From 81981a142ce303031be2dca05f2e961c80d0640a Mon Sep 17 00:00:00 2001 From: Jordi Baylina Date: Sun, 11 Nov 2018 19:52:07 +0100 Subject: [PATCH] Pedersen Hash Base Points Calculation --- calcpedersenbases/calcpedersenbases.js | 84 +++++ circuit.json | 298 ++++++++++++++++++ circuit/eddsa.circom | 22 ++ circuit/{exp.circom => escalarmul.circom} | 17 +- ...4table.circom => escalarmulw4table.circom} | 7 +- circuit/pedersen.circom | 47 +++ package-lock.json | 62 +++- package.json | 6 +- test/babyjub.js | 40 +-- test/circuits/escalarmul_min_test.circom | 26 ++ test/circuits/escalarmul_test.circom | 31 ++ test/circuits/escalarmul_test_min.circom | 26 ++ test/circuits/escalarmulw4table.circom | 6 + test/circuits/escalarmulw4table_test.circom | 6 + test/circuits/escalarmulw4table_test3.circom | 6 + test/circuits/exp_test.circom | 10 +- test/circuits/exp_test_min.circom | 10 +- test/circuits/expw4table_test.circom | 3 - test/circuits/expw4table_test3.circom | 3 - test/circuits/mux4_1.circom | 2 +- test/{exp.js => escalarmul.js} | 34 +- test/multiplexer.js | 10 +- 22 files changed, 669 insertions(+), 87 deletions(-) create mode 100644 calcpedersenbases/calcpedersenbases.js create mode 100644 circuit.json create mode 100644 circuit/eddsa.circom rename circuit/{exp.circom => escalarmul.circom} (94%) rename circuit/{expw4table.circom => escalarmulw4table.circom} (71%) create mode 100644 circuit/pedersen.circom create mode 100644 test/circuits/escalarmul_min_test.circom create mode 100644 test/circuits/escalarmul_test.circom create mode 100644 test/circuits/escalarmul_test_min.circom create mode 100644 test/circuits/escalarmulw4table.circom create mode 100644 test/circuits/escalarmulw4table_test.circom create mode 100644 test/circuits/escalarmulw4table_test3.circom delete mode 100644 test/circuits/expw4table_test.circom delete mode 100644 test/circuits/expw4table_test3.circom rename test/{exp.js => escalarmul.js} (82%) diff --git a/calcpedersenbases/calcpedersenbases.js b/calcpedersenbases/calcpedersenbases.js new file mode 100644 index 0000000..be9617c --- /dev/null +++ b/calcpedersenbases/calcpedersenbases.js @@ -0,0 +1,84 @@ +const bn128 = require("snarkjs").bn128; +const bigInt = require("snarkjs").bigInt; +const createBlakeHash = require("blake-hash"); +const assert = require("assert"); + +function getPoint(S) { + const F = bn128.Fr; + const h = createBlakeHash("blake256").update(S).digest(); + + assert(h.length == 32); + + let sign = false; + if (h[31] & 0x80) { + h[31] = h[31] & 0x7F; + sign = true; + } + + let x = bigInt(0); + for (let i=0; i<32; i++) { + x = x.shl(8); + x = x.add(bigInt(h[i])); + } + + const a = bigInt("168700"); + const d = bigInt("168696"); + + const x2 = F.square(x); + + let y = F.sqrt(F.div( + F.sub(F.one, F.mul(a, x2)), + F.sub(F.one, F.mul(d, x2)))); + + if (y == null) return null; + + if (sign) y = F.neg(y); + + return [bn128.Fr.affine(x), bn128.Fr.affine(y)]; +} + + +function generatePoint(S) { + let p= null; + let idx = 0; + while (p==null) { + let sidx = "" + idx; + while (sidx.length<16) sidx = "0"+sidx; + p = getPoint(S+"_"+sidx); + idx++; + } + assert(inCurve(p)); + return p; +} + +function inCurve(p) { + const F = bn128.Fr; + + const a = bigInt("168700"); + const d = bigInt("168696"); + + const x2 = F.square(p[0]); + const y2 = F.square(p[1]); + + return F.equals( + F.add(F.mul(a, x2), y2), + F.add(F.one, F.mul(F.mul(x2, y2), d))); +} + +const g = [ + bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), + bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")]; + +if (!inCurve(g)) { + throw new Error("Generator not In curve -> Some thing goes wrong..."); +} + +for (let i=0; i<25; i++) { + let S = "" +i; + while (S.length<16) S = "0"+S; + const P = generatePoint("Iden3_PedersenGenerator_"+S); + console.log(`[${P[0].toString()}, ${P[1].toString()}]`); +} + + + diff --git a/circuit.json b/circuit.json new file mode 100644 index 0000000..60ff6a1 --- /dev/null +++ b/circuit.json @@ -0,0 +1,298 @@ +{ + "mainCode": "{\n {\n }\n ctx.setVar(\"base\", [], [\"17777552123799933955779906779655732241715742912184938656739573121738514868268\",\"2626589144620713026669568689430873010625803728049924121243784502389097019475\"]);\n}\n", + "signalName2Idx": { + "one": 0, + "main.out[0][0]": 1, + "main.out[0][1]": 2, + "main.out[1][0]": 3, + "main.out[1][1]": 4, + "main.out[2][0]": 5, + "main.out[2][1]": 6, + "main.out[3][0]": 7, + "main.out[3][1]": 8, + "main.out[4][0]": 9, + "main.out[4][1]": 10, + "main.out[5][0]": 11, + "main.out[5][1]": 12, + "main.out[6][0]": 13, + "main.out[6][1]": 14, + "main.out[7][0]": 15, + "main.out[7][1]": 16, + "main.out[8][0]": 17, + "main.out[8][1]": 18, + "main.out[9][0]": 19, + "main.out[9][1]": 20, + "main.out[10][0]": 21, + "main.out[10][1]": 22, + "main.out[11][0]": 23, + "main.out[11][1]": 24, + "main.out[12][0]": 25, + "main.out[12][1]": 26, + "main.out[13][0]": 27, + "main.out[13][1]": 28, + "main.out[14][0]": 29, + "main.out[14][1]": 30, + "main.out[15][0]": 31, + "main.out[15][1]": 32 + }, + "components": [ + { + "name": "main", + "params": { + "base": [ + { + "type": "NUMBER", + "value": "17777552123799933955779906779655732241715742912184938656739573121738514868268", + "first_line": 3, + "first_column": 12, + "last_line": 3, + "last_column": 89 + }, + { + "type": "NUMBER", + "value": "2626589144620713026669568689430873010625803728049924121243784502389097019475", + "first_line": 4, + "first_column": 12, + "last_line": 4, + "last_column": 88 + } + ], + "k": { + "type": "NUMBER", + "value": "0", + "first_line": 6, + "first_column": 41, + "last_line": 6, + "last_column": 42 + } + }, + "template": "EscalarMulW4Table", + "inputSignals": 0 + } + ], + "componentName2Idx": { + "main": 0 + }, + "signals": [ + { + "names": [ + "one" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[0][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[0][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[1][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[1][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[2][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[2][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[3][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[3][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[4][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[4][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[5][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[5][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[6][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[6][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[7][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[7][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[8][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[8][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[9][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[9][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[10][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[10][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[11][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[11][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[12][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[12][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[13][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[13][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[14][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[14][1]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[15][0]" + ], + "triggerComponents": [] + }, + { + "names": [ + "main.out[15][1]" + ], + "triggerComponents": [] + } + ], + "constraints": [], + "templates": { + "EscalarMulW4Table": "function(ctx) {\n ctx.setVar(\"dbl\", [], ctx.getVar(\"base\",[]));\n for (ctx.setVar(\"i\", [], \"0\");bigInt(ctx.getVar(\"i\",[])).lt(bigInt(bigInt(ctx.getVar(\"k\",[])).mul(bigInt(\"4\")).mod(__P__))) ? 1 : 0;(ctx.setVar(\"i\", [], bigInt(ctx.getVar(\"i\",[])).add(bigInt(\"1\")).mod(__P__))).add(__P__).sub(bigInt(1)).mod(__P__)) { \n {\n ctx.setVar(\"dbl\", [], ctx.callFunction(\"pointAdd\", [ctx.getVar(\"dbl\",[\"0\"]),ctx.getVar(\"dbl\",[\"1\"]),ctx.getVar(\"dbl\",[\"0\"]),ctx.getVar(\"dbl\",[\"1\"])]));\n }\n\n }\n ctx.setSignal(\"out\", [\"0\",\"0\"], \"0\");\n ctx.assert(ctx.getSignal(\"out\", [\"0\",\"0\"]), \"0\");\n ctx.setSignal(\"out\", [\"0\",\"1\"], \"1\");\n ctx.assert(ctx.getSignal(\"out\", [\"0\",\"1\"]), \"1\");\n for (ctx.setVar(\"i\", [], \"1\");bigInt(ctx.getVar(\"i\",[])).lt(bigInt(\"16\")) ? 1 : 0;(ctx.setVar(\"i\", [], bigInt(ctx.getVar(\"i\",[])).add(bigInt(\"1\")).mod(__P__))).add(__P__).sub(bigInt(1)).mod(__P__)) { \n {\n ctx.setVar(\"p\", [], ctx.callFunction(\"pointAdd\", [ctx.getSignal(\"out\", [bigInt(ctx.getVar(\"i\",[])).add(__P__).sub(bigInt(\"1\")).mod(__P__),\"0\"]),ctx.getSignal(\"out\", [bigInt(ctx.getVar(\"i\",[])).add(__P__).sub(bigInt(\"1\")).mod(__P__),\"1\"]),ctx.getVar(\"dbl\",[\"0\"]),ctx.getVar(\"dbl\",[\"1\"])]));\n ctx.setSignal(\"out\", [ctx.getVar(\"i\",[]),\"0\"], ctx.getVar(\"p\",[\"0\"]));\n ctx.assert(ctx.getSignal(\"out\", [ctx.getVar(\"i\",[]),\"0\"]), ctx.getVar(\"p\",[\"0\"]));\n ctx.setSignal(\"out\", [ctx.getVar(\"i\",[]),\"1\"], ctx.getVar(\"p\",[\"1\"]));\n ctx.assert(ctx.getSignal(\"out\", [ctx.getVar(\"i\",[]),\"1\"]), ctx.getVar(\"p\",[\"1\"]));\n }\n\n }\n}\n" + }, + "functions": { + "pointAdd": { + "params": [ + "x1", + "y1", + "x2", + "y2" + ], + "func": "function(ctx) {\n ctx.setVar(\"a\", [], \"168700\");\n ctx.setVar(\"d\", [], \"168696\");\n ctx.setVar(\"res\", [\"0\"], bigInt(bigInt(bigInt(ctx.getVar(\"x1\",[])).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__)).add(bigInt(bigInt(ctx.getVar(\"y1\",[])).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__))).mod(__P__)).mul( bigInt(bigInt(\"1\").add(bigInt(bigInt(bigInt(bigInt(bigInt(ctx.getVar(\"d\",[])).mul(bigInt(ctx.getVar(\"x1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__))).mod(__P__)).inverse(__P__) ).mod(__P__));\n ctx.setVar(\"res\", [\"1\"], bigInt(bigInt(bigInt(ctx.getVar(\"y1\",[])).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__)).add(__P__).sub(bigInt(bigInt(bigInt(ctx.getVar(\"a\",[])).mul(bigInt(ctx.getVar(\"x1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__))).mod(__P__)).mul( bigInt(bigInt(\"1\").add(__P__).sub(bigInt(bigInt(bigInt(bigInt(bigInt(ctx.getVar(\"d\",[])).mul(bigInt(ctx.getVar(\"x1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__))).mod(__P__)).inverse(__P__) ).mod(__P__));\n return ctx.getVar(\"res\",[]);;\n}\n" + } + }, + "nPrvInputs": 0, + "nPubInputs": 0, + "nInputs": 0, + "nOutputs": 0, + "nVars": 1, + "nConstants": 32, + "nSignals": 33 +} \ No newline at end of file diff --git a/circuit/eddsa.circom b/circuit/eddsa.circom new file mode 100644 index 0000000..63c9d1b --- /dev/null +++ b/circuit/eddsa.circom @@ -0,0 +1,22 @@ + + + + +templete Verfier() { + signal input hMsg[256]; + + signal input Ax; + signal input Ay; + + signal input Rx; + signal input Ry; + + signal input s[256]; + + + componet exps = Exp(); + component exph = Exp(); + + component adder = BabyAdd(); + +} diff --git a/circuit/exp.circom b/circuit/escalarmul.circom similarity index 94% rename from circuit/exp.circom rename to circuit/escalarmul.circom index bfcbd4c..d34b8cb 100644 --- a/circuit/exp.circom +++ b/circuit/escalarmul.circom @@ -43,10 +43,10 @@ */ include "mux4.circom"; -include "expw4table.circom"; +include "escalarmulw4table.circom"; include "babyjub.circom"; -template ExpWindow(k) { +template EscalarMulWindow(base, k) { signal input in[2]; signal input sel[4]; @@ -58,7 +58,7 @@ template ExpWindow(k) { var i; - table = ExpW4Table(k); + table = EscalarMulW4Table(base, k); mux = MultiMux4(2); adder = BabyAdd(); @@ -86,7 +86,7 @@ template ExpWindow(k) { ┏━━━━━━━━━┓ ┏━━━━━━━━━┓ ┏━━━━━━━━━━━━━━━━━━━┓ ┃ ┃ ┃ ┃ ┃ ┃ - (0,1) ════▶┃Window(0)┃═════▶┃Window(1)┃════════ . . . . ═════════▶┃ Window(nBlocks-1) ┃═════▶ out + inp ════▶┃Window(0)┃═════▶┃Window(1)┃════════ . . . . ═════════▶┃ Window(nBlocks-1) ┃═════▶ out ┃ ┃ ┃ ┃ ┃ ┃ ┗━━━━━━━━━┛ ┗━━━━━━━━━┛ ┗━━━━━━━━━━━━━━━━━━━┛ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ @@ -105,8 +105,9 @@ template ExpWindow(k) { */ -template Exp(n) { +template EscalarMul(n, base) { signal input in[n]; + signal input inp[2]; // Point input to be added signal output out[2]; var nBlocks = ((n-1)>>2)+1; @@ -117,7 +118,7 @@ template Exp(n) { // Construct the windows for (i=0; i windows[i+1].in[0]; diff --git a/circuit/expw4table.circom b/circuit/escalarmulw4table.circom similarity index 71% rename from circuit/expw4table.circom rename to circuit/escalarmulw4table.circom index dac18af..fff97da 100644 --- a/circuit/expw4table.circom +++ b/circuit/escalarmulw4table.circom @@ -8,16 +8,13 @@ function pointAdd(x1,y1,x2,y2) { return res; } -template ExpW4Table(k) { +template EscalarMulW4Table(base, k) { signal output out[16][2]; var i; var p[2]; - var g = [17777552123799933955779906779655732241715742912184938656739573121738514868268, - 2626589144620713026669568689430873010625803728049924121243784502389097019475]; - - var dbl = g; + var dbl = base; for (i=0; i out[0]; + escalarMuls[nexps-1].out[1] ==> out[1]; +} diff --git a/package-lock.json b/package-lock.json index 83845ba..f962f80 100644 --- a/package-lock.json +++ b/package-lock.json @@ -105,6 +105,21 @@ "resolved": "https://registry.npmjs.org/big-integer/-/big-integer-1.6.36.tgz", "integrity": "sha512-t70bfa7HYEA1D9idDbmuv7YbsbVkQ+Hp+8KFSul4aE5e/i1bjCNIRYJZlA8Q8p0r9T8cF/RVvwUgRA//FydEyg==" }, + "bindings": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.3.0.tgz", + "integrity": "sha512-DpLh5EzMR2kzvX1KIlVC0VkC3iZtHKTgdtZ0a3pglBZdaQFjt5S9g9xd1lE+YvXyfd6mtCeRnrUfOLYiTMlNSw==" + }, + "blake-hash": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/blake-hash/-/blake-hash-1.1.0.tgz", + "integrity": "sha512-rNbOFPT7DC/0XnLBJ0noWuzcV+9kHwEKzRGljHMDLQzYv6WZT1vjV3UkWQuNFzyr5tIL7zSsw7A834pgTl75xQ==", + "requires": { + "bindings": "^1.2.1", + "inherits": "^2.0.3", + "nan": "^2.2.1" + } + }, "brace-expansion": { "version": "1.1.11", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", @@ -172,9 +187,9 @@ "integrity": "sha1-V00xLt2Iu13YkS6Sht1sCu1KrII=" }, "circom": { - "version": "0.0.7", - "resolved": "https://registry.npmjs.org/circom/-/circom-0.0.7.tgz", - "integrity": "sha512-wo2AdoM+KPOGqgyr9lcN4uft6ZHjtjELUwtJL0SeOKp8038a4MuKVymGfxZZYfjh/WQjB7hSadWMqmA2gnXG3g==", + "version": "0.0.17", + "resolved": "https://registry.npmjs.org/circom/-/circom-0.0.17.tgz", + "integrity": "sha512-0oDqyeoCWOZqda+GhRxp8bPNJKtOsVldOy9Nkm+eWo7aBTjtkS6dNm6ZMeu1+1jvSI8648eW+PEC8EIg0z/BvA==", "requires": { "big-integer": "^1.6.32", "optimist": "^0.6.1", @@ -357,6 +372,15 @@ "text-table": "^0.2.0" } }, + "eslint-plugin-mocha": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-5.2.0.tgz", + "integrity": "sha512-4VTX/qIoxUFRnXLNm6bEhEJyfGnGagmQzV4TWXKzkZgIYyP2FSubEdCjEFTyS/dGwSVRWCWGX7jO7BK8R0kppg==", + "dev": true, + "requires": { + "ramda": "^0.25.0" + } + }, "eslint-scope": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-4.0.0.tgz", @@ -847,6 +871,11 @@ "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.7.tgz", "integrity": "sha1-MHXOk7whuPq0PhvE2n6BFe0ee6s=" }, + "nan": { + "version": "2.11.1", + "resolved": "https://registry.npmjs.org/nan/-/nan-2.11.1.tgz", + "integrity": "sha512-iji6k87OSXa0CcrLl9z+ZiYSuR2o+c0bGuNmXdrhTQTakxytAFsC56SArGYoiHlJlFoHSnvmhpceZJaXkVuOtA==" + }, "natural-compare": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", @@ -1034,6 +1063,12 @@ "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==" }, + "ramda": { + "version": "0.25.0", + "resolved": "https://registry.npmjs.org/ramda/-/ramda-0.25.0.tgz", + "integrity": "sha512-GXpfrYVPwx3K7RQ6aYT8KPS8XViSXUVJT1ONhoKPE9VAleW42YE+U+8VEyGWt41EnEQW7gwecYJriTI0pKoecQ==", + "dev": true + }, "regexpp": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-2.0.1.tgz", @@ -1137,6 +1172,17 @@ "is-fullwidth-code-point": "^2.0.0" } }, + "snarkjs": { + "version": "0.1.5", + "resolved": "https://registry.npmjs.org/snarkjs/-/snarkjs-0.1.5.tgz", + "integrity": "sha512-4GiP60ONIitWRnC5+Gsl7nIO62fvkGN9Y9jsDWBKORZI34eNXJBrMjhCbT+0X57FS2XjY0MsR0/Qvg2cs1H0sQ==", + "requires": { + "big-integer": "^1.6.35", + "chai": "^4.1.2", + "eslint": "^5.3.0", + "yargs": "^12.0.2" + } + }, "sprintf-js": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", @@ -1341,16 +1387,6 @@ "requires": { "camelcase": "^4.1.0" } - }, - "zksnark": { - "version": "0.0.11", - "resolved": "https://registry.npmjs.org/zksnark/-/zksnark-0.0.11.tgz", - "integrity": "sha512-YIOk93pLvc8NDVvedB0SDM1kGjPTdTYC/sgAvc9Dm6qMSYnS7tzCr844QaUlMApFTldz7D/6xlF1l24ttTGLXw==", - "requires": { - "big-integer": "^1.6.35", - "chai": "^4.1.2", - "eslint": "^5.3.0" - } } } } diff --git a/package.json b/package.json index f55f07a..2d593b8 100644 --- a/package.json +++ b/package.json @@ -20,10 +20,12 @@ "author": "Jordi Baylina", "license": "GPL-3.0", "dependencies": { - "circom": "0.0.7", - "zksnark": "0.0.11" + "blake-hash": "^1.1.0", + "circom": "0.0.20", + "snarkjs": "0.1.6" }, "devDependencies": { + "eslint-plugin-mocha": "^5.2.0", "mocha": "^5.2.0" } } diff --git a/test/babyjub.js b/test/babyjub.js index 536e7a6..7a6d3a8 100644 --- a/test/babyjub.js +++ b/test/babyjub.js @@ -1,6 +1,6 @@ const chai = require("chai"); const path = require("path"); -const zkSnark = require("zksnark"); +const snarkjs = require("snarkjs"); const compiler = require("circom"); const assert = chai.assert; @@ -17,15 +17,15 @@ describe("Baby Jub test", () => { // assert.equal(cirDef.nVars, 2); - const circuit = new zkSnark.Circuit(cirDef); + const circuit = new snarkjs.Circuit(cirDef); console.log("NConstrains: " + circuit.nConstraints); const input={ - x1: zkSnark.bigInt(0), - y1: zkSnark.bigInt(1), - x2: zkSnark.bigInt(0), - y2: zkSnark.bigInt(1) + x1: snarkjs.bigInt(0), + y1: snarkjs.bigInt(1), + x2: snarkjs.bigInt(0), + y2: snarkjs.bigInt(1) } const w = circuit.calculateWitness(input); @@ -45,15 +45,15 @@ describe("Baby Jub test", () => { // assert.equal(cirDef.nVars, 2); - const circuit = new zkSnark.Circuit(cirDef); + const circuit = new snarkjs.Circuit(cirDef); console.log("NConstrains: " + circuit.nConstraints); const input={ - x1: zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - y1: zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"), - x2: zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - y2: zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475") + x1: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), + y1: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"), + x2: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), + y2: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475") } const w = circuit.calculateWitness(input); @@ -61,8 +61,8 @@ describe("Baby Jub test", () => { const xout = w[circuit.getSignalIdx("main.xout")]; const yout = w[circuit.getSignalIdx("main.yout")]; - assert(xout.equals(zkSnark.bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"))); - assert(yout.equals(zkSnark.bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"))); + assert(xout.equals(snarkjs.bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"))); + assert(yout.equals(snarkjs.bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"))); }); it("Should add 2 different numbers", async () => { @@ -73,15 +73,15 @@ describe("Baby Jub test", () => { // assert.equal(cirDef.nVars, 2); - const circuit = new zkSnark.Circuit(cirDef); + const circuit = new snarkjs.Circuit(cirDef); console.log("NConstrains: " + circuit.nConstraints); const input={ - x1: zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - y1: zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"), - x2: zkSnark.bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"), - y2: zkSnark.bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311") + x1: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), + y1: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"), + x2: snarkjs.bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"), + y2: snarkjs.bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311") } const w = circuit.calculateWitness(input); @@ -92,7 +92,7 @@ describe("Baby Jub test", () => { console.log(xout.toString()); console.log(yout.toString()); - assert(xout.equals(zkSnark.bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937"))); - assert(yout.equals(zkSnark.bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499"))); + assert(xout.equals(snarkjs.bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937"))); + assert(yout.equals(snarkjs.bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499"))); }); }); diff --git a/test/circuits/escalarmul_min_test.circom b/test/circuits/escalarmul_min_test.circom new file mode 100644 index 0000000..f33f283 --- /dev/null +++ b/test/circuits/escalarmul_min_test.circom @@ -0,0 +1,26 @@ +include "../../circuit/escalarmul.circom"; + + +template Main() { + signal input in[256]; + signal output out[2]; + + var i; + + var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268, + 2626589144620713026669568689430873010625803728049924121243784502389097019475] + + component escalarMul = EscalarMul(256, base); + + escalarMul.inp[0] <== 0; + escalarMul.inp[1] <== 1; + + for (i=0; i<256; i++) { + in[i] ==> escalarMul.in[i]; + } + + escalarMul.out[0] ==> out[0]; + escalarMul.out[1] ==> out[1]; +} + +component main = Main(); diff --git a/test/circuits/escalarmul_test.circom b/test/circuits/escalarmul_test.circom new file mode 100644 index 0000000..9023f01 --- /dev/null +++ b/test/circuits/escalarmul_test.circom @@ -0,0 +1,31 @@ +include "../../circuit/escalarmul.circom"; +include "../../node_modules/circom/circuits/bitify.circom"; + + +template Main() { + signal input in; + signal output out[2]; + + var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268, + 2626589144620713026669568689430873010625803728049924121243784502389097019475] + + + component n2b = Num2Bits(253); + component escalarMul = EscalarMul(253, base); + + escalarMul.inp[0] <== 0; + escalarMul.inp[1] <== 1; + + var i; + + in ==> n2b.in; + + for (i=0; i<253; i++) { + n2b.out[i] ==> escalarMul.in[i]; + } + + escalarMul.out[0] ==> out[0]; + escalarMul.out[1] ==> out[1]; +} + +component main = Main(); diff --git a/test/circuits/escalarmul_test_min.circom b/test/circuits/escalarmul_test_min.circom new file mode 100644 index 0000000..f33f283 --- /dev/null +++ b/test/circuits/escalarmul_test_min.circom @@ -0,0 +1,26 @@ +include "../../circuit/escalarmul.circom"; + + +template Main() { + signal input in[256]; + signal output out[2]; + + var i; + + var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268, + 2626589144620713026669568689430873010625803728049924121243784502389097019475] + + component escalarMul = EscalarMul(256, base); + + escalarMul.inp[0] <== 0; + escalarMul.inp[1] <== 1; + + for (i=0; i<256; i++) { + in[i] ==> escalarMul.in[i]; + } + + escalarMul.out[0] ==> out[0]; + escalarMul.out[1] ==> out[1]; +} + +component main = Main(); diff --git a/test/circuits/escalarmulw4table.circom b/test/circuits/escalarmulw4table.circom new file mode 100644 index 0000000..bd02d76 --- /dev/null +++ b/test/circuits/escalarmulw4table.circom @@ -0,0 +1,6 @@ +include "../../circuit/escalarmulw4table.circom"; + +var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268, + 2626589144620713026669568689430873010625803728049924121243784502389097019475] + +component main = EscalarMulW4Table(base, 0); diff --git a/test/circuits/escalarmulw4table_test.circom b/test/circuits/escalarmulw4table_test.circom new file mode 100644 index 0000000..c3ca595 --- /dev/null +++ b/test/circuits/escalarmulw4table_test.circom @@ -0,0 +1,6 @@ +include "../../circuit/escalarmulw4table.circom"; + +var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268, + 2626589144620713026669568689430873010625803728049924121243784502389097019475]; + +component main = EscalarMulW4Table(base, 0); diff --git a/test/circuits/escalarmulw4table_test3.circom b/test/circuits/escalarmulw4table_test3.circom new file mode 100644 index 0000000..e429327 --- /dev/null +++ b/test/circuits/escalarmulw4table_test3.circom @@ -0,0 +1,6 @@ +include "../../circuit/escalarmulw4table.circom"; + +var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268, + 2626589144620713026669568689430873010625803728049924121243784502389097019475] + +component main = EscalarMulW4Table(base, 3); diff --git a/test/circuits/exp_test.circom b/test/circuits/exp_test.circom index dd101da..a0ce0f8 100644 --- a/test/circuits/exp_test.circom +++ b/test/circuits/exp_test.circom @@ -1,4 +1,4 @@ -include "../../circuit/exp.circom"; +include "../../circuit/escalarmul.circom"; include "../../node_modules/circom/circuits/sha256/bitify.circom"; @@ -7,18 +7,18 @@ template Main() { signal output out[2]; component n2b = Num2Bits(253); - component exp = Exp(253); + component escalarMul = EscalarMul(253); var i; in ==> n2b.in; for (i=0; i<253; i++) { - n2b.out[i] ==> exp.in[i]; + n2b.out[i] ==> escalarMul.in[i]; } - exp.out[0] ==> out[0]; - exp.out[1] ==> out[1]; + escalarMul.out[0] ==> out[0]; + escalarMul.out[1] ==> out[1]; } component main = Main(); diff --git a/test/circuits/exp_test_min.circom b/test/circuits/exp_test_min.circom index 883eefa..c3a37be 100644 --- a/test/circuits/exp_test_min.circom +++ b/test/circuits/exp_test_min.circom @@ -1,4 +1,4 @@ -include "../../circuit/exp.circom"; +include "../../circuit/escalarmul.circom"; template Main() { @@ -7,14 +7,14 @@ template Main() { var i; - component exp = Exp(256); + component escalarMul = EscalarMul(256); for (i=0; i<256; i++) { - in[i] ==> exp.in[i]; + in[i] ==> escalarMul.in[i]; } - exp.out[0] ==> out[0]; - exp.out[1] ==> out[1]; + escalarMul.out[0] ==> out[0]; + escalarMul.out[1] ==> out[1]; } component main = Main(); diff --git a/test/circuits/expw4table_test.circom b/test/circuits/expw4table_test.circom deleted file mode 100644 index fe8236e..0000000 --- a/test/circuits/expw4table_test.circom +++ /dev/null @@ -1,3 +0,0 @@ -include "../../circuit/ExpW4Table.circom"; - -component main = ExpW4Table(0); diff --git a/test/circuits/expw4table_test3.circom b/test/circuits/expw4table_test3.circom deleted file mode 100644 index 04cffaf..0000000 --- a/test/circuits/expw4table_test3.circom +++ /dev/null @@ -1,3 +0,0 @@ -include "../../circuit/ExpW4Table.circom"; - -component main = ExpW4Table(3); diff --git a/test/circuits/mux4_1.circom b/test/circuits/mux4_1.circom index f71cf20..c99a3c3 100644 --- a/test/circuits/mux4_1.circom +++ b/test/circuits/mux4_1.circom @@ -1,5 +1,5 @@ include "../../circuit/mux4.circom"; -include "../../node_modules/circom/circuits/sha256/bitify.circom"; +include "../../node_modules/circom/circuits/bitify.circom"; template Constants() { diff --git a/test/exp.js b/test/escalarmul.js similarity index 82% rename from test/exp.js rename to test/escalarmul.js index 47be9c0..afc050b 100644 --- a/test/exp.js +++ b/test/escalarmul.js @@ -1,6 +1,6 @@ const chai = require("chai"); const path = require("path"); -const zkSnark = require("zksnark"); +const snarkjs = require("snarkjs"); const compiler = require("circom"); const assert = chai.assert; @@ -26,22 +26,22 @@ function print(circuit, w, s) { describe("Exponentioation test", () => { it("Should generate the Exponentiation table in k=0", async () => { - const cirDef = await compiler(path.join(__dirname, "circuits", "expw4table_test.circom")); + const cirDef = await compiler(path.join(__dirname, "circuits", "escalarmulw4table_test.circom")); // console.log(JSON.stringify(cirDef, null, 1)); // assert.equal(cirDef.nVars, 2); - const circuit = new zkSnark.Circuit(cirDef); + const circuit = new snarkjs.Circuit(cirDef); console.log("NConstrains: " + circuit.nConstraints); const w = circuit.calculateWitness({}); - let g = [zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")] + let g = [snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), + snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")] - dbl= [zkSnark.bigInt("0"), zkSnark.bigInt("1")]; + dbl= [snarkjs.bigInt("0"), snarkjs.bigInt("1")]; for (let i=0; i<16; i++) { const xout1 = w[circuit.getSignalIdx(`main.out[${i}][0]`)]; @@ -62,26 +62,26 @@ describe("Exponentioation test", () => { it("Should generate the Exponentiation table in k=3", async () => { - const cirDef = await compiler(path.join(__dirname, "circuits", "expw4table_test3.circom")); + const cirDef = await compiler(path.join(__dirname, "circuits", "escalarmulw4table_test3.circom")); // console.log(JSON.stringify(cirDef, null, 1)); // assert.equal(cirDef.nVars, 2); - const circuit = new zkSnark.Circuit(cirDef); + const circuit = new snarkjs.Circuit(cirDef); console.log("NConstrains: " + circuit.nConstraints); const w = circuit.calculateWitness({}); - let g = [zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")] + let g = [snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), + snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")] for (let i=0; i<12;i++) { g = addPoint(g,g); } - dbl= [zkSnark.bigInt("0"), zkSnark.bigInt("1")]; + dbl= [snarkjs.bigInt("0"), snarkjs.bigInt("1")]; for (let i=0; i<16; i++) { const xout1 = w[circuit.getSignalIdx(`main.out[${i}][0]`)]; @@ -102,13 +102,13 @@ describe("Exponentioation test", () => { }); it("Should exponentiate g^31", async () => { - const cirDef = await compiler(path.join(__dirname, "circuits", "exp_test.circom")); + const cirDef = await compiler(path.join(__dirname, "circuits", "escalarmul_test.circom")); // console.log(JSON.stringify(cirDef, null, 1)); // assert.equal(cirDef.nVars, 2); - const circuit = new zkSnark.Circuit(cirDef); + const circuit = new snarkjs.Circuit(cirDef); console.log("NConstrains: " + circuit.nConstraints); @@ -116,8 +116,8 @@ describe("Exponentioation test", () => { assert(circuit.checkWitness(w)); - let g = [zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), - zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")] + let g = [snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), + snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")] let c = [0n, 1n]; @@ -158,9 +158,9 @@ describe("Exponentioation test", () => { }).timeout(10000000); it("Number of constrains for 256 bits", async () => { - const cirDef = await compiler(path.join(__dirname, "circuits", "exp_test_min.circom")); + const cirDef = await compiler(path.join(__dirname, "circuits", "escalarmul_test_min.circom")); - const circuit = new zkSnark.Circuit(cirDef); + const circuit = new snarkjs.Circuit(cirDef); console.log("NConstrains: " + circuit.nConstraints); }).timeout(10000000); diff --git a/test/multiplexer.js b/test/multiplexer.js index 9efc33e..e4042a0 100644 --- a/test/multiplexer.js +++ b/test/multiplexer.js @@ -1,6 +1,6 @@ const chai = require("chai"); const path = require("path"); -const zkSnark = require("zksnark"); +const snarkjs = require("snarkjs"); const compiler = require("circom"); const assert = chai.assert; @@ -17,17 +17,17 @@ describe("Mux4 test", () => { // assert.equal(cirDef.nVars, 2); - const circuit = new zkSnark.Circuit(cirDef); + const circuit = new snarkjs.Circuit(cirDef); console.log("NConstrains: " + circuit.nConstraints); for (i=0; i<16; i++) { - const w = circuit.calculateWitness({ "selector": zkSnark.bigInt(i).toString() }); + const w = circuit.calculateWitness({ "selector": snarkjs.bigInt(i).toString() }); - assert(w[0].equals(zkSnark.bigInt(1))); + assert(w[0].equals(snarkjs.bigInt(1))); console.log(i + " -> " + w[circuit.getSignalIdx("main.out")].toString()); -// assert(w[circuit.getSignalIdx("main.out")].equals(zkSnark.bigInt("100").add(zkSnark.bigInt(i)))); +// assert(w[circuit.getSignalIdx("main.out")].equals(snarkjs.bigInt("100").add(snarkjs.bigInt(i)))); } }); });