Pedersen Hash Base Points Calculation

2026-02-07 11:16:45 +01:00 · 2018-11-11 19:52:07 +01:00
parent c4c5b66021
commit 81981a142c
22 changed files with 669 additions and 87 deletions
--- a/circuit/eddsa.circom
+++ b/circuit/eddsa.circom
@@ -0,0 +1,22 @@
+
+
+
+
+templete Verfier() {
+    signal input hMsg[256];
+
+    signal input Ax;
+    signal input Ay;
+
+    signal input Rx;
+    signal input Ry;
+
+    signal input s[256];
+
+
+    componet exps = Exp();
+    component exph = Exp();
+
+    component adder = BabyAdd();
+
+}
--- a/circuit/escalarmul.circom
+++ b/circuit/escalarmul.circom
@@ -43,10 +43,10 @@
 */

 include "mux4.circom";
-include "expw4table.circom";
+include "escalarmulw4table.circom";
 include "babyjub.circom";

-template ExpWindow(k) {
+template EscalarMulWindow(base, k) {

    signal input in[2];
    signal input sel[4];
@@ -58,7 +58,7 @@ template ExpWindow(k) {

    var i;

-    table = ExpW4Table(k);
+    table = EscalarMulW4Table(base, k);
    mux = MultiMux4(2);
    adder = BabyAdd();

@@ -86,7 +86,7 @@ template ExpWindow(k) {

                ┏━━━━━━━━━┓      ┏━━━━━━━━━┓                            ┏━━━━━━━━━━━━━━━━━━━┓
                ┃         ┃      ┃         ┃                            ┃                   ┃
-     (0,1) ════▶┃Window(0)┃═════▶┃Window(1)┃════════  . . . . ═════════▶┃ Window(nBlocks-1) ┃═════▶ out
+      inp  ════▶┃Window(0)┃═════▶┃Window(1)┃════════  . . . . ═════════▶┃ Window(nBlocks-1) ┃═════▶ out
                ┃         ┃      ┃         ┃                            ┃                   ┃
                ┗━━━━━━━━━┛      ┗━━━━━━━━━┛                            ┗━━━━━━━━━━━━━━━━━━━┛
                  ▲ ▲ ▲ ▲          ▲ ▲ ▲ ▲                                    ▲ ▲ ▲ ▲
@@ -105,8 +105,9 @@ template ExpWindow(k) {

 */

-template Exp(n) {
+template EscalarMul(n, base) {
    signal input in[n];
+    signal input inp[2];   // Point input to be added
    signal output out[2];

    var nBlocks = ((n-1)>>2)+1;
@@ -117,7 +118,7 @@ template Exp(n) {

    // Construct the windows
    for (i=0; i<nBlocks; i++) {
-      windows[i] = ExpWindow(i);
+      windows[i] = EscalarMulWindow(base, i);
    }

    // Connect the selectors
@@ -132,8 +133,8 @@ template Exp(n) {
    }

    // Start with generator
-    windows[0].in[0] <== 0;
-    windows[0].in[1] <== 1;
+    windows[0].in[0] <== inp[0];
+    windows[0].in[1] <== inp[1];

    for(i=0; i<nBlocks-1; i++) {
        windows[i].out[0] ==> windows[i+1].in[0];
--- a/circuit/escalarmulw4table.circom
+++ b/circuit/escalarmulw4table.circom
@@ -8,16 +8,13 @@ function pointAdd(x1,y1,x2,y2) {
    return res;
 }

-template ExpW4Table(k) {
+template EscalarMulW4Table(base, k) {
    signal output out[16][2];

    var i;
    var p[2];

-    var g = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
-             2626589144620713026669568689430873010625803728049924121243784502389097019475];
-
-    var dbl = g;
+    var dbl = base;

    for (i=0; i<k*4; i++) {
        dbl = pointAdd(dbl[0], dbl[1], dbl[0], dbl[1]);
--- a/circuit/pedersen.circom
+++ b/circuit/pedersen.circom
@@ -0,0 +1,47 @@
+
+include "escalarmul.circom";
+
+component Pedersen(n) {
+    signal input in[n];
+    signal output out[2];
+
+    var nexps = ((n-1) \ 253) + 1;
+    var nlastbits = n - (nexps-1)*253;
+
+    component escalarMuls[nexps];
+
+    var PBASE = [
+                    [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+                     2626589144620713026669568689430873010625803728049924121243784502389097019475],
+                    [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+                     2626589144620713026669568689430873010625803728049924121243784502389097019475],
+                    [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+                     2626589144620713026669568689430873010625803728049924121243784502389097019475],
+                    [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+                     2626589144620713026669568689430873010625803728049924121243784502389097019475],
+                    [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+                     2626589144620713026669568689430873010625803728049924121243784502389097019475]
+                ];
+
+    var i;
+    var j;
+    for (i=0; i<nexps; i++) {
+        var nexpbits = (i == nexps-1) ? nlastbits : 253;
+        escalarMuls[i] = EscalarMul(nexpbits, PBASE[i][0], PBAS[i][1]);
+
+        for (j=0; j<nexpbits; j++) {
+            escalarMuls[i].in[j] <== in[253*i + j];
+        }
+
+        if (i==0) {
+            escalarMuls[i].inp[0] <== 0;
+            escalarMuls[i].inp[1] <== 0;
+        } else {
+            escalarMuls[i].inp[0] <== escalarMuls[i-1].out[0];
+            escalarMuls[i].inp[1] <== escalarMuls[i-1].out[1];
+        }
+    }
+
+    escalarMuls[nexps-1].out[0] ==> out[0];
+    escalarMuls[nexps-1].out[1] ==> out[1];
+}