Merge branch 'sha-scaffold' of github.com:succinctlabs/gnark-ed25519 into sha-scaffold

3 years ago · 543e78c31f
8 changed files with 49 additions and 49 deletions
--- a/sha512/constants.go
+++ b/sha512/constants.go
@ -4,8 +4,8 @@ import (
 	"github.com/consensys/gnark/frontend"
 )

 func H512(x uint) ([] frontend.Variable) {
 	out := make([] frontend.Variable, 64)
 func H512(x uint) ([64] frontend.Variable) {
 	var out [64]frontend.Variable	
 	cInt := [8]uint{0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1, 
 	0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179}
 	for k := 0; k < 64; k++ {
--- a/sha512/sha512.go
+++ b/sha512/sha512.go
@ -4,7 +4,7 @@ import (
 	"github.com/consensys/gnark/frontend"
 )

 func Sha512(api frontend.API, in [] frontend.Variable) ([] frontend.Variable) {
 func Sha512(api frontend.API, in [] frontend.Variable) ([512] frontend.Variable) {
 	nBits := len(in)

 	nBlocks := ((nBits + 128) / 1024) + 1
@ -24,10 +24,10 @@ func Sha512(api frontend.API, in [] frontend.Variable) ([] frontend.Variable) {
 		paddedIn[nBlocks*1024 - k - 1] = (nBits >> k) & 1
 	}

 	var h512Components = [8][]frontend.Variable
 	var h512Components [8][64]frontend.Variable

 	for i := 0; i < 8; i++ {
 		h512Components[i] = H512(i)
 		h512Components[i] = H512(uint(i))
 	}

 	sha512compression := make([][] frontend.Variable, nBlocks)
@ -51,10 +51,10 @@ func Sha512(api frontend.API, in [] frontend.Variable) ([] frontend.Variable) {
 		for k := 0; k < 1024; k++ {	
 			inp[k] = paddedIn[i*1024 + k]
 		}
 		sha512compression[i] = Sha512Compression(api, hin, inp)
 		sha512compression[i] = Sha512compression(api, hin, inp)
 	}

 	var out = [512]frontend.Variable
 	var out [512]frontend.Variable

 	for k := 0; k < 512; k++ {
 		out[k] = sha512compression[nBlocks-1][k]
--- a/sha512/sha512compression.go
+++ b/sha512/sha512compression.go
@ -11,7 +11,7 @@ func Sha512compression(api frontend.API, hin, inp []frontend.Variable) ([]fronte

 	var ct_k [80][]frontend.Variable
 	for i := 0; i < 80; i++ {
 		ct_k[i] = K512(i)
 		ct_k[i] = K512(uint(i))
 	}

 	var a [81][64]frontend.Variable
@ -30,7 +30,7 @@ func Sha512compression(api frontend.API, hin, inp []frontend.Variable) ([]fronte
 				w[t][k] = inp[t*64+63-k]
 			}
 		} else {
 			w[t] = SigmaPlus512(w[t-2], w[t-7], w[t-15], w[t-16])
 			w[t] = SigmaPlus512(api, w[t-2][:], w[t-7][:], w[t-15][:], w[t-16][:])
 		}
 		// if (t<16) {
 		//     for (k=0; k<64; k++) {
@ -73,8 +73,8 @@ func Sha512compression(api frontend.API, hin, inp []frontend.Variable) ([]fronte


 	for t := 0; t < 80; t++ {
 		t1 := T1_512(h[t], e[t], f[t], g[t], ct_k[t], w[t])
 		t2 := T2_512(a[t], b[t], c[t])
 		t1 := T1_512(api, h[t][:], e[t][:], f[t][:], g[t][:], ct_k[t][:], w[t][:])
 		t2 := T2_512(api, a[t][:], b[t][:], c[t][:])
 	//     for (k=0; k<64; k++) {
 	//         t1[t].h[k] <== h[t][k];
 	//         t1[t].e[k] <== e[t][k];
@ -123,22 +123,22 @@ func Sha512compression(api frontend.API, hin, inp []frontend.Variable) ([]fronte
 	var fsum_in [8][2][64]frontend.Variable

 	for k := 0; k < 64; k++ {
 	    fsum[0][0][k] =  hin[64*0+k]
 	    fsum[0][1][k] =  a[80][k]
 	    fsum[1][0][k] =  hin[64*1+k]
 	    fsum[1][1][k] =  b[80][k]
 	    fsum[2][0][k] =  hin[64*2+k]
 	    fsum[2][1][k] =  c[80][k]
 	    fsum[3][0][k] =  hin[64*3+k]
 	    fsum[3][1][k] =  d[80][k]
 	    fsum[4][0][k] =  hin[64*4+k]
 	    fsum[4][1][k] =  e[80][k]
 	    fsum[5][0][k] =  hin[64*5+k]
 	    fsum[5][1][k] =  f[80][k]
 	    fsum[6][0][k] =  hin[64*6+k]
 	    fsum[6][1][k] =  g[80][k]
 	    fsum[7][0][k] =  hin[64*7+k]
 	    fsum[7][1][k] =  h[80][k]
 	    fsum_in[0][0][k] =  hin[64*0+k]
 	    fsum_in[0][1][k] =  a[80][k]
 	    fsum_in[1][0][k] =  hin[64*1+k]
 	    fsum_in[1][1][k] =  b[80][k]
 	    fsum_in[2][0][k] =  hin[64*2+k]
 	    fsum_in[2][1][k] =  c[80][k]
 	    fsum_in[3][0][k] =  hin[64*3+k]
 	    fsum_in[3][1][k] =  d[80][k]
 	    fsum_in[4][0][k] =  hin[64*4+k]
 	    fsum_in[4][1][k] =  e[80][k]
 	    fsum_in[5][0][k] =  hin[64*5+k]
 	    fsum_in[5][1][k] =  f[80][k]
 	    fsum_in[6][0][k] =  hin[64*6+k]
 	    fsum_in[6][1][k] =  g[80][k]
 	    fsum_in[7][0][k] =  hin[64*7+k]
 	    fsum_in[7][1][k] =  h[80][k]
 	}
 	// for (k=0; k<64; k++) {
 	//     fsum[0].in[0][k] <==  hin[64*0+k];
@ -186,5 +186,5 @@ func Sha512compression(api frontend.API, hin, inp []frontend.Variable) ([]fronte
 	//     out[384+63-k] <== fsum[6].out[k];
 	//     out[448+63-k] <== fsum[7].out[k];
 	// }
 	return out
 	return out[:]
 }
--- a/sha512/sigma.go
+++ b/sha512/sigma.go
@ -8,11 +8,11 @@ import (
 func SmallSigma512(api frontend.API, in []frontend.Variable, ra, rb, rc int) ([]frontend.Variable) {
    if len(in) != 64 { panic("bad length") }

    rota := RotR512(in, ra)
    rotb := RotR512(in, rb)
    shrc := ShR512(in, rc)
    rota := RotR512(api, in, ra)
    rotb := RotR512(api, in, rb)
    shrc := ShR512(api, in, rc)

    return Xor3_512(rota, rotb, shrc)
    return Xor3_512(api, rota, rotb, shrc)
 }

 // template SmallSigma512(ra, rb, rc) {
@ -45,11 +45,11 @@ func SmallSigma512(api frontend.API, in []frontend.Variable, ra, rb, rc int) ([]
 func BigSigma512(api frontend.API, in []frontend.Variable, ra, rb, rc int) ([]frontend.Variable) {
    if len(in) != 64 { panic("bad length") }

    rota := RotR512(in, ra)
    rotb := RotR512(in, rb)
    rotc := RotR512(in, rc)
    rota := RotR512(api, in, ra)
    rotb := RotR512(api, in, rb)
    rotc := RotR512(api, in, rc)

    return Xor3_512(rota, rotb, rotc)
    return Xor3_512(api, rota, rotb, rotc)
 }

 // template BigSigma512(ra, rb, rc) {
--- a/sha512/sigmaplus.go
+++ b/sha512/sigmaplus.go
@ -5,13 +5,13 @@ import (
 )


 func SigmaPlus512(api frontend.API, in2, in7, in15, in16 []frontend.Variable) ([]frontend.Variable) {
 func SigmaPlus512(api frontend.API, in2, in7, in15, in16 []frontend.Variable) ([64]frontend.Variable) {
    if len(in2) != 64 { panic("bad length") }

    sigma1 := SmallSigma512(in2, 19, 61, 6)
    sigma0 := SmallSigma512(in15, 1, 8, 7)
    sigma1 := SmallSigma512(api, in2, 19, 61, 6)
    sigma0 := SmallSigma512(api, in15, 1, 8, 7)

    return BinSum(sigma1, in7, sigma0, in16)
    return BinSum(api, sigma1, in7, sigma0, in16)
 }


--- a/sha512/t1.go
+++ b/sha512/t1.go
@ -13,10 +13,10 @@ func T1_512(api frontend.API, h, e, f, g, k, w []frontend.Variable) ([]frontend.
    if len(k) != 64 { panic("bad length") }
    if len(w) != 64 { panic("bad length") }

    ch := Ch_t512(e, f, g)
    bigsigma1 := BigSigma512(e, 14, 18, 41)
    ch := Ch_t512(api, e, f, g)
    bigsigma1 := BigSigma512(api, e, 14, 18, 41)

    return BinSum(h, bigsigma1, ch, k, w)
    return BinSum(api, h, bigsigma1, ch, k, w)
 }

 // template T1_512() {
--- a/sha512/t2.go
+++ b/sha512/t2.go
@ -10,10 +10,10 @@ func T2_512(api frontend.API, a, b, c []frontend.Variable) ([]frontend.Variable)
 	if len(b) != 64 { panic("bad length") }
 	if len(c) != 64 { panic("bad length") }

 	bigsigma0 := BigSigma512(a, 28, 34, 39)
 	maj := Maj_t512(a, b, c)
 	bigsigma0 := BigSigma512(api, a, 28, 34, 39)
 	maj := Maj_t512(api, a, b, c)

 	return BinSum(maj, bigsigma0)
 	return BinSum(api, maj, bigsigma0)
 }

 // template T2_512() {
--- a/sha512/xor3.go
+++ b/sha512/xor3.go
@ -12,9 +12,9 @@ func Xor3_512(api frontend.API, a, b, c []frontend.Variable) ([]frontend.Variabl
 	out := make([]frontend.Variable, n)
 	for k := 0; k < n; k++ {
 		mid := api.Mul(b[k], c[k])
 		p := api.Add(1, api.Mul(-2, b[k]), api.Mul(-2, c[k]), api.Mul(4, mid[k]))
 		q := api.Mul(a[k], inner)
 		out[k] = api.Add(q, b[k], c[k], api.Mul(-2, mid[k]))
 		p := api.Add(1, api.Mul(-2, b[k]), api.Mul(-2, c[k]), api.Mul(4, mid))
 		q := api.Mul(a[k], p)
 		out[k] = api.Add(q, b[k], c[k], api.Mul(-2, mid))
 		// TODO: try doing this instead:
 		// out[k] = api.Xor(a[k], api.Xor(b[k], c[k]))
 	}