
const hm = utils.leBuff2int(hmBuff);
|
||||
|
||||
const Pleft = babyJub.mulPointEscalar(babyJub.Base8, sig.S);
|
||||
let Pright = babyJub.mulPointEscalar(A, hm.mul(bigInt("8")));
|
||||
let Pright = babyJub.mulPointEscalar(A, hm.times(bigInt("8")));
|
||||
Pright = babyJub.addPoint(sig.R8, Pright);
|
||||
|
||||
if (!Pleft[0].equals(Pright[0])) return false;
|
||||
@@ -153,7 +155,7 @@ function verifyMiMC(msg, sig, A) {
|
||||
const hm = mimc7.multiHash([sig.R8[0], sig.R8[1], A[0], A[1], msg]);
|
||||
|
||||
const Pleft = babyJub.mulPointEscalar(babyJub.Base8, sig.S);
|
||||
let Pright = babyJub.mulPointEscalar(A, hm.mul(bigInt("8")));
|
||||
let Pright = babyJub.mulPointEscalar(A, hm.times(bigInt("8")));
|
||||
Pright = babyJub.addPoint(sig.R8, Pright);
|
||||
|
||||
if (!Pleft[0].equals(Pright[0])) return false;
|
||||
@@ -177,7 +179,7 @@ function verifyPoseidon(msg, sig, A) {
|
||||
const hm = hash([sig.R8[0], sig.R8[1], A[0], A[1], msg]);
|
||||
|
||||
const Pleft = babyJub.mulPointEscalar(babyJub.Base8, sig.S);
|
||||
let Pright = babyJub.mulPointEscalar(A, hm.mul(bigInt("8")));
|
||||
let Pright = babyJub.mulPointEscalar(A, hm.times(bigInt("8")));
|
||||
Pright = babyJub.addPoint(sig.R8, Pright);
|
||||
|
||||
if (!Pleft[0].equals(Pright[0])) return false;
|
||||
@@ -199,7 +201,7 @@ function verifyMiMCSponge(msg, sig, A) {
|
||||
const hm = mimcsponge.multiHash([sig.R8[0], sig.R8[1], A[0], A[1], msg]);
|
||||
|
||||
const Pleft = babyJub.mulPointEscalar(babyJub.Base8, sig.S);
|
||||
let Pright = babyJub.mulPointEscalar(A, hm.mul(bigInt("8")));
|
||||
let Pright = babyJub.mulPointEscalar(A, hm.times(bigInt("8")));
|
||||
Pright = babyJub.addPoint(sig.R8, Pright);
|
||||
|
||||
if (!Pleft[0].equals(Pright[0])) return false;
|
||||
@@ -209,14 +211,14 @@ function verifyMiMCSponge(msg, sig, A) {
|
||||
|
||||
function packSignature(sig) {
|
||||
const R8p = babyJub.packPoint(sig.R8);
|
||||
const Sp = bigInt.leInt2Buff(sig.S, 32);
|
||||
const Sp = utils.leInt2Buff(sig.S, 32);
|
||||
return Buffer.concat([R8p, Sp]);
|
||||
}
|
||||
|
||||
function unpackSignature(sigBuff) {
|
||||
return {
|
||||
R8: babyJub.unpackPoint(sigBuff.slice(0,32)),
|
||||
S: bigInt.leBuff2int(sigBuff.slice(32,64))
|
||||
S: utils.leBuff2int(sigBuff.slice(32,64))
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
17
src/mimc7.js
17
src/mimc7.js
@@ -1,7 +1,8 @@
|
||||
const bn128 = require("snarkjs").bn128;
|
||||
const bigInt = require("snarkjs").bigInt;
|
||||
const bigInt = require("big-integer");
|
||||
const ZqField = require("fflib").ZqField;
|
||||
|
||||
const Web3Utils = require("web3-utils");
|
||||
const F = bn128.Fr;
|
||||
const F = new ZqField(bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617"));
|
||||
|
||||
const SEED = "mimc";
|
||||
const NROUNDS = 91;
|
||||
@@ -10,7 +11,7 @@ exports.getIV = (seed) => {
|
||||
if (typeof seed === "undefined") seed = SEED;
|
||||
const c = Web3Utils.keccak256(seed+"_iv");
|
||||
const cn = bigInt(Web3Utils.toBN(c).toString());
|
||||
const iv = cn.mod(F.q);
|
||||
const iv = cn.mod(F.p);
|
||||
return iv;
|
||||
};
|
||||
|
||||
@@ -22,7 +23,7 @@ exports.getConstants = (seed, nRounds) => {
|
||||
for (let i=1; i<nRounds; i++) {
|
||||
c = Web3Utils.keccak256(c);
|
||||
|
||||
const n1 = Web3Utils.toBN(c).mod(Web3Utils.toBN(F.q.toString()));
|
||||
const n1 = Web3Utils.toBN(c).mod(Web3Utils.toBN(F.p.toString()));
|
||||
const c2 = Web3Utils.padLeft(Web3Utils.toHex(n1), 64);
|
||||
cts[i] = bigInt(Web3Utils.toBN(c2).toString());
|
||||
}
|
||||
@@ -39,9 +40,9 @@ exports.hash = (_x_in, _k) =>{
|
||||
for (let i=0; i<NROUNDS; i++) {
|
||||
const c = cts[i];
|
||||
const t = (i==0) ? F.add(x_in, k) : F.add(F.add(r, k), c);
|
||||
r = F.exp(t, 7);
|
||||
r = F.pow(t, 7);
|
||||
}
|
||||
return F.affine(F.add(r, k));
|
||||
return F.add(r, k);
|
||||
};
|
||||
|
||||
exports.multiHash = (arr, key) => {
|
||||
@@ -60,5 +61,5 @@ exports.multiHash = (arr, key) => {
|
||||
exports.hash(bigInt(arr[i]), r)
|
||||
);
|
||||
}
|
||||
return F.affine(r);
|
||||
return r;
|
||||
};
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
const bn128 = require("snarkjs").bn128;
|
||||
const bigInt = require("snarkjs").bigInt;
|
||||
const bigInt = require("big-integer");
|
||||
const babyJub = require("./babyjub");
|
||||
const createBlakeHash = require("blake-hash");
|
||||
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
const bn128 = require("snarkjs").bn128;
|
||||
const bigInt = require("snarkjs").bigInt;
|
||||
const blake2b = require('blake2b');
|
||||
const bigInt = require("big-integer");
|
||||
const blake2b = require("blake2b");
|
||||
const assert = require("assert");
|
||||
const F = bn128.Fr;
|
||||
const ZqField = require("fflib").ZqField;
|
||||
const utils = require("./utils");
|
||||
|
||||
const F = new ZqField(bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617"));
|
||||
|
||||
const SEED = "poseidon";
|
||||
const NROUNDSF = 8;
|
||||
@@ -12,11 +14,11 @@ const T = 6;
|
||||
function getPseudoRandom(seed, n) {
|
||||
const res = [];
|
||||
let input = Buffer.from(seed);
|
||||
let h = blake2b(32).update(input).digest()
|
||||
let h = blake2b(32).update(input).digest();
|
||||
while (res.length<n) {
|
||||
const n = F.affine(bigInt.leBuff2int(h));
|
||||
const n = F.normalize(utils.leBuff2int(h));
|
||||
res.push(n);
|
||||
h = blake2b(32).update(h).digest()
|
||||
h = blake2b(32).update(h).digest();
|
||||
}
|
||||
|
||||
return res;
|
||||
@@ -48,7 +50,7 @@ exports.getMatrix = (t, seed, nRounds) => {
|
||||
for (let i=0; i<t; i++) {
|
||||
M[i] = new Array(t);
|
||||
for (let j=0; j<t; j++) {
|
||||
M[i][j] = F.affine(F.inverse(F.sub(cmatrix[i], cmatrix[t+j])));
|
||||
M[i][j] = F.normalize(F.inverse(F.sub(cmatrix[i], cmatrix[t+j])));
|
||||
}
|
||||
}
|
||||
return M;
|
||||
@@ -109,7 +111,7 @@ exports.createHash = (t, nRoundsF, nRoundsP, seed) => {
|
||||
}
|
||||
mix(state, M);
|
||||
}
|
||||
return F.affine(state[0]);
|
||||
return F.normalize(state[0]);
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user