Merge branch 'sha-scaffold' of github.com:succinctlabs/gnark-ed25519 into sha-scaffold

sha512/constants.go

@@ -4,8 +4,8 @@ import (
 	"github.com/consensys/gnark/frontend"
 )
 
-func H512(x uint) ([] frontend.Variable) {
-	out := make([] frontend.Variable, 64)
+func H512(x uint) ([64] frontend.Variable) {
+	var out [64]frontend.Variable	
 	cInt := [8]uint{0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1, 
 	0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179}
 	for k := 0; k < 64; k++ {

sha512/sha512.go

@@ -4,7 +4,7 @@ import (
 	"github.com/consensys/gnark/frontend"
 )
 
-func Sha512(api frontend.API, in [] frontend.Variable) ([] frontend.Variable) {
+func Sha512(api frontend.API, in [] frontend.Variable) ([512] frontend.Variable) {
 	nBits := len(in)
 
 	nBlocks := ((nBits + 128) / 1024) + 1
@@ -24,10 +24,10 @@ func Sha512(api frontend.API, in [] frontend.Variable) ([] frontend.Variable) {
 		paddedIn[nBlocks*1024 - k - 1] = (nBits >> k) & 1
 	}
 
-	var h512Components = [8][]frontend.Variable
+	var h512Components [8][64]frontend.Variable
 
 	for i := 0; i < 8; i++ {
-		h512Components[i] = H512(i)
+		h512Components[i] = H512(uint(i))
 	}
 
 	sha512compression := make([][] frontend.Variable, nBlocks)
@@ -51,10 +51,10 @@ func Sha512(api frontend.API, in [] frontend.Variable) ([] frontend.Variable) {
 		for k := 0; k < 1024; k++ {	
 			inp[k] = paddedIn[i*1024 + k]
 		}
-		sha512compression[i] = Sha512Compression(api, hin, inp)
+		sha512compression[i] = Sha512compression(api, hin, inp)
 	}
 
-	var out = [512]frontend.Variable
+	var out [512]frontend.Variable
 
 	for k := 0; k < 512; k++ {
 		out[k] = sha512compression[nBlocks-1][k]

sha512/sha512compression.go

@@ -11,7 +11,7 @@ func Sha512compression(api frontend.API, hin, inp []frontend.Variable) ([]fronte
 
 	var ct_k [80][]frontend.Variable
 	for i := 0; i < 80; i++ {
-		ct_k[i] = K512(i)
+		ct_k[i] = K512(uint(i))
 	}
 
 	var a [81][64]frontend.Variable
@@ -30,7 +30,7 @@ func Sha512compression(api frontend.API, hin, inp []frontend.Variable) ([]fronte
 				w[t][k] = inp[t*64+63-k]
 			}
 		} else {
-			w[t] = SigmaPlus512(w[t-2], w[t-7], w[t-15], w[t-16])
+			w[t] = SigmaPlus512(api, w[t-2][:], w[t-7][:], w[t-15][:], w[t-16][:])
 		}
 		// if (t<16) {
 		//     for (k=0; k<64; k++) {
@@ -73,8 +73,8 @@ func Sha512compression(api frontend.API, hin, inp []frontend.Variable) ([]fronte
 
 
 	for t := 0; t < 80; t++ {
-		t1 := T1_512(h[t], e[t], f[t], g[t], ct_k[t], w[t])
-		t2 := T2_512(a[t], b[t], c[t])
+		t1 := T1_512(api, h[t][:], e[t][:], f[t][:], g[t][:], ct_k[t][:], w[t][:])
+		t2 := T2_512(api, a[t][:], b[t][:], c[t][:])
 	//     for (k=0; k<64; k++) {
 	//         t1[t].h[k] <== h[t][k];
 	//         t1[t].e[k] <== e[t][k];
@@ -123,22 +123,22 @@ func Sha512compression(api frontend.API, hin, inp []frontend.Variable) ([]fronte
 	var fsum_in [8][2][64]frontend.Variable
 
 	for k := 0; k < 64; k++ {
-	    fsum[0][0][k] =  hin[64*0+k]
-	    fsum[0][1][k] =  a[80][k]
-	    fsum[1][0][k] =  hin[64*1+k]
-	    fsum[1][1][k] =  b[80][k]
-	    fsum[2][0][k] =  hin[64*2+k]
-	    fsum[2][1][k] =  c[80][k]
-	    fsum[3][0][k] =  hin[64*3+k]
-	    fsum[3][1][k] =  d[80][k]
-	    fsum[4][0][k] =  hin[64*4+k]
-	    fsum[4][1][k] =  e[80][k]
-	    fsum[5][0][k] =  hin[64*5+k]
-	    fsum[5][1][k] =  f[80][k]
-	    fsum[6][0][k] =  hin[64*6+k]
-	    fsum[6][1][k] =  g[80][k]
-	    fsum[7][0][k] =  hin[64*7+k]
-	    fsum[7][1][k] =  h[80][k]
+	    fsum_in[0][0][k] =  hin[64*0+k]
+	    fsum_in[0][1][k] =  a[80][k]
+	    fsum_in[1][0][k] =  hin[64*1+k]
+	    fsum_in[1][1][k] =  b[80][k]
+	    fsum_in[2][0][k] =  hin[64*2+k]
+	    fsum_in[2][1][k] =  c[80][k]
+	    fsum_in[3][0][k] =  hin[64*3+k]
+	    fsum_in[3][1][k] =  d[80][k]
+	    fsum_in[4][0][k] =  hin[64*4+k]
+	    fsum_in[4][1][k] =  e[80][k]
+	    fsum_in[5][0][k] =  hin[64*5+k]
+	    fsum_in[5][1][k] =  f[80][k]
+	    fsum_in[6][0][k] =  hin[64*6+k]
+	    fsum_in[6][1][k] =  g[80][k]
+	    fsum_in[7][0][k] =  hin[64*7+k]
+	    fsum_in[7][1][k] =  h[80][k]
 	}
 	// for (k=0; k<64; k++) {
 	//     fsum[0].in[0][k] <==  hin[64*0+k];
@@ -186,5 +186,5 @@ func Sha512compression(api frontend.API, hin, inp []frontend.Variable) ([]fronte
 	//     out[384+63-k] <== fsum[6].out[k];
 	//     out[448+63-k] <== fsum[7].out[k];
 	// }
-	return out
+	return out[:]
 }

sha512/sigma.go

@@ -8,11 +8,11 @@ import (
 func SmallSigma512(api frontend.API, in []frontend.Variable, ra, rb, rc int) ([]frontend.Variable) {
     if len(in) != 64 { panic("bad length") }
 
-    rota := RotR512(in, ra)
-    rotb := RotR512(in, rb)
-    shrc := ShR512(in, rc)
+    rota := RotR512(api, in, ra)
+    rotb := RotR512(api, in, rb)
+    shrc := ShR512(api, in, rc)
 
-    return Xor3_512(rota, rotb, shrc)
+    return Xor3_512(api, rota, rotb, shrc)
 }
 
 // template SmallSigma512(ra, rb, rc) {
@@ -45,11 +45,11 @@ func SmallSigma512(api frontend.API, in []frontend.Variable, ra, rb, rc int) ([]
 func BigSigma512(api frontend.API, in []frontend.Variable, ra, rb, rc int) ([]frontend.Variable) {
     if len(in) != 64 { panic("bad length") }
 
-    rota := RotR512(in, ra)
-    rotb := RotR512(in, rb)
-    rotc := RotR512(in, rc)
+    rota := RotR512(api, in, ra)
+    rotb := RotR512(api, in, rb)
+    rotc := RotR512(api, in, rc)
 
-    return Xor3_512(rota, rotb, rotc)
+    return Xor3_512(api, rota, rotb, rotc)
 }
 
 // template BigSigma512(ra, rb, rc) {

sha512/sigmaplus.go

@@ -5,13 +5,13 @@ import (
 )
 
 
-func SigmaPlus512(api frontend.API, in2, in7, in15, in16 []frontend.Variable) ([]frontend.Variable) {
+func SigmaPlus512(api frontend.API, in2, in7, in15, in16 []frontend.Variable) ([64]frontend.Variable) {
     if len(in2) != 64 { panic("bad length") }
 
-    sigma1 := SmallSigma512(in2, 19, 61, 6)
-    sigma0 := SmallSigma512(in15, 1, 8, 7)
+    sigma1 := SmallSigma512(api, in2, 19, 61, 6)
+    sigma0 := SmallSigma512(api, in15, 1, 8, 7)
 
-    return BinSum(sigma1, in7, sigma0, in16)
+    return BinSum(api, sigma1, in7, sigma0, in16)
 }
 
 

sha512/t1.go

@@ -13,10 +13,10 @@ func T1_512(api frontend.API, h, e, f, g, k, w []frontend.Variable) ([]frontend.
     if len(k) != 64 { panic("bad length") }
     if len(w) != 64 { panic("bad length") }
 
-    ch := Ch_t512(e, f, g)
-    bigsigma1 := BigSigma512(e, 14, 18, 41)
+    ch := Ch_t512(api, e, f, g)
+    bigsigma1 := BigSigma512(api, e, 14, 18, 41)
 
-    return BinSum(h, bigsigma1, ch, k, w)
+    return BinSum(api, h, bigsigma1, ch, k, w)
 }
 
 // template T1_512() {

sha512/t2.go

@@ -10,10 +10,10 @@ func T2_512(api frontend.API, a, b, c []frontend.Variable) ([]frontend.Variable)
 	if len(b) != 64 { panic("bad length") }
 	if len(c) != 64 { panic("bad length") }
 
-	bigsigma0 := BigSigma512(a, 28, 34, 39)
-	maj := Maj_t512(a, b, c)
+	bigsigma0 := BigSigma512(api, a, 28, 34, 39)
+	maj := Maj_t512(api, a, b, c)
 
-	return BinSum(maj, bigsigma0)
+	return BinSum(api, maj, bigsigma0)
 }
 
 // template T2_512() {

sha512/xor3.go

@@ -12,9 +12,9 @@ func Xor3_512(api frontend.API, a, b, c []frontend.Variable) ([]frontend.Variabl
 	out := make([]frontend.Variable, n)
 	for k := 0; k < n; k++ {
 		mid := api.Mul(b[k], c[k])
-		p := api.Add(1, api.Mul(-2, b[k]), api.Mul(-2, c[k]), api.Mul(4, mid[k]))
-		q := api.Mul(a[k], inner)
-		out[k] = api.Add(q, b[k], c[k], api.Mul(-2, mid[k]))
+		p := api.Add(1, api.Mul(-2, b[k]), api.Mul(-2, c[k]), api.Mul(4, mid))
+		q := api.Mul(a[k], p)
+		out[k] = api.Add(q, b[k], c[k], api.Mul(-2, mid))
 		// TODO: try doing this instead:
 		// out[k] = api.Xor(a[k], api.Xor(b[k], c[k]))
 	}