Pedersen2 and BitPoints MulFix and MulAny

test/aliascheck.js

@@ -0,0 +1,74 @@
+const chai = require("chai");
+const path = require("path");
+const snarkjs = require("snarkjs");
+const compiler = require("circom");
+
+const assert = chai.assert;
+
+const bigInt = snarkjs.bigInt;
+
+function print(circuit, w, s) {
+    console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+function getBits(v, n) {
+    const res = [];
+    for (let i=0; i<n; i++) {
+        if (v.shr(i).isOdd()) {
+            res.push(bigInt.one);
+        } else {
+            res.push(bigInt.zero);
+        }
+    }
+    return res;
+}
+
+const q = bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617");
+
+describe("Aliascheck test", () => {
+    let circuit;
+    before( async() => {
+        const cirDef = await compiler(path.join(__dirname, "circuits", "aliascheck_test.circom"));
+
+        circuit = new snarkjs.Circuit(cirDef);
+
+        console.log("NConstrains: " + circuit.nConstraints);
+    });
+
+    it("Satisfy the aliastest 0", async () => {
+        const inp = getBits(bigInt.zero, 254);
+        circuit.calculateWitness({in: inp});
+    });
+
+    it("Satisfy the aliastest 3", async () => {
+        const inp = getBits(bigInt(3), 254);
+        circuit.calculateWitness({in: inp});
+    });
+
+    it("Satisfy the aliastest q-1", async () => {
+        const inp = getBits(q.sub(bigInt.one), 254);
+        circuit.calculateWitness({in: inp});
+    });
+
+    it("Nhot not satisfy an input of q", async () => {
+        const inp = getBits(q, 254);
+        try {
+            circuit.calculateWitness({in: inp});
+            assert(false);
+        } catch(err) {
+            assert.equal(err.message, "Constraint doesn't match: 1 != 0");
+        }
+    });
+
+    it("Nhot not satisfy all ones", async () => {
+
+        const inp = getBits(bigInt(1).shl(254).sub(bigInt(1)), 254);
+        try {
+            circuit.calculateWitness({in: inp});
+            assert(false);
+        } catch(err) {
+                assert.equal(err.message, "Constraint doesn't match: 1 != 0");
+        }
+    });
+
+});

test/babyjub.js

@@ -8,30 +8,35 @@ const assert = chai.assert;
 const bigInt = require("big-integer");
 
 
-describe("Baby Jub test", () => {
+describe("Baby Jub test", function () {
+    let circuitAdd;
+    let circuitTest;
+
+    this.timeout(100000);
+
+    before( async() => {
+        const cirDefAdd = await compiler(path.join(__dirname, "circuits", "babyadd_tester.circom"));
+        circuitAdd = new snarkjs.Circuit(cirDefAdd);
+        console.log("NConstrains BabyAdd: " + circuitAdd.nConstraints);
+
+        const cirDefTest = await compiler(path.join(__dirname, "circuits", "babycheck_test.circom"));
+        circuitTest = new snarkjs.Circuit(cirDefTest);
+        console.log("NConstrains BabyTest: " + circuitTest.nConstraints);
+    });
+
     it("Should add point (0,1) and (0,1)", async () => {
 
-        const cirDef = await compiler(path.join(__dirname, "circuits", "babyadd_tester.circom"));
-
-//        console.log(JSON.stringify(cirDef, null, 1));
-
-//        assert.equal(cirDef.nVars, 2);
-
-        const circuit = new snarkjs.Circuit(cirDef);
-
-        console.log("NConstrains: " + circuit.nConstraints);
-
         const input={
             x1: snarkjs.bigInt(0),
             y1: snarkjs.bigInt(1),
             x2: snarkjs.bigInt(0),
             y2: snarkjs.bigInt(1)
-        }
+        };
 
-        const w = circuit.calculateWitness(input);
+        const w = circuitAdd.calculateWitness(input);
 
-        const xout = w[circuit.getSignalIdx("main.xout")];
-        const yout = w[circuit.getSignalIdx("main.yout")];
+        const xout = w[circuitAdd.getSignalIdx("main.xout")];
+        const yout = w[circuitAdd.getSignalIdx("main.yout")];
 
         assert(xout.equals(0));
         assert(yout.equals(1));
@@ -39,27 +44,17 @@ describe("Baby Jub test", () => {
 
     it("Should add 2 same numbers", async () => {
 
-        const cirDef = await compiler(path.join(__dirname, "circuits", "babyadd_tester.circom"));
-
-//        console.log(JSON.stringify(cirDef, null, 1));
-
-//        assert.equal(cirDef.nVars, 2);
-
-        const circuit = new snarkjs.Circuit(cirDef);
-
-        console.log("NConstrains: " + circuit.nConstraints);
-
         const input={
             x1: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
             y1: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
             x2: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
             y2: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")
-        }
+        };
 
-        const w = circuit.calculateWitness(input);
+        const w = circuitAdd.calculateWitness(input);
 
-        const xout = w[circuit.getSignalIdx("main.xout")];
-        const yout = w[circuit.getSignalIdx("main.yout")];
+        const xout = w[circuitAdd.getSignalIdx("main.xout")];
+        const yout = w[circuitAdd.getSignalIdx("main.yout")];
 
         assert(xout.equals(snarkjs.bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365")));
         assert(yout.equals(snarkjs.bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889")));
@@ -67,32 +62,39 @@ describe("Baby Jub test", () => {
 
     it("Should add 2 different numbers", async () => {
 
-        const cirDef = await compiler(path.join(__dirname, "circuits", "babyadd_tester.circom"));
-
-//        console.log(JSON.stringify(cirDef, null, 1));
-
-//        assert.equal(cirDef.nVars, 2);
-
-        const circuit = new snarkjs.Circuit(cirDef);
-
-        console.log("NConstrains: " + circuit.nConstraints);
-
         const input={
             x1: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
             y1: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
             x2: snarkjs.bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
             y2: snarkjs.bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311")
-        }
+        };
 
-        const w = circuit.calculateWitness(input);
+        const w = circuitAdd.calculateWitness(input);
 
-        const xout = w[circuit.getSignalIdx("main.xout")];
-        const yout = w[circuit.getSignalIdx("main.yout")];
+        const xout = w[circuitAdd.getSignalIdx("main.xout")];
+        const yout = w[circuitAdd.getSignalIdx("main.yout")];
 
+        /*
         console.log(xout.toString());
         console.log(yout.toString());
+        */
 
         assert(xout.equals(snarkjs.bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937")));
         assert(yout.equals(snarkjs.bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499")));
     });
+
+    it("Should check 0 is a valid poiny", async() => {
+        const w = circuitTest.calculateWitness({x: 0, y:1});
+        assert(circuitTest.checkWitness(w));
+    });
+
+    it("Should check 0 is an invalid poiny", async() => {
+        try {
+            circuitTest.calculateWitness({x: 1, y: 0});
+            assert(false, "Should be a valid point");
+        } catch(err) {
+            assert.equal(err.message, "Constraint doesn't match: 168700 != 1");
+        }
+    });
+
 });

test/circuits/aliascheck_test.circom

@@ -0,0 +1,3 @@
+include "../../circuit/aliascheck.circom";
+
+component main = AliasCheck()

test/circuits/babycheck_test.circom

@@ -0,0 +1,3 @@
+include "../../circuit/babyjub.circom";
+
+component main = BabyCheck();

test/circuits/edwards2montgomery.circom

@@ -0,0 +1,3 @@
+include "../../circuit/montgomery.circom";
+
+component main = Edwards2Montgomery();

test/circuits/escalarmulany_test.circom

@@ -0,0 +1,28 @@
+include "../../circuit/escalarmulany.circom";
+include "../../node_modules/circom/circuits/bitify.circom";
+
+template Main() {
+    signal input e;
+    signal input p[2];
+    signal output out[2];
+
+    component n2b = Num2Bits(253);
+    component escalarMulAny = EscalarMulAny(253);
+
+    escalarMulAny.p[0] <== p[0];
+    escalarMulAny.p[1] <== p[1];
+
+    var i;
+
+    e ==> n2b.in;
+
+    for  (i=0; i<253; i++) {
+        n2b.out[i] ==> escalarMulAny.e[i];
+    }
+
+    escalarMulAny.out[0] ==> out[0];
+    escalarMulAny.out[1] ==> out[1];
+}
+
+component main = Main();
+

test/circuits/escalarmulfix_test.circom

@@ -0,0 +1,29 @@
+include "../../circuit/escalarmulfix.circom";
+include "../../node_modules/circom/circuits/bitify.circom";
+
+
+template Main() {
+    signal input e;
+    signal output out[2];
+
+    var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+            2626589144620713026669568689430873010625803728049924121243784502389097019475]
+
+
+    component n2b = Num2Bits(253);
+    component escalarMul = EscalarMulFix(253, base);
+
+    var i;
+
+    e ==> n2b.in;
+
+    for  (i=0; i<253; i++) {
+        n2b.out[i] ==> escalarMul.e[i];
+    }
+
+    escalarMul.out[0] ==> out[0];
+    escalarMul.out[1] ==> out[1];
+}
+
+component main = Main();
+

test/circuits/montgomery2edwards.circom

@@ -0,0 +1,3 @@
+include "../../circuit/montgomery.circom";
+
+component main = Montgomery2Edwards();

test/circuits/montgomeryadd.circom

@@ -0,0 +1,3 @@
+include "../../circuit/montgomery.circom";
+
+component main = MontgomeryAdd();

test/circuits/montgomerydouble.circom

@@ -0,0 +1,3 @@
+include "../../circuit/montgomery.circom";
+
+component main = MontgomeryDouble();

test/circuits/mux3_1.circom

@@ -0,0 +1,39 @@
+include "../../circuit/mux3.circom";
+include "../../node_modules/circom/circuits/bitify.circom";
+
+
+template Constants() {
+    var i;
+    signal output out[8];
+
+    out[0] <== 37;
+    out[1] <== 47;
+    out[2] <== 53;
+    out[3] <== 71;
+    out[4] <== 89;
+    out[5] <== 107;
+    out[6] <== 163;
+    out[7] <== 191;
+}
+
+template Main() {
+    var i;
+    signal private input selector;
+    signal output out;
+
+    component mux = Mux3();
+    component n2b = Num2Bits(3);
+    component cst = Constants();
+
+    selector ==> n2b.in;
+    for (i=0; i<3; i++) {
+        n2b.out[i] ==> mux.s[i];
+    }
+    for (i=0; i<8; i++) {
+        cst.out[i] ==> mux.c[i];
+    }
+
+    mux.out ==> out;
+}
+
+component main = Main();

test/circuits/pedersen2_test.circom

@@ -0,0 +1,32 @@
+include "../../circuit/pedersen2.circom";
+include "../../node_modules/circom/circuits/bitify.circom";
+
+
+template Main() {
+    signal input in;
+    signal output out[2];
+
+    component pedersen = Pedersen(256);
+
+    component n2b;
+    n2b = Num2Bits(253);
+
+    var i;
+
+    in ==> n2b.in;
+
+    for  (i=0; i<253; i++) {
+        pedersen.in[i] <== n2b.out[i];
+    }
+
+    for (i=253; i<256; i++) {
+        pedersen.in[i] <== 0;
+    }
+
+    pedersen.out[0] ==> out[0];
+    pedersen.out[1] ==> out[1];
+}
+
+component main = Main();
+
+

test/circuits/pedersen_test.circom

@@ -6,20 +6,20 @@ template Main() {
     signal input in[2];
     signal output out[2];
 
-    component pedersen = Pedersen(253*2);
+    component pedersen = Pedersen(250*2);
 
     component n2b[2];
-    n2b[0] = Num2Bits(253);
-    n2b[1] = Num2Bits(253);
+    n2b[0] = Num2Bits(250);
+    n2b[1] = Num2Bits(250);
 
     var i;
 
     in[0] ==> n2b[0].in;
     in[1] ==> n2b[1].in;
 
-    for  (i=0; i<253; i++) {
+    for  (i=0; i<250; i++) {
         n2b[0].out[i] ==> pedersen.in[i];
-        n2b[1].out[i] ==> pedersen.in[253+i];
+        n2b[1].out[i] ==> pedersen.in[250+i];
     }
 
     pedersen.out[0] ==> out[0];

test/circuits/pointbits_loopback.circom

@@ -0,0 +1,23 @@
+include "../../circuit/pointbits.circom";
+
+
+template Main() {
+    signal input in[2];
+
+    var i
+
+    component p2b = Point2Bits_Strict();
+    component b2p = Bits2Point_Strict();
+
+    p2b.in[0] <== in[0];
+    p2b.in[1] <== in[1];
+
+    for (i=0; i<256; i++) {
+        b2p.in[i] <== p2b.out[i];
+    }
+
+    b2p.out[0] === in[0];
+    b2p.out[1] === in[1];
+}
+
+component main = Main();

test/circuits/sign_test.circom

@@ -0,0 +1,3 @@
+include "../../circuit/sign.circom";
+
+component main = Sign();

test/escalarmulany.js

@@ -0,0 +1,59 @@
+const chai = require("chai");
+const path = require("path");
+const snarkjs = require("snarkjs");
+const compiler = require("circom");
+
+const assert = chai.assert;
+
+const bigInt = snarkjs.bigInt;
+
+
+function print(circuit, w, s) {
+    console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+describe("Escalarmul test", function () {
+    let circuitEMulAny;
+
+    this.timeout(100000);
+
+    let g = [
+        snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+        snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")
+    ];
+
+    before( async() => {
+        const cirDefEMulAny = await compiler(path.join(__dirname, "circuits", "escalarmulany_test.circom"));
+        circuitEMulAny = new snarkjs.Circuit(cirDefEMulAny);
+        console.log("NConstrains Escalarmul any: " + circuitEMulAny.nConstraints);
+    });
+
+    it("Should generate Same escalar mul", async () => {
+
+        const w = circuitEMulAny.calculateWitness({"e": 1, "p": g});
+
+        assert(circuitEMulAny.checkWitness(w));
+
+        const xout = w[circuitEMulAny.getSignalIdx("main.out[0]")];
+        const yout = w[circuitEMulAny.getSignalIdx("main.out[1]")];
+
+        assert(xout.equals(g[0]));
+        assert(yout.equals(g[1]));
+    });
+
+    it("If multiply by order should return 0", async () => {
+
+        const r = bigInt("2736030358979909402780800718157159386076813972158567259200215660948447373041");
+        const w = circuitEMulAny.calculateWitness({"e": r, "p": g});
+
+        assert(circuitEMulAny.checkWitness(w));
+
+        const xout = w[circuitEMulAny.getSignalIdx("main.out[0]")];
+        const yout = w[circuitEMulAny.getSignalIdx("main.out[1]")];
+
+        assert(xout.equals(bigInt.zero));
+        assert(yout.equals(bigInt.one));
+    });
+
+});
+

test/escalarmulfix.js

@@ -0,0 +1,67 @@
+const chai = require("chai");
+const path = require("path");
+const snarkjs = require("snarkjs");
+const compiler = require("circom");
+const babyjub = require("../src/babyjub");
+
+const assert = chai.assert;
+
+const bigInt = snarkjs.bigInt;
+
+
+function print(circuit, w, s) {
+    console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+describe("Escalarmul test", function () {
+    let circuit;
+
+    this.timeout(100000);
+
+    before( async() => {
+        const cirDef = await compiler(path.join(__dirname, "circuits", "escalarmulfix_test.circom"));
+        circuit = new snarkjs.Circuit(cirDef);
+        console.log("NConstrains Escalarmul fix: " + circuit.nConstraints);
+    });
+
+    it("Should generate Same escalar mul", async () => {
+
+        const w = circuit.calculateWitness({"e": 0});
+
+        assert(circuit.checkWitness(w));
+
+        const xout = w[circuit.getSignalIdx("main.out[0]")];
+        const yout = w[circuit.getSignalIdx("main.out[1]")];
+
+        assert(xout.equals(0));
+        assert(yout.equals(1));
+    });
+
+    it("Should generate Same escalar mul", async () => {
+
+        const w = circuit.calculateWitness({"e": 1});
+
+        assert(circuit.checkWitness(w));
+
+        const xout = w[circuit.getSignalIdx("main.out[0]")];
+        const yout = w[circuit.getSignalIdx("main.out[1]")];
+
+        assert(xout.equals(babyjub.Base8[0]));
+        assert(yout.equals(babyjub.Base8[1]));
+    });
+
+    it("If multiply by order should return 0", async () => {
+
+        const w = circuit.calculateWitness({"e": babyjub.subOrder });
+
+        assert(circuit.checkWitness(w));
+
+        const xout = w[circuit.getSignalIdx("main.out[0]")];
+        const yout = w[circuit.getSignalIdx("main.out[1]")];
+
+        assert(xout.equals(bigInt.zero));
+        assert(yout.equals(bigInt.one));
+    });
+
+});
+

test/montgomery.js

@@ -0,0 +1,99 @@
+const chai = require("chai");
+const path = require("path");
+const snarkjs = require("snarkjs");
+const compiler = require("circom");
+const babyJub = require("../src/babyjub.js");
+
+const assert = chai.assert;
+
+const bigInt = snarkjs.bigInt;
+
+describe("Montgomery test", function () {
+    let circuitE2M;
+    let circuitM2E;
+    let circuitMAdd;
+    let circuitMDouble;
+
+    let g = [
+        snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+        snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")];
+
+    let mg, mg2, g2, g3, mg3;
+
+    this.timeout(100000);
+    before( async() => {
+        const cirDefE2M = await compiler(path.join(__dirname, "circuits", "edwards2montgomery.circom"));
+        circuitE2M = new snarkjs.Circuit(cirDefE2M);
+        console.log("NConstrains Edwards -> Montgomery: " + circuitE2M.nConstraints);
+
+        const cirDefM2E = await compiler(path.join(__dirname, "circuits", "montgomery2edwards.circom"));
+        circuitM2E = new snarkjs.Circuit(cirDefM2E);
+        console.log("NConstrains Montgomery -> Edwards: " + circuitM2E.nConstraints);
+
+        const cirDefMAdd = await compiler(path.join(__dirname, "circuits", "montgomeryadd.circom"));
+        circuitMAdd = new snarkjs.Circuit(cirDefMAdd);
+        console.log("NConstrains Montgomery Add: " + circuitMAdd.nConstraints);
+
+        const cirDefMDouble = await compiler(path.join(__dirname, "circuits", "montgomerydouble.circom"));
+        circuitMDouble = new snarkjs.Circuit(cirDefMDouble);
+        console.log("NConstrains Montgomery Double: " + circuitMDouble.nConstraints);
+    });
+    it("Convert Edwards to Montgomery and back again", async () => {
+        let w, xout, yout;
+
+        w = circuitE2M.calculateWitness({ in: g});
+
+        xout = w[circuitE2M.getSignalIdx("main.out[0]")];
+        yout = w[circuitE2M.getSignalIdx("main.out[1]")];
+
+        mg = [xout, yout];
+
+        w = circuitM2E.calculateWitness({ in: [xout, yout]});
+
+        xout = w[circuitM2E.getSignalIdx("main.out[0]")];
+        yout = w[circuitM2E.getSignalIdx("main.out[1]")];
+
+        assert(xout.equals(g[0]));
+        assert(yout.equals(g[1]));
+    });
+    it("Should double a point", async () => {
+        let w, xout, yout;
+
+        g2 = babyJub.addPoint(g,g);
+
+        w = circuitMDouble.calculateWitness({ in: mg});
+
+        xout = w[circuitE2M.getSignalIdx("main.out[0]")];
+        yout = w[circuitE2M.getSignalIdx("main.out[1]")];
+
+        mg2 = [xout, yout];
+
+        w = circuitM2E.calculateWitness({ in: mg2});
+
+        xout = w[circuitM2E.getSignalIdx("main.out[0]")];
+        yout = w[circuitM2E.getSignalIdx("main.out[1]")];
+
+        assert(xout.equals(g2[0]));
+        assert(yout.equals(g2[1]));
+    });
+    it("Should add a point", async () => {
+        let w, xout, yout;
+
+        g3 = babyJub.addPoint(g,g2);
+
+        w = circuitMAdd.calculateWitness({ in1: mg, in2: mg2});
+
+        xout = w[circuitMAdd.getSignalIdx("main.out[0]")];
+        yout = w[circuitMAdd.getSignalIdx("main.out[1]")];
+
+        mg3 = [xout, yout];
+
+        w = circuitM2E.calculateWitness({ in: mg3});
+
+        xout = w[circuitM2E.getSignalIdx("main.out[0]")];
+        yout = w[circuitM2E.getSignalIdx("main.out[1]")];
+
+        assert(xout.equals(g3[0]));
+        assert(yout.equals(g3[1]));
+    });
+});

test/multiplexer.js

@@ -5,7 +5,7 @@ const compiler = require("circom");
 
 const assert = chai.assert;
 
-const bigInt = require("big-integer");
+const bigInt = snarkjs.bigInt;
 
 
 describe("Mux4 test", () => {
@@ -19,15 +19,63 @@ describe("Mux4 test", () => {
 
         const circuit = new snarkjs.Circuit(cirDef);
 
-        console.log("NConstrains: " + circuit.nConstraints);
+        console.log("NConstrains Mux4: " + circuit.nConstraints);
 
-        for (i=0; i<16; i++) {
-            const w = circuit.calculateWitness({ "selector": snarkjs.bigInt(i).toString() });
+        const ct16 = [
+            bigInt("123"),
+            bigInt("456"),
+            bigInt("789"),
+            bigInt("012"),
+            bigInt("111"),
+            bigInt("222"),
+            bigInt("333"),
+            bigInt("4546"),
+            bigInt("134523"),
+            bigInt("44356"),
+            bigInt("15623"),
+            bigInt("4566"),
+            bigInt("1223"),
+            bigInt("4546"),
+            bigInt("4256"),
+            bigInt("4456")
+        ];
 
-            assert(w[0].equals(snarkjs.bigInt(1)));
+        for (let i=0; i<16; i++) {
+            const w = circuit.calculateWitness({ "selector": i });
 
-            console.log(i + " -> " + w[circuit.getSignalIdx("main.out")].toString());
-//            assert(w[circuit.getSignalIdx("main.out")].equals(snarkjs.bigInt("100").add(snarkjs.bigInt(i))));
+            assert(w[0].equals(bigInt(1)));
+
+            // console.log(i + " -> " + w[circuit.getSignalIdx("main.out")].toString());
+            assert(w[circuit.getSignalIdx("main.out")].equals(ct16[i]));
+        }
+    });
+
+    it("Should create a constant multiplexer", async () => {
+
+        const cirDef = await compiler(path.join(__dirname, "circuits", "mux3_1.circom"));
+
+        const circuit = new snarkjs.Circuit(cirDef);
+
+        console.log("NConstrains Mux3: " + circuit.nConstraints);
+
+        const ct8 = [
+            bigInt("37"),
+            bigInt("47"),
+            bigInt("53"),
+            bigInt("71"),
+            bigInt("89"),
+            bigInt("107"),
+            bigInt("163"),
+            bigInt("191")
+        ];
+
+        for (let i=0; i<8; i++) {
+            const w = circuit.calculateWitness({ "selector": i });
+
+            assert(w[0].equals(bigInt(1)));
+
+            // console.log(i + " -> " + w[circuit.getSignalIdx("main.out")].toString());
+            assert(w[circuit.getSignalIdx("main.out")].equals(ct8[i]));
         }
     });
 });

test/pedersen.js

@@ -88,7 +88,7 @@ describe("Double Pedersen test", function() {
     it("Should pedersen all ones", async () => {
         let w, xout, yout;
 
-        const allOnes = bigInt("1").shl(251).sub(bigInt("1"));
+        const allOnes = bigInt("1").shl(250).sub(bigInt("1"));
         w = circuit.calculateWitness({ in: [allOnes, allOnes]});
 
         xout = w[circuit.getSignalIdx("main.out[0]")];

test/pedersen2.js

@@ -0,0 +1,74 @@
+const chai = require("chai");
+const path = require("path");
+const snarkjs = require("snarkjs");
+const compiler = require("circom");
+
+const assert = chai.assert;
+
+const bigInt = snarkjs.bigInt;
+
+const babyJub = require("../src/babyjub.js");
+const pedersen = require("../src/pedersenHash.js");
+
+
+describe("Pedersen test", function() {
+    let circuit;
+    this.timeout(100000);
+    before( async() => {
+        const cirDef = await compiler(path.join(__dirname, "circuits", "pedersen2_test.circom"));
+
+        circuit = new snarkjs.Circuit(cirDef);
+
+        console.log("NConstrains Pedersen2: " + circuit.nConstraints);
+    });
+    it("Should pedersen at zero", async () => {
+
+        let w, xout, yout;
+
+        w = circuit.calculateWitness({ in: 0});
+
+        xout = w[circuit.getSignalIdx("main.out[0]")];
+        yout = w[circuit.getSignalIdx("main.out[1]")];
+
+        const b = Buffer.alloc(32);
+
+        const h = pedersen.hash(b);
+        const hP = babyJub.unpackPoint(h);
+
+        /*
+        console.log(`[${xout.toString()}, ${yout.toString()}]`);
+        console.log(`[${hP[0].toString()}, ${hP[1].toString()}]`);
+        */
+
+        assert(xout.equals(hP[0]));
+        assert(yout.equals(hP[1]));
+    });
+    it("Should pedersen with 253 ones", async () => {
+
+        let w, xout, yout;
+
+        const n = bigInt.one.shl(253).sub(bigInt.one);
+        console.log(n.toString(16));
+
+        w = circuit.calculateWitness({ in: n});
+
+        xout = w[circuit.getSignalIdx("main.out[0]")];
+        yout = w[circuit.getSignalIdx("main.out[1]")];
+
+        const b = Buffer.alloc(32);
+        for (let i=0; i<31; i++) b[i] = 0xFF;
+        b[31] = 0x1F;
+
+
+        const h = pedersen.hash(b);
+        const hP = babyJub.unpackPoint(h);
+
+        /*
+        console.log(`[${xout.toString()}, ${yout.toString()}]`);
+        console.log(`[${hP[0].toString()}, ${hP[1].toString()}]`);
+        */
+
+        assert(xout.equals(hP[0]));
+        assert(yout.equals(hP[1]));
+    });
+});

test/point2bits.js

@@ -0,0 +1,33 @@
+const chai = require("chai");
+const path = require("path");
+const snarkjs = require("snarkjs");
+const compiler = require("circom");
+
+const assert = chai.assert;
+
+const bigInt = snarkjs.bigInt;
+
+const babyJub = require("../src/babyjub.js");
+
+
+describe("Point 2 bits test", function() {
+    let circuit;
+    this.timeout(100000);
+    before( async() => {
+        const cirDef = await compiler(path.join(__dirname, "circuits", "pointbits_loopback.circom"));
+
+        circuit = new snarkjs.Circuit(cirDef);
+
+        console.log("NConstrains Point2Bits loopback: " + circuit.nConstraints);
+    });
+    it("Should do the both convertions for 8Base", async () => {
+        const w = circuit.calculateWitness({ in: babyJub.Base8});
+
+        assert(circuit.checkWitness(w));
+    });
+    it("Should do the both convertions for Zero point", async () => {
+        const w = circuit.calculateWitness({ in: [0, 1]});
+
+        assert(circuit.checkWitness(w));
+    });
+});

test/sign.js

@@ -0,0 +1,88 @@
+const chai = require("chai");
+const path = require("path");
+const snarkjs = require("snarkjs");
+const compiler = require("circom");
+
+const assert = chai.assert;
+
+const bigInt = snarkjs.bigInt;
+
+function print(circuit, w, s) {
+    console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+function getBits(v, n) {
+    const res = [];
+    for (let i=0; i<n; i++) {
+        if (v.shr(i).isOdd()) {
+            res.push(bigInt.one);
+        } else {
+            res.push(bigInt.zero);
+        }
+    }
+    return res;
+}
+
+const q = bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617");
+
+describe("Aliascheck test", () => {
+    let circuit;
+    before( async() => {
+        const cirDef = await compiler(path.join(__dirname, "circuits", "sign_test.circom"));
+
+        circuit = new snarkjs.Circuit(cirDef);
+
+        console.log("NConstrains: " + circuit.nConstraints);
+    });
+
+    it("Sign of 0", async () => {
+        const inp = getBits(bigInt.zero, 254);
+        const w = circuit.calculateWitness({in: inp});
+
+        assert( w[circuit.getSignalIdx("main.sign")].equals(bigInt(0)) );
+    });
+
+    it("Sign of 3", async () => {
+        const inp = getBits(bigInt(3), 254);
+        const w = circuit.calculateWitness({in: inp});
+
+        assert( w[circuit.getSignalIdx("main.sign")].equals(bigInt(0)) );
+    });
+
+    it("Sign of q/2", async () => {
+        const inp = getBits(q.shr(bigInt.one), 254);
+        const w = circuit.calculateWitness({in: inp});
+
+        assert( w[circuit.getSignalIdx("main.sign")].equals(bigInt(0)) );
+    });
+
+    it("Sign of q/2+1", async () => {
+        const inp = getBits(q.shr(bigInt.one).add(bigInt.one), 254);
+        const w = circuit.calculateWitness({in: inp});
+
+        assert( w[circuit.getSignalIdx("main.sign")].equals(bigInt(1)) );
+    });
+
+    it("Sign of q-1", async () => {
+        const inp = getBits(q.sub(bigInt.one), 254);
+        const w = circuit.calculateWitness({in: inp});
+
+        assert( w[circuit.getSignalIdx("main.sign")].equals(bigInt(1)) );
+    });
+
+    it("Sign of q", async () => {
+        const inp = getBits(q, 254);
+        const w = circuit.calculateWitness({in: inp});
+
+        assert( w[circuit.getSignalIdx("main.sign")].equals(bigInt(1)) );
+    });
+
+    it("Sign of all ones", async () => {
+        const inp = getBits(bigInt(1).shl(254).sub(bigInt(1)), 254);
+        const w = circuit.calculateWitness({in: inp});
+
+        assert( w[circuit.getSignalIdx("main.sign")].equals(bigInt(1)) );
+    });
+
+
+});