12 KiB

Raw Blame History

CircomLib/Circuits

Description

This folder contains circuit templates for standard operations and many cryptographic primitives.
Below you can find specifications of each function. In the representation of elements, there are three tyes:
- Binary
- String
- Field element (the field is specified in each case. We consider 2 possible fields: Fp and Fr, where p... and r... .)

[TOC]

Jordi

compconstant - Returns 1 if in (expanded to binary array) > ct
aliascheck - check if in (expanded to binary array) oveflowed its 254 bits (<= -1)
babyjub - twisted Edwards curve 168700.x^2 + y^2 = 1 + 168696.x^2.y^2
- BabyAdd - (xout,yout) = (x1,y1) + (x2,y2)
- BabyDbl - (xout,yout) = 2*(x,y)
- BabyCheck - check that (x,y) is on the curve
binsub - binary subtraction
gates - logical gates
mimc - SNARK-friendly hash Minimal Multiplicative Complexity.
- https://eprint.iacr.org/2016/492.pdf
- zcash/zcash#2233
smt - Sparse Merkle Tree
- https://ethresear.ch/t/optimizing-sparse-merkle-trees/3751
montgomery https://en.wikipedia.org/wiki/Montgomery_curve

Circuits

sha256

Folder containing the implementation of sha256 hash circuit.

smt

Folder containing the circuit implementation of Sparse Merkle Trees.

aliascheck

AliasCheck()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

babyjub

Arithmetic on Baby Jubjub elliptic curve in twisted Edwards form. (TODO: Expose here the characteristics of the curve?)

BabyAdd()

DESCRIPTION

It adds two points on the Baby Jubjub curve. More specifically, given two points P1 = (x1, y1) and P2 = (x2, y2) it returns a point P3 = (xout, yout) such that

(xout, yout) = (x1,y1) + (x2,y2) = ((x1y2+y1x2)/(1+dx1x2y1y2)),(y1y2-ax1x2)/(1-dx1x2y1y2))

SCHEMA

                                 var a     var d
                                   |         |
                                   |         |
                             ______v_________v_______     
            input x1 ---->  |                        |
            input y1 ---->  |        BabyAdd()       | ----> output xout
            input x2 ---->  |                        | ----> output yout
            input y2 ---->  |________________________|

INPUTS

Input	Representation	Description
`x1`	Bigint	Field element of Fp	First coordinate of a point (x1, y1) on E.
`y1`	Bigint	Field element of Fp	Second coordinate of a point (x1, y1) on E.
`x2`	Bigint	Field element of Fp	First coordinate of a point (x2, y2) on E.
`y2`	Bigint	Field element of Fp	Second coordinate of a point (x2, y2) on E.

Requirement: at least x1!=x2 or y1!=y2.

OUTPUT

Input	Representation	Description
`xout`	Bigint	Field element of Fp	First coordinate of the addition point (xout, yout) = (x1, y1) + (x2, y2).
`yout`	Bigint	Field element of Fp	Second coordinate of the addition point (xout, yout) = (x1, y1) + (x2, y2).

BENCHMARKS (constraints)
EXAMPLE

BabyDbl()
- DESCRIPTION : doubles a point (xout,yout) = 2*(x,y).
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
BabyCheck()
- DESCRIPTION : checks if a given point is in the curve.
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
BabyPbk()
- DESCRIPTION: : given a private key, it returns the associated public key.
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

binsub

BinSub(n)
- DESCRIPTION: binary substraction.
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

binsum

nbits(a)
- DESCRIPTION : binary sum.
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
BinSum(n, ops)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

bitify

Num2Bits()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Num2Bits_strict()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Bits2Num()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Bits2Num_strict()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Num2BitsNeg()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

comparators

IsZero()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
IsEqual()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
ForceEqualIfEnabled()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
LessThan()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
GreaterThan()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
GreaterEqThan()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

compconstant

CompConstant(ct)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

eddsa

Edwards Digital Signature Algorithm in Baby Jubjbub (link a eddsa)

EdDSAVerifier(n)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

eddsamimc

EdDSAMiMCVerifier()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

eddsamimcsponge

EdDSAMiMCSpongeVerifier()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

eddsaposeidon

EdDSAPoseidonVerifier()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

escalarmul

EscalarMulWindow(base, k)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
EscalarMul(n, base)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

escalarmulany

Multiplexor2()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
BitElementMulAny()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
SegmentMulAny(n)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
EscalarMulAny(n)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

escalarmulfix

WindowMulFix()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
SegmentMulFix(nWindows)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
EscalarMulFix(n, BASE)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

escalarmulw4table

pointAdd
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
EscalarMulW4Table
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

gates

XOR
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
AND
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
OR
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
NOT
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
NAND
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
NOR
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
MultiAND
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

mimc

Implementation of MiMC-7 hash in Fp being... (link to description of the hash)

MiMC7(nrounds)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
MultiMiMC7(nInputs, nRounds)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

mimcsponge

MiMCSponge(nInputs, nRounds, nOutputs)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
MiMCFeistel(nrounds)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

montgomery

Edwards2Montgomery()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Montgomery2Edwards()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
MontgomeryAdd()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
MontgomeryDouble()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

multiplexer

log2(a)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
EscalarProduct(w)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Decoder(w)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Multiplexer(wIn, nIn)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

mux1

MultiMux1(n)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Mux1()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

mux2

MultiMux2(n)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Mux2()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

mux3

MultiMux3(n)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Mux3()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

mux4

MultiMux4(n)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Mux4()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

pedersen_old

Old version of the Pedersen hash (do not use any more?).

pedersen

Window4()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Segment(nWindows)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Pedersen(n)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

pointbits

sqrt(n)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Bits2Point()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Bits2Point_Strict()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Point2Bits
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Point2Bits_Strict
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

poseidon

Implementation of Poseidon hash function (LINK)

Sigma()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Ark(t, C)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Mix(t, M)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE
Poseidon(nInputs, t, nRoundsF, nRoundsP)
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

sign

Sign()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

switcher

Switcher()
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
- BENCHMARKS
- EXAMPLE

12 KiB Raw Blame History