diff --git a/cubic.go b/cubic.go index 0e793b9..e4504e8 100644 --- a/cubic.go +++ b/cubic.go @@ -14,61 +14,61 @@ package main -import ( - "fmt" - "os" - "github.com/consensys/gnark/frontend" - "github.com/consensys/gnark-crypto/ecc" - "github.com/consensys/gnark/frontend/cs/r1cs" - "github.com/consensys/gnark/backend/groth16" - _ "gnark-ed25519/edwards_curve" - _ "gnark-ed25519/sha512" -) +// import ( +// "fmt" +// "os" +// "github.com/consensys/gnark/frontend" +// "github.com/consensys/gnark-crypto/ecc" +// "github.com/consensys/gnark/frontend/cs/r1cs" +// "github.com/consensys/gnark/backend/groth16" +// _ "gnark-ed25519/edwards_curve" +// _ "gnark-ed25519/sha512" +// ) -// Circuit defines a simple circuit -// x**3 + x + 5 == y -type Circuit struct { - // struct tags on a variable is optional - // default uses variable name and secret visibility. - X frontend.Variable `gnark:"x"` - Y frontend.Variable `gnark:",public"` -} +// // Circuit defines a simple circuit +// // x**3 + x + 5 == y +// type Circuit struct { +// // struct tags on a variable is optional +// // default uses variable name and secret visibility. +// X frontend.Variable `gnark:"x"` +// Y frontend.Variable `gnark:",public"` +// } -// Define declares the circuit constraints -// x**3 + x + 5 == y -func (circuit *Circuit) Define(api frontend.API) error { - x3 := api.Mul(circuit.X, circuit.X, circuit.X) - api.AssertIsEqual(circuit.Y, api.Add(x3, circuit.X, 5)) - return nil -} +// // Define declares the circuit constraints +// // x**3 + x + 5 == y +// func (circuit *Circuit) Define(api frontend.API) error { +// x3 := api.Mul(circuit.X, circuit.X, circuit.X) +// api.AssertIsEqual(circuit.Y, api.Add(x3, circuit.X, 5)) +// return nil +// } -func main() { - err := mainImpl() - if err != nil { - fmt.Println(err) - os.Exit(1) - } -} +// func main() { +// err := mainImpl() +// if err != nil { +// fmt.Println(err) +// os.Exit(1) +// } +// } -func mainImpl() error { - var myCircuit Circuit - r1cs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &myCircuit) - if err != nil { - return err - } +// func mainImpl() error { +// var myCircuit Circuit +// r1cs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &myCircuit) +// if err != nil { +// return err +// } - assignment := &Circuit{ - X: "2", - Y: "15", - } - witness, _ := frontend.NewWitness(assignment, ecc.BN254.ScalarField()) - publicWitness, _ := witness.Public() - pk, vk, err := groth16.Setup(r1cs) - proof, err := groth16.Prove(r1cs, pk, witness) - err = groth16.Verify(proof, vk, publicWitness) - if err != nil { - return err - } - fmt.Println(proof) - return nil -} +// assignment := &Circuit{ +// X: "2", +// Y: "15", +// } +// witness, _ := frontend.NewWitness(assignment, ecc.BN254.ScalarField()) +// publicWitness, _ := witness.Public() +// pk, vk, err := groth16.Setup(r1cs) +// proof, err := groth16.Prove(r1cs, pk, witness) +// err = groth16.Verify(proof, vk, publicWitness) +// if err != nil { +// return err +// } +// fmt.Println(proof) +// return nil +// } diff --git a/ed25519.go b/ed25519.go index 0dbc218..9d96483 100644 --- a/ed25519.go +++ b/ed25519.go @@ -14,43 +14,159 @@ package main -// import ( -// "fmt" -// "os" -// "crypto/ed25519" -// "crypto/rand" -// "github.com/consensys/gnark/std/math/emulated" -// ) +import ( + "time" + "fmt" + "os" + "encoding/hex" + "github.com/consensys/gnark/frontend" + "github.com/consensys/gnark-crypto/ecc" + "github.com/consensys/gnark/frontend/cs/r1cs" + "github.com/consensys/gnark/backend/groth16" + "gnark-ed25519/edwards_curve" + "gnark-ed25519/sha512" +) +type Eddsa25519Circuit struct { + M []frontend.Variable + Pk []frontend.Variable + Sig []frontend.Variable +} -// func main() { -// err := mainImpl() +func (circuit *Eddsa25519Circuit) Define(api frontend.API) error { + c, err := edwards_curve.New[edwards_curve.Ed25519, edwards_curve.Ed25519Scalars](api) + if err != nil { + return err + } + edwards_curve.CheckValid(c, circuit.Sig, circuit.M, circuit.Pk) + return nil +} + + +type Sha512Circuit struct { + in []frontend.Variable `gnark:"in"` + out []frontend.Variable `gnark:"out"` +} + +func (circuit *Sha512Circuit) Define(api frontend.API) error { + res := sha512.Sha512(api, circuit.in) + if len(res) != 512 { panic("bad length") } + for i := 0; i < 512; i++ { + api.AssertIsEqual(res[i], circuit.out[i]) + } + return nil +} + + + +func main() { + err := mainImpl() + if err != nil { + fmt.Println(err) + os.Exit(1) + } +} + +// func mainImpl() error { +// in := bytesToBits([]byte("Succinct Labs")) +// out := hexToBits("503ace098aa03f6feec1b5df0a38aee923f744a775508bc81f2b94ad139be297c2e8cd8c44af527b5d3f017a7fc929892c896604047e52e3f518924f52bff0dc") + +// myCircuit := Sha512Circuit{ +// in, +// out, +// } +// fmt.Println(time.Now(), "compiling...") +// r1cs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &myCircuit) // if err != nil { -// fmt.Println(err) -// os.Exit(1) +// return err // } + +// assignment := &Sha512Circuit{ +// in, +// out, +// } +// fmt.Println(time.Now(), "generating witness...") +// witness, _ := frontend.NewWitness(assignment, ecc.BN254.ScalarField()) +// publicWitness, _ := witness.Public() +// fmt.Println(time.Now(), "groth setup...") +// pk, vk, err := groth16.Setup(r1cs) +// fmt.Println(time.Now(), "groth prove...") +// proof, err := groth16.Prove(r1cs, pk, witness) +// fmt.Println(time.Now(), "groth verify...") +// err = groth16.Verify(proof, vk, publicWitness) +// if err != nil { +// return err +// } +// fmt.Println(proof) +// return nil // } -// func mainImpl() error { -// pubKey, privKey, err := ed25519.GenerateKey(rand.Reader) -// fmt.Println(pubKey) -// fmt.Println(privKey) -// message := []byte("string") -// sig := ed25519.Sign(privKey, message) -// fmt.Println(sig) -// verified := ed25519.Verify(pubKey, message, sig) -// fmt.Println(verified) - -// verifiedFalse := ed25519.Verify(pubKey, []byte("string1"), sig) -// fmt.Println(verifiedFalse) - -// ele := emulated.NewElement[emulated.BN254Fp](1) -// fmt.Println(ele) - -// if err != nil { -// return err -// } -// return nil +func mainImpl() error { + M := "53756363696e6374204c616273" + Pk := "f7ec1c43f4de9d49556de87b86b26a98942cb078486fdb44de38b80864c39731" + Sig := "35c323757c20640a294345c89c0bfcebe3d554fdb0c7b7a0bdb72222c531b1ec849fed99a053e0f5b02dd9a25bb6eb018885526d9f583cdbde0b1e9f6329da09" -// } + myCircuit := Eddsa25519Circuit{ + M: hexToBits(M), + Pk: hexToBits(Pk), + Sig: hexToBits(Sig), + } + fmt.Println(time.Now(), "compiling...") + r1cs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &myCircuit) + if err != nil { + return err + } + + assignment := &Eddsa25519Circuit{ + M: hexToBits(M), + Pk: hexToBits(Pk), + Sig: hexToBits(Sig), + } + fmt.Println(time.Now(), "generating witness...") + witness, _ := frontend.NewWitness(assignment, ecc.BN254.ScalarField()) + publicWitness, _ := witness.Public() + fmt.Println(time.Now(), "groth setup...") + pk, vk, err := groth16.Setup(r1cs) + fmt.Println(time.Now(), "groth prove...") + proof, err := groth16.Prove(r1cs, pk, witness) + fmt.Println(time.Now(), "groth verify...") + err = groth16.Verify(proof, vk, publicWitness) + if err != nil { + return err + } + fmt.Println(proof) + return nil +} + +func hexToBits(h string) []frontend.Variable { + b, err := hex.DecodeString(h) + if err != nil { + panic(err) + } + result := make([]frontend.Variable, len(b) * 8) + for i, v := range b { + for j := 0; j < 8; j++ { + if (v & (1 << j)) != 0 { + result[i*8+j] = 1 + } else { + result[i*8+j] = 0 + } + } + } + return result +} + +func bytesToBits(arr []byte) []frontend.Variable { + result := make([]frontend.Variable, len(arr) * 8) + for i, v := range arr { + for j := 0; j < 8; j++ { + if (v & (1 << (7-j))) != 0 { + result[i*8+j] = 1 + } else { + result[i*8+j] = 0 + } + } + } + return result +} diff --git a/edwards_curve/eddsa25519.go b/edwards_curve/eddsa25519.go index 6d640a5..e15de5b 100644 --- a/edwards_curve/eddsa25519.go +++ b/edwards_curve/eddsa25519.go @@ -4,7 +4,6 @@ package edwards_curve // This file is little-endian import ( - "fmt" "math/big" "github.com/consensys/gnark/frontend" "github.com/consensys/gnark/std/math/emulated" @@ -13,10 +12,8 @@ import ( func H(api frontend.API, m []frontend.Variable) []frontend.Variable { - fmt.Println("sha input", m) rawResult := sha512.Sha512(api, swapByteEndianness(m)) sResult := swapByteEndianness(rawResult[:]) - fmt.Println("sha output", sResult) return sResult } @@ -36,10 +33,10 @@ func bits_to_scalar(c *EdCurve, s []frontend.Variable) EdCoordinate { elt := emulated.NewElement[Ed25519](0) if len(elt.Limbs) != 4 { panic("bad length") } i := 0 - elt.Limbs[0] = c.api.FromBinary(s[i:i+64]...); i += 64 - elt.Limbs[1] = c.api.FromBinary(s[i:i+64]...); i += 64 - elt.Limbs[2] = c.api.FromBinary(s[i:i+64]...); i += 64 - elt.Limbs[3] = c.api.FromBinary(s[i:i+64]...); i += 64 + for k := 0; k < 4; k++ { + elt.Limbs[k] = c.api.FromBinary(s[i:i+64]...) + i += 64 + } if i != len(s) { panic("bad length") } return elt } @@ -83,13 +80,8 @@ func CheckValid(c *EdCurve, s, m, pk []frontend.Variable) { R := bits_to_element(c, s[:256]) A := bits_to_element(c, pk) h := H(c.api, concat(s[:256], pk, m)) - fmt.Println("h", h) - fmt.Println("g", dbg(c.g.X), dbg(c.g.Y)) - fmt.Println("s last half", s[256:]) v1 := c.ScalarMulBinary(c.g, s[256:]) - fmt.Println("v1", dbg(v1.X), dbg(v1.Y)) v2 := c.Add(R, c.ScalarMulBinary(A, h)) - fmt.Println("v2", dbg(v2.X), dbg(v2.Y)) c.AssertIsEqual(v1, v2) } @@ -152,10 +144,6 @@ func toValue(s EdCoordinate) *big.Int { return result } -func dbg(s EdCoordinate) string { - return toValue(s).Text(16) -} - func _const(x int64) EdCoordinate { return emulated.NewElement[Ed25519](big.NewInt(x)) }