arnaucube
/
gnark-plonky2-verifier
mirror of https://github.com/arnaucube/gnark-plonky2-verifier.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

remove old code

main
Jacob Jackson 3 years ago
parent
105839d5bf
commit
61568028c3
16 changed files with 3 additions and 923 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +0
    -133
      sha512/binsum.go
  2. +0
    -48
      sha512/binsum_test.go
  3. +0
    -28
      sha512/ch.go
  4. +0
    -79
      sha512/constants.go
  5. +0
    -33
      sha512/maj.go
  6. +0
    -24
      sha512/rotate.go
  7. +0
    -72
      sha512/sha512.go
  8. +0
    -190
      sha512/sha512compression.go
  9. +3
    -0
      sha512/sha_test.go
  10. +0
    -32
      sha512/shift.go
  11. +0
    -81
      sha512/sigma.go
  12. +0
    -49
      sha512/sigmaplus.go
  13. +0
    -55
      sha512/t1.go
  14. +0
    -45
      sha512/t2.go
  15. +0
    -19
      sha512/utils.go
  16. +0
    -35
      sha512/xor3.go

+ 0
- 133
sha512/binsum.go
View File

@ -1,133 +0,0 @@
package sha512
import (
"math/big"
"github.com/consensys/gnark/backend/hint"
"github.com/consensys/gnark/frontend"
)
func padToSameLength(args [][]frontend.Variable) ([][]frontend.Variable, int) {
maxLength := 0
for _, v := range args {
if len(v) > maxLength {
maxLength = len(v)
}
}
result := make([][]frontend.Variable, len(args))
for i := 0; i < len(args); i++ {
if len(args[i]) < maxLength {
arr := make([]frontend.Variable, maxLength)
for j := 0; j < maxLength; j++ {
if j < len(args[i]) {
arr[j] = args[i][j]
} else {
arr[j] = 0
}
}
result[i] = arr
} else {
result[i] = args[i]
}
}
return result, maxLength
}
func log2(n int) int {
if n <= 0 { panic("undefined") }
result := 0
n -= 1
for n > 0 {
n >>= 1
result += 1
}
return result
}
func extractBit(n big.Int) bool {
if !n.IsInt64() {
panic("not bit")
}
val := n.Int64()
if val == 0 {
return false
} else if val == 1 {
return true
} else {
panic("not bit")
}
}
func flatten(arr [][]frontend.Variable) ([]frontend.Variable) {
totalLength := 0
for _, v := range arr {
totalLength += len(v)
}
result := make([]frontend.Variable, totalLength)
i := 0
for _, v := range arr {
for _, u := range v {
result[i] = u
i += 1
}
}
return result
}
func BinSum(api frontend.API, args ...[]frontend.Variable) ([]frontend.Variable) {
ops := len(args)
in, n := padToSameLength(args)
nout := n + log2(ops)
// var nout = nbits((2**n -1)*ops);
// signal input in[ops][n];
// signal output out[nout];
var hintFn hint.Function = func(field *big.Int, inputs []*big.Int, outputs []*big.Int) error {
if len(inputs) != ops*n { panic("bad length") }
if len(outputs) != nout { panic("bad length") }
maxOutputValue := big.NewInt(1)
maxOutputValue.Lsh(maxOutputValue, uint(nout))
if maxOutputValue.Cmp(field) != -1 { panic("overflow") }
result := big.NewInt(0)
for i := 0; i < ops; i++ {
placeValue := big.NewInt(1)
for j := 0; j < n; j++ {
if extractBit(*inputs[i*n+j]) {
result.Add(result, placeValue)
}
placeValue.Add(placeValue, placeValue)
}
}
for i := 0; i < nout; i++ {
v := new(big.Int).Rsh(result, uint(i))
v.And(v, big.NewInt(1))
outputs[i] = v
}
return nil
}
out, err := api.NewHint(hintFn, nout, flatten(in)...)
if err != nil {
panic(err)
}
var lhs frontend.Variable = 0
var rhs frontend.Variable = 0
placeValue := big.NewInt(1)
for i := 0; i < nout; i++ {
for j := 0; j < ops; j++ {
if i < n {
lhs = api.Add(lhs, api.Mul(placeValue, in[j][i]))
}
}
rhs = api.Add(rhs, api.Mul(placeValue, out[i]))
api.AssertIsBoolean(out[i])
placeValue.Add(placeValue, placeValue)
}
api.AssertIsEqual(lhs, rhs)
return out
}

+ 0
- 48
sha512/binsum_test.go
View File

@ -1,48 +0,0 @@
package sha512
import (
"testing"
"github.com/consensys/gnark-crypto/ecc"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
// "github.com/ethereum/go-ethereum/crypto/secp256k1"
)
type BinsumTest struct {
A []frontend.Variable
B []frontend.Variable
C []frontend.Variable
}
func (c *BinsumTest) Define(api frontend.API) error {
sum := BinSum(api, c.A, c.B)
for i := 0; i < len(sum) || i < len(c.C); i++ {
if i < len(sum) && i < len(c.C) {
api.AssertIsEqual(sum[i], c.C[i])
} else if i < len(sum) {
api.AssertIsEqual(sum[i], 0)
} else {
api.AssertIsEqual(c.C[i], 0)
}
}
return nil
}
func TestBinsum(t *testing.T) {
assert := test.NewAssert(t)
circuit := BinsumTest{
A: []frontend.Variable{0, 0, 0},
B: []frontend.Variable{0, 0, 0},
C: []frontend.Variable{0, 0, 0, 0},
}
witness := BinsumTest{
A: []frontend.Variable{1, 0, 1},
B: []frontend.Variable{1, 1, 1},
C: []frontend.Variable{0, 0, 1, 1},
}
err := test.IsSolved(&circuit, &witness, testCurve.ScalarField())
assert.NoError(err)
}
var testCurve = ecc.BN254

+ 0
- 28
sha512/ch.go
View File

@ -1,28 +0,0 @@
package sha512
import (
"github.com/consensys/gnark/frontend"
)
func Ch_t512(api frontend.API, a, b, c []frontend.Variable) ([]frontend.Variable) {
n := len(a)
if len(a) != n { panic("bad length") }
if len(b) != n { panic("bad length") }
if len(c) != n { panic("bad length") }
out := make([]frontend.Variable, n)
for k := 0; k < n; k++ {
out[k] = api.Add(api.Mul(a[k], api.Sub(b[k], c[k])), c[k]);
}
return out
}
// template Ch_t512(n) {
// signal input a[n];
// signal input b[n];
// signal input c[n];
// signal output out[n];
// for (var k=0; k<n; k++) {
// out[k] <== a[k] * (b[k]-c[k]) + c[k];
// }
// }

+ 0
- 79
sha512/constants.go
View File

@ -1,79 +0,0 @@
package sha512
import (
"github.com/consensys/gnark/frontend"
)
func H512(x uint) ([64] frontend.Variable) {
var out [64]frontend.Variable
cInt := [8]uint{0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179}
for k := 0; k < 64; k++ {
out[k] = (cInt[x] >> k) & 1
}
return out
}
// template H512(x) {
// signal output out[64];
// var c[8] = [
// 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
// 0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179
// ];
// for (var i=0; i<64; i++) {
// out[i] <== (c[x] >> i) & 1;
// }
// }
func K512(x uint) ([] frontend.Variable) {
out := make([] frontend.Variable, 64)
c := [80]uint{
0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc, 0x3956c25bf348b538,
0x59f111f1b605d019, 0x923f82a4af194f9b, 0xab1c5ed5da6d8118, 0xd807aa98a3030242, 0x12835b0145706fbe,
0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2, 0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235,
0xc19bf174cf692694, 0xe49b69c19ef14ad2, 0xefbe4786384f25e3, 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,
0x2de92c6f592b0275, 0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5, 0x983e5152ee66dfab,
0xa831c66d2db43210, 0xb00327c898fb213f, 0xbf597fc7beef0ee4, 0xc6e00bf33da88fc2, 0xd5a79147930aa725,
0x06ca6351e003826f, 0x142929670a0e6e70, 0x27b70a8546d22ffc, 0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed,
0x53380d139d95b3df, 0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6, 0x92722c851482353b,
0xa2bfe8a14cf10364, 0xa81a664bbc423001, 0xc24b8b70d0f89791, 0xc76c51a30654be30, 0xd192e819d6ef5218,
0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8, 0x19a4c116b8d2d0c8, 0x1e376c085141ab53,
0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8, 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb, 0x5b9cca4f7763e373,
0x682e6ff3d6b2b8a3, 0x748f82ee5defb2fc, 0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec,
0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915, 0xc67178f2e372532b, 0xca273eceea26619c,
0xd186b8c721c0c207, 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178, 0x06f067aa72176fba, 0x0a637dc5a2c898a6,
0x113f9804bef90dae, 0x1b710b35131c471b, 0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc,
0x431d67c49c100d4c, 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a, 0x5fcb6fab3ad6faec, 0x6c44198c4a475817}
for k := 0; k < 64; k++ {
out[k] = (c[x] >> k) & 1
}
return out
}
// template K512(x) {
// signal output out[64];
// var c[80] = [
// 0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc, 0x3956c25bf348b538,
// 0x59f111f1b605d019, 0x923f82a4af194f9b, 0xab1c5ed5da6d8118, 0xd807aa98a3030242, 0x12835b0145706fbe,
// 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2, 0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235,
// 0xc19bf174cf692694, 0xe49b69c19ef14ad2, 0xefbe4786384f25e3, 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,
// 0x2de92c6f592b0275, 0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5, 0x983e5152ee66dfab,
// 0xa831c66d2db43210, 0xb00327c898fb213f, 0xbf597fc7beef0ee4, 0xc6e00bf33da88fc2, 0xd5a79147930aa725,
// 0x06ca6351e003826f, 0x142929670a0e6e70, 0x27b70a8546d22ffc, 0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed,
// 0x53380d139d95b3df, 0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6, 0x92722c851482353b,
// 0xa2bfe8a14cf10364, 0xa81a664bbc423001, 0xc24b8b70d0f89791, 0xc76c51a30654be30, 0xd192e819d6ef5218,
// 0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8, 0x19a4c116b8d2d0c8, 0x1e376c085141ab53,
// 0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8, 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb, 0x5b9cca4f7763e373,
// 0x682e6ff3d6b2b8a3, 0x748f82ee5defb2fc, 0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec,
// 0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915, 0xc67178f2e372532b, 0xca273eceea26619c,
// 0xd186b8c721c0c207, 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178, 0x06f067aa72176fba, 0x0a637dc5a2c898a6,
// 0x113f9804bef90dae, 0x1b710b35131c471b, 0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc,
// 0x431d67c49c100d4c, 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a, 0x5fcb6fab3ad6faec, 0x6c44198c4a475817
// ];
// for (var i=0; i<64; i++) {
// out[i] <== (c[x] >> i) & 1;
// }
// }

+ 0
- 33
sha512/maj.go
View File

@ -1,33 +0,0 @@
package sha512
import (
"github.com/consensys/gnark/frontend"
)
func Maj_t512(api frontend.API, a, b, c [] frontend.Variable) ([] frontend.Variable) {
n := len(a)
if len(a) != n { panic("bad length") }
if len(b) != n { panic("bad length") }
if len(c) != n { panic("bad length") }
mid := make([] frontend.Variable, n)
out := make([] frontend.Variable, n)
for k := 0; k < n; k++ {
mid[k] = api.Mul(b[k], c[k])
out[k] = api.Add(api.Mul(a[k], api.Sub(api.Add(b[k], c[k]), api.Mul(2, mid[k]))), mid[k])
}
return out
}
// template Maj_t512(n) {
// signal input a[n];
// signal input b[n];
// signal input c[n];
// signal output out[n];
// signal mid[n];
// for (var k=0; k<n; k++) {
// mid[k] <== b[k]*c[k];
// out[k] <== a[k] * (b[k]+c[k]-2*mid[k]) + mid[k];
// }
// }

+ 0
- 24
sha512/rotate.go
View File

@ -1,24 +0,0 @@
package sha512
import (
"github.com/consensys/gnark/frontend"
)
func RotR512(api frontend.API, in [] frontend.Variable, r int) ([] frontend.Variable) {
n := len(in)
out := make([] frontend.Variable, n)
for i := 0; i < n; i++ {
out[i] = in[ (i+r) % n ]
}
return out
}
// template RotR512(n, r) {
// signal input in[n];
// signal output out[n];
// for (var i=0; i<n; i++) {
// out[i] <== in[ (i+r)%n ];
// }
// }

+ 0
- 72
sha512/sha512.go
View File

@ -1,72 +0,0 @@
package sha512
import (
"fmt"
"github.com/consensys/gnark/frontend"
)
func Sha512(api frontend.API, in [] frontend.Variable) ([512] frontend.Variable) {
nBits := len(in)
for _, v := range in {
api.AssertIsBoolean(v)
}
nBlocks := ((nBits + 128) / 1024) + 1
paddedIn := make([] frontend.Variable, nBlocks * 1024)
for k := 0; k < nBits; k++ {
paddedIn[k] = in[k]
}
paddedIn[nBits] = 1
for k := nBits+1; k < len(paddedIn); k++ {
paddedIn[k] = 0
}
for k := 0; k < 128; k++ {
paddedIn[nBlocks*1024 - k - 1] = (nBits >> k) & 1
}
fmt.Println(paddedIn)
var h512Components [8][64]frontend.Variable
for i := 0; i < 8; i++ {
h512Components[i] = H512(uint(i))
}
sha512compression := make([][] frontend.Variable, nBlocks)
for i := 0; i < nBlocks; i++ {
var hin = make([] frontend.Variable, 64 * 8)
var inp = make([] frontend.Variable, 1024)
if i == 0 {
for k := 0; k < 64; k++ {
for j := 0; j < 8; j++ {
hin[j*64 + k] = h512Components[j][k]
}
}
} else {
for k := 0; k < 64; k++ {
for j := 0; j < 8; j++ {
hin[j*64 + k] = sha512compression[i-1][64*j+63-k]
}
}
}
for k := 0; k < 1024; k++ {
inp[k] = paddedIn[i*1024 + k]
}
sha512compression[i] = Sha512compression(api, hin, inp)
}
var out [512]frontend.Variable
for k := 0; k < 512; k++ {
out[k] = sha512compression[nBlocks-1][k]
}
return out
}

+ 0
- 190
sha512/sha512compression.go
View File

@ -1,190 +0,0 @@
package sha512
import (
"github.com/consensys/gnark/frontend"
)
func Sha512compression(api frontend.API, hin, inp []frontend.Variable) ([]frontend.Variable) {
if len(hin) != 512 { panic("bad length") }
if len(inp) != 1024 { panic("bad length") }
var ct_k [80][]frontend.Variable
for i := 0; i < 80; i++ {
ct_k[i] = K512(uint(i))
}
var a [81][64]frontend.Variable
var b [81][64]frontend.Variable
var c [81][64]frontend.Variable
var d [81][64]frontend.Variable
var e [81][64]frontend.Variable
var f [81][64]frontend.Variable
var g [81][64]frontend.Variable
var h [81][64]frontend.Variable
var w [80][64]frontend.Variable
for t := 0; t < 80; t++ {
if t < 16 {
for k := 0; k < 64; k++ {
w[t][k] = inp[t*64+63-k]
}
} else {
w[t] = SigmaPlus512(api, w[t-2][:], w[t-7][:], w[t-15][:], w[t-16][:])
}
// if (t<16) {
// for (k=0; k<64; k++) {
// w[t][k] <== inp[t*64+63-k];
// }
// } else {
// for (k=0; k<64; k++) {
// sigmaPlus[t-16].in2[k] <== w[t-2][k];
// sigmaPlus[t-16].in7[k] <== w[t-7][k];
// sigmaPlus[t-16].in15[k] <== w[t-15][k];
// sigmaPlus[t-16].in16[k] <== w[t-16][k];
// }
// for (k=0; k<64; k++) {
// w[t][k] <== sigmaPlus[t-16].out[k];
// }
// }
}
for k := 0; k < 64; k++ {
a[0][k] = hin[k]
b[0][k] = hin[64*1 + k]
c[0][k] = hin[64*2 + k]
d[0][k] = hin[64*3 + k]
e[0][k] = hin[64*4 + k]
f[0][k] = hin[64*5 + k]
g[0][k] = hin[64*6 + k]
h[0][k] = hin[64*7 + k]
}
// for (k=0; k<64; k++ ) {
// a[0][k] <== hin[k];
// b[0][k] <== hin[64*1 + k];
// c[0][k] <== hin[64*2 + k];
// d[0][k] <== hin[64*3 + k];
// e[0][k] <== hin[64*4 + k];
// f[0][k] <== hin[64*5 + k];
// g[0][k] <== hin[64*6 + k];
// h[0][k] <== hin[64*7 + k];
// }
for t := 0; t < 80; t++ {
t1 := T1_512(api, h[t][:], e[t][:], f[t][:], g[t][:], ct_k[t][:], w[t][:])
t2 := T2_512(api, a[t][:], b[t][:], c[t][:])
// for (k=0; k<64; k++) {
// t1[t].h[k] <== h[t][k];
// t1[t].e[k] <== e[t][k];
// t1[t].f[k] <== f[t][k];
// t1[t].g[k] <== g[t][k];
// t1[t].k[k] <== ct_k[t].out[k];
// t1[t].w[k] <== w[t][k];
// t2[t].a[k] <== a[t][k];
// t2[t].b[k] <== b[t][k];
// t2[t].c[k] <== c[t][k];
// }
sume := BinSum(api, d[t][:], t1)
suma := BinSum(api, t1, t2)
// for (k=0; k<64; k++) {
// sume[t].in[0][k] <== d[t][k];
// sume[t].in[1][k] <== t1[t].out[k];
// suma[t].in[0][k] <== t1[t].out[k];
// suma[t].in[1][k] <== t2[t].out[k];
// }
for k := 0; k < 64; k++ {
h[t+1][k] = g[t][k];
g[t+1][k] = f[t][k];
f[t+1][k] = e[t][k];
e[t+1][k] = sume[k];
d[t+1][k] = c[t][k];
c[t+1][k] = b[t][k];
b[t+1][k] = a[t][k];
a[t+1][k] = suma[k];
}
// for (k=0; k<64; k++) {
// h[t+1][k] <== g[t][k];
// g[t+1][k] <== f[t][k];
// f[t+1][k] <== e[t][k];
// e[t+1][k] <== sume[t].out[k];
// d[t+1][k] <== c[t][k];
// c[t+1][k] <== b[t][k];
// b[t+1][k] <== a[t][k];
// a[t+1][k] <== suma[t].out[k];
// }
}
var fsum_in [8][2][64]frontend.Variable
for k := 0; k < 64; k++ {
fsum_in[0][0][k] = hin[64*0+k]
fsum_in[0][1][k] = a[80][k]
fsum_in[1][0][k] = hin[64*1+k]
fsum_in[1][1][k] = b[80][k]
fsum_in[2][0][k] = hin[64*2+k]
fsum_in[2][1][k] = c[80][k]
fsum_in[3][0][k] = hin[64*3+k]
fsum_in[3][1][k] = d[80][k]
fsum_in[4][0][k] = hin[64*4+k]
fsum_in[4][1][k] = e[80][k]
fsum_in[5][0][k] = hin[64*5+k]
fsum_in[5][1][k] = f[80][k]
fsum_in[6][0][k] = hin[64*6+k]
fsum_in[6][1][k] = g[80][k]
fsum_in[7][0][k] = hin[64*7+k]
fsum_in[7][1][k] = h[80][k]
}
// for (k=0; k<64; k++) {
// fsum[0].in[0][k] <== hin[64*0+k];
// fsum[0].in[1][k] <== a[80][k];
// fsum[1].in[0][k] <== hin[64*1+k];
// fsum[1].in[1][k] <== b[80][k];
// fsum[2].in[0][k] <== hin[64*2+k];
// fsum[2].in[1][k] <== c[80][k];
// fsum[3].in[0][k] <== hin[64*3+k];
// fsum[3].in[1][k] <== d[80][k];
// fsum[4].in[0][k] <== hin[64*4+k];
// fsum[4].in[1][k] <== e[80][k];
// fsum[5].in[0][k] <== hin[64*5+k];
// fsum[5].in[1][k] <== f[80][k];
// fsum[6].in[0][k] <== hin[64*6+k];
// fsum[6].in[1][k] <== g[80][k];
// fsum[7].in[0][k] <== hin[64*7+k];
// fsum[7].in[1][k] <== h[80][k];
// }
var fsum [8][]frontend.Variable
for i := 0; i < 8; i++ {
fsum[i] = BinSum(api, fsum_in[i][0][:], fsum_in[i][1][:])
}
var out [512]frontend.Variable
for k := 0; k < 64; k++ {
out[63-k] = fsum[0][k]
out[64+63-k] = fsum[1][k]
out[128+63-k] = fsum[2][k]
out[192+63-k] = fsum[3][k]
out[256+63-k] = fsum[4][k]
out[320+63-k] = fsum[5][k]
out[384+63-k] = fsum[6][k]
out[448+63-k] = fsum[7][k]
}
// for (k=0; k<64; k++) {
// out[63-k] <== fsum[0].out[k];
// out[64+63-k] <== fsum[1].out[k];
// out[128+63-k] <== fsum[2].out[k];
// out[192+63-k] <== fsum[3].out[k];
// out[256+63-k] <== fsum[4].out[k];
// out[320+63-k] <== fsum[5].out[k];
// out[384+63-k] <== fsum[6].out[k];
// out[448+63-k] <== fsum[7].out[k];
// }
return out[:]
}

+ 3
- 0
sha512/sha_test.go
View File

@ -6,6 +6,7 @@ import (
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
"github.com/consensys/gnark-crypto/ecc"
)
type Sha512Circuit struct {
@ -22,6 +23,8 @@ func (circuit *Sha512Circuit) Define(api frontend.API) error {
return nil
}
var testCurve = ecc.BN254
func TestSha512(t *testing.T) {
assert := test.NewAssert(t)

+ 0
- 32
sha512/shift.go
View File

@ -1,32 +0,0 @@
package sha512
import (
"github.com/consensys/gnark/frontend"
)
func ShR512(api frontend.API, in []frontend.Variable, r int) ([]frontend.Variable) {
n := len(in)
out := make([] frontend.Variable, n)
for i := 0; i < n; i++ {
if i+r >= n {
out[i] = 0
} else {
out[i] = in[i+r]
}
}
return out
}
// template ShR512(n, r) {
// signal input in[n];
// signal output out[n];
// for (var i=0; i<n; i++) {
// if (i+r >= n) {
// out[i] <== 0;
// } else {
// out[i] <== in[ i+r ];
// }
// }
// }

+ 0
- 81
sha512/sigma.go
View File

@ -1,81 +0,0 @@
package sha512
import (
"github.com/consensys/gnark/frontend"
)
func SmallSigma512(api frontend.API, in []frontend.Variable, ra, rb, rc int) ([]frontend.Variable) {
if len(in) != 64 { panic("bad length") }
rota := RotR512(api, in, ra)
rotb := RotR512(api, in, rb)
shrc := ShR512(api, in, rc)
return Xor3_512(api, rota, rotb, shrc)
}
// template SmallSigma512(ra, rb, rc) {
// signal input in[64];
// signal output out[64];
// var k;
// component rota = RotR512(64, ra);
// component rotb = RotR512(64, rb);
// component shrc = ShR512(64, rc);
// for (k=0; k<64; k++) {
// rota.in[k] <== in[k];
// rotb.in[k] <== in[k];
// shrc.in[k] <== in[k];
// }
// component xor3 = Xor3_512(64);
// for (k=0; k<64; k++) {
// xor3.a[k] <== rota.out[k];
// xor3.b[k] <== rotb.out[k];
// xor3.c[k] <== shrc.out[k];
// }
// for (k=0; k<64; k++) {
// out[k] <== xor3.out[k];
// }
// }
func BigSigma512(api frontend.API, in []frontend.Variable, ra, rb, rc int) ([]frontend.Variable) {
if len(in) != 64 { panic("bad length") }
rota := RotR512(api, in, ra)
rotb := RotR512(api, in, rb)
rotc := RotR512(api, in, rc)
return Xor3_512(api, rota, rotb, rotc)
}
// template BigSigma512(ra, rb, rc) {
// signal input in[64];
// signal output out[64];
// var k;
// component rota = RotR512(64, ra);
// component rotb = RotR512(64, rb);
// component rotc = RotR512(64, rc);
// for (k=0; k<64; k++) {
// rota.in[k] <== in[k];
// rotb.in[k] <== in[k];
// rotc.in[k] <== in[k];
// }
// component xor3 = Xor3_512(64);
// for (k=0; k<64; k++) {
// xor3.a[k] <== rota.out[k];
// xor3.b[k] <== rotb.out[k];
// xor3.c[k] <== rotc.out[k];
// }
// for (k=0; k<64; k++) {
// out[k] <== xor3.out[k];
// }
// }

+ 0
- 49
sha512/sigmaplus.go
View File

@ -1,49 +0,0 @@
package sha512
import (
"github.com/consensys/gnark/frontend"
)
func SigmaPlus512(api frontend.API, in2, in7, in15, in16 []frontend.Variable) ([64]frontend.Variable) {
if len(in2) != 64 { panic("bad length") }
sigma1 := SmallSigma512(api, in2, 19, 61, 6)
sigma0 := SmallSigma512(api, in15, 1, 8, 7)
inter := BinSum(api, sigma1, in7, sigma0, in16)
var out [64]frontend.Variable
for k := 0; k < 64; k++ {
out[k] = inter[k]
}
return out
}
// template SigmaPlus512() {
// signal input in2[64];
// signal input in7[64];
// signal input in15[64];
// signal input in16[64];
// signal output out[64];
// var k;
// component sigma1 = SmallSigma512(19,61,6);
// component sigma0 = SmallSigma512(1, 8, 7);
// for (k=0; k<64; k++) {
// sigma1.in[k] <== in2[k];
// sigma0.in[k] <== in15[k];
// }
// component sum = BinSum(64, 4);
// for (k=0; k<64; k++) {
// sum.in[0][k] <== sigma1.out[k];
// sum.in[1][k] <== in7[k];
// sum.in[2][k] <== sigma0.out[k];
// sum.in[3][k] <== in16[k];
// }
// for (k=0; k<64; k++) {
// out[k] <== sum.out[k];
// }
// }

+ 0
- 55
sha512/t1.go
View File

@ -1,55 +0,0 @@
package sha512
import (
"github.com/consensys/gnark/frontend"
)
func T1_512(api frontend.API, h, e, f, g, k, w []frontend.Variable) ([]frontend.Variable) {
if len(h) != 64 { panic("bad length") }
if len(e) != 64 { panic("bad length") }
if len(f) != 64 { panic("bad length") }
if len(g) != 64 { panic("bad length") }
if len(k) != 64 { panic("bad length") }
if len(w) != 64 { panic("bad length") }
ch := Ch_t512(api, e, f, g)
bigsigma1 := BigSigma512(api, e, 14, 18, 41)
return BinSum(api, h, bigsigma1, ch, k, w)
}
// template T1_512() {
// signal input h[64];
// signal input e[64];
// signal input f[64];
// signal input g[64];
// signal input k[64];
// signal input w[64];
// signal output out[64];
// var ki;
// component ch = Ch_t512(64);
// component bigsigma1 = BigSigma512(14, 18, 41);
// for (ki=0; ki<64; ki++) {
// bigsigma1.in[ki] <== e[ki];
// ch.a[ki] <== e[ki];
// ch.b[ki] <== f[ki];
// ch.c[ki] <== g[ki];
// }
// component sum = BinSum(64, 5);
// for (ki=0; ki<64; ki++) {
// sum.in[0][ki] <== h[ki];
// sum.in[1][ki] <== bigsigma1.out[ki];
// sum.in[2][ki] <== ch.out[ki];
// sum.in[3][ki] <== k[ki];
// sum.in[4][ki] <== w[ki];
// }
// for (ki=0; ki<64; ki++) {
// out[ki] <== sum.out[ki];
// }
// }

+ 0
- 45
sha512/t2.go
View File

@ -1,45 +0,0 @@
package sha512
import (
"github.com/consensys/gnark/frontend"
)
func T2_512(api frontend.API, a, b, c []frontend.Variable) ([]frontend.Variable) {
if len(a) != 64 { panic("bad length") }
if len(b) != 64 { panic("bad length") }
if len(c) != 64 { panic("bad length") }
bigsigma0 := BigSigma512(api, a, 28, 34, 39)
maj := Maj_t512(api, a, b, c)
return BinSum(api, maj, bigsigma0)
}
// template T2_512() {
// signal input a[64];
// signal input b[64];
// signal input c[64];
// signal output out[64];
// var k;
// component bigsigma0 = BigSigma512(28, 34, 39);
// component maj = Maj_t512(64);
// for (k=0; k<64; k++) {
// bigsigma0.in[k] <== a[k];
// maj.a[k] <== a[k];
// maj.b[k] <== b[k];
// maj.c[k] <== c[k];
// }
// component sum = BinSum(64, 2);
// for (k=0; k<64; k++) {
// sum.in[0][k] <== bigsigma0.out[k];
// sum.in[1][k] <== maj.out[k];
// }
// for (k=0; k<64; k++) {
// out[k] <== sum.out[k];
// }
// }

+ 0
- 19
sha512/utils.go
View File

@ -1,19 +0,0 @@
package sha512
import ("math/big")
func newBigInt(s string) *big.Int {
result, success := new(big.Int).SetString(s, 16)
if !success {
panic("invalid bigint")
}
return result
}
func newBigIntBase10(s string) *big.Int {
result, success := new(big.Int).SetString(s, 10)
if !success {
panic("invalid bigint")
}
return result
}

+ 0
- 35
sha512/xor3.go
View File

@ -1,35 +0,0 @@
package sha512
import (
"github.com/consensys/gnark/frontend"
)
func Xor3_512(api frontend.API, a, b, c []frontend.Variable) ([]frontend.Variable) {
n := len(a)
if len(a) != n { panic("bad length") }
if len(b) != n { panic("bad length") }
if len(c) != n { panic("bad length") }
out := make([]frontend.Variable, n)
for k := 0; k < n; k++ {
mid := api.Mul(b[k], c[k])
p := api.Add(1, api.Mul(-2, b[k]), api.Mul(-2, c[k]), api.Mul(4, mid))
q := api.Mul(a[k], p)
out[k] = api.Add(q, b[k], c[k], api.Mul(-2, mid))
// TODO: try doing this instead:
// out[k] = api.Xor(a[k], api.Xor(b[k], c[k]))
}
return out
}
// template Xor3_512(n) {
// signal input a[n];
// signal input b[n];
// signal input c[n];
// signal output out[n];
// signal mid[n];
// for (var k=0; k<n; k++) {
// mid[k] <== b[k]*c[k];
// out[k] <== a[k] * (1 -2*b[k] -2*c[k] +4*mid[k]) + b[k] + c[k] -2*mid[k];
// }
// }

Write Preview
Loading…
Cancel
Save