arnaucube/go-iden3-crypto
1
0
Fork 0
mirror of https://github.com/arnaucube/go-iden3-crypto.git synced 2026-02-07 11:36:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12 from iden3/feature/optimizeposeidon

Browse Source 
Optimize Poseidon
This commit is contained in:
arnau
2019-12-22 20:40:00 +01:00
committed by GitHub
parent 8d5a7a7ccb c0c4ff2dd7
commit 937500b203
3 changed files with 78 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
babyjub/eddsa_test.go
View File

@@ -104,7 +104,7 @@ func TestSignVerifyPoseidon(t *testing.T) {
"15383486972088797283337779941324724402501462225528836549661220478783371668959", "15383486972088797283337779941324724402501462225528836549661220478783371668959",
sig.R8.Y.String()) sig.R8.Y.String())
assert.Equal(t, assert.Equal(t,
"248298168863866362217836334079793350221620631973732197668910946177382043688", "707916534780195227251279867700047344876009454172122484896943904789217159950",
sig.S.String()) sig.S.String())
ok := pk.VerifyPoseidon(msg, sig) ok := pk.VerifyPoseidon(msg, sig)
@@ -116,7 +116,7 @@ func TestSignVerifyPoseidon(t *testing.T) {
assert.Equal(t, ""+ assert.Equal(t, ""+
"dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+ "dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
"28506bce274aa1b3f7e7c2fd7e4fe09bff8f9aa37a42def7994e98f322888c00", "0e2b947dfc400d2e9c78b5b625fd36dee8dbcfddc9a0baa6514f59a6a3aa9001",
hex.EncodeToString(sigBuf[:])) hex.EncodeToString(sigBuf[:]))
ok = pk.VerifyPoseidon(msg, sig2) ok = pk.VerifyPoseidon(msg, sig2)

141
poseidon/poseidon.go
View File

@@ -6,8 +6,7 @@ import (
"math/big" "math/big"
"strconv" "strconv"
_constants "github.com/iden3/go-iden3-crypto/constants" "github.com/iden3/go-iden3-crypto/constants"
"github.com/iden3/go-iden3-crypto/field"
"github.com/iden3/go-iden3-crypto/utils" "github.com/iden3/go-iden3-crypto/utils"
"golang.org/x/crypto/blake2b" "golang.org/x/crypto/blake2b"
) )
@@ -17,23 +16,20 @@ const NROUNDSF = 8
const NROUNDSP = 57 const NROUNDSP = 57
const T = 6 const T = 6
var constants = generateConstantsData() var constC []*big.Int
var constM [T][T]*big.Int
type constantsData struct { func Zero() *big.Int {
fqR field.Fq return new(big.Int)
c []*big.Int
m [][]*big.Int
} }
func generateConstantsData() constantsData { func modQ(v *big.Int) {
var constants constantsData v.Mod(v, constants.Q)
}
fqR := field.NewFq(_constants.Q) func init() {
constants.fqR = fqR constC = getPseudoRandom(SEED+"_constants", NROUNDSF+NROUNDSP)
constants.c = getPseudoRandom(fqR, SEED+"_constants", NROUNDSF+NROUNDSP) constM = getMDS()
constants.m = getMDS(fqR)
return constants
} }
func leByteArrayToBigInt(b []byte) *big.Int { func leByteArrayToBigInt(b []byte) *big.Int {
@@ -45,14 +41,13 @@ func leByteArrayToBigInt(b []byte) *big.Int {
return res return res
} }
func getPseudoRandom(fqR field.Fq, seed string, n int) []*big.Int { func getPseudoRandom(seed string, n int) []*big.Int {
var res []*big.Int res := make([]*big.Int, n)
hash := blake2b.Sum256([]byte(seed)) hash := blake2b.Sum256([]byte(seed))
for len(res) < n { for i := 0; i < n; i++ {
hashBigInt := new(big.Int) hashBigInt := Zero()
newN := fqR.Affine(utils.SetBigIntFromLEBytes(hashBigInt, hash[:])) res[i] = utils.SetBigIntFromLEBytes(hashBigInt, hash[:])
// newN := fqR.Affine(leByteArrayToBigInt(hash[:])) modQ(res[i])
res = append(res, newN)
hash = blake2b.Sum256(hash[:]) hash = blake2b.Sum256(hash[:])
} }
return res return res
@@ -67,20 +62,20 @@ func nonceToString(n int) string {
} }
// https://eprint.iacr.org/2019/458.pdf pag.8 // https://eprint.iacr.org/2019/458.pdf pag.8
func getMDS(fqR field.Fq) [][]*big.Int { func getMDS() [T][T]*big.Int {
nonce := 0 nonce := 0
cauchyMatrix := getPseudoRandom(fqR, SEED+"_matrix_"+nonceToString(nonce), T*2) cauchyMatrix := getPseudoRandom(SEED+"_matrix_"+nonceToString(nonce), T*2)
for !checkAllDifferent(cauchyMatrix) { for !checkAllDifferent(cauchyMatrix) {
nonce += 1 nonce += 1
cauchyMatrix = getPseudoRandom(fqR, SEED+"_matrix_"+nonceToString(nonce), T*2) cauchyMatrix = getPseudoRandom(SEED+"_matrix_"+nonceToString(nonce), T*2)
} }
var m [][]*big.Int var m [T][T]*big.Int
for i := 0; i < T; i++ { for i := 0; i < T; i++ {
var mi []*big.Int // var mi []*big.Int
for j := 0; j < T; j++ { for j := 0; j < T; j++ {
mi = append(mi, fqR.Inverse(fqR.Sub(cauchyMatrix[i], cauchyMatrix[T+j]))) m[i][j] = new(big.Int).Sub(cauchyMatrix[i], cauchyMatrix[T+j])
m[i][j].ModInverse(m[i][j], constants.Q)
} }
m = append(m, mi)
} }
return m return m
} }
@@ -100,61 +95,64 @@ func checkAllDifferent(v []*big.Int) bool {
} }
// ark computes Add-Round Key, from the paper https://eprint.iacr.org/2019/458.pdf // ark computes Add-Round Key, from the paper https://eprint.iacr.org/2019/458.pdf
func ark(state []*big.Int, c *big.Int) []*big.Int { func ark(state [T]*big.Int, c *big.Int) {
for i := 0; i < T; i++ { for i := 0; i < T; i++ {
state[i] = constants.fqR.Add(state[i], c) modQ(state[i].Add(state[i], c))
} }
return state
} }
// cubic performs x^5 mod p // cubic performs x^5 mod p
// https://eprint.iacr.org/2019/458.pdf page 8 // https://eprint.iacr.org/2019/458.pdf page 8
func cubic(a *big.Int) *big.Int { var five = big.NewInt(5)
return constants.fqR.Mul(a, constants.fqR.Square(constants.fqR.Square(a)))
func cubic(a *big.Int) {
a.Exp(a, five, constants.Q)
} }
// sbox https://eprint.iacr.org/2019/458.pdf page 6 // sbox https://eprint.iacr.org/2019/458.pdf page 6
func sbox(state []*big.Int, i int) []*big.Int { func sbox(state [T]*big.Int, i int) {
if (i < NROUNDSF/2) || (i >= NROUNDSF/2+NROUNDSP) { if (i < NROUNDSF/2) || (i >= NROUNDSF/2+NROUNDSP) {
for j := 0; j < T; j++ { for j := 0; j < T; j++ {
state[j] = cubic(state[j]) cubic(state[j])
} }
} else { } else {
state[0] = cubic(state[0]) cubic(state[0])
} }
return state
} }
// mix returns [[matrix]] * [vector] // mix returns [[matrix]] * [vector]
func mix(state []*big.Int, m [][]*big.Int) []*big.Int { func mix(state [T]*big.Int, newState [T]*big.Int, m [T][T]*big.Int) {
var newState []*big.Int mul := Zero()
for i := 0; i < len(state); i++ { for i := 0; i < T; i++ {
newState = append(newState, constants.fqR.Zero()) newState[i].SetInt64(0)
for j := 0; j < len(state); j++ { for j := 0; j < T; j++ {
newState[i] = constants.fqR.Add(newState[i], constants.fqR.Mul(m[i][j], state[j])) modQ(mul.Mul(m[i][j], state[j]))
newState[i].Add(newState[i], mul)
} }
modQ(newState[i])
} }
return newState
} }
// PoseidonHash computes the Poseidon hash for the given inputs // PoseidonHash computes the Poseidon hash for the given inputs
func PoseidonHash(inp []*big.Int) (*big.Int, error) { func PoseidonHash(inp [T]*big.Int) (*big.Int, error) {
if len(inp) == 0 || len(inp) > T { if !utils.CheckBigIntArrayInField(inp[:], constants.Q) {
return nil, errors.New("wrong inputs length")
}
if !utils.CheckBigIntArrayInField(inp, constants.fqR.Q) {
return nil, errors.New("inputs values not inside Finite Field") return nil, errors.New("inputs values not inside Finite Field")
} }
state := inp state := [T]*big.Int{}
for i := len(inp); i < T; i++ { for i := 0; i < T; i++ {
state = append(state, constants.fqR.Zero()) state[i] = new(big.Int).Set(inp[i])
} }
// ARK --> SBox --> M, https://eprint.iacr.org/2019/458.pdf pag.5 // ARK --> SBox --> M, https://eprint.iacr.org/2019/458.pdf pag.5
var newState [T]*big.Int
for i := 0; i < T; i++ {
newState[i] = Zero()
}
for i := 0; i < NROUNDSF+NROUNDSP; i++ { for i := 0; i < NROUNDSF+NROUNDSP; i++ {
state = ark(state, constants.c[i]) ark(state, constC[i])
state = sbox(state, i) sbox(state, i)
state = mix(state, constants.m) mix(state, newState, constM)
state, newState = newState, state
} }
return state[0], nil return state[0], nil
} }
@@ -162,28 +160,31 @@ func PoseidonHash(inp []*big.Int) (*big.Int, error) {
// Hash performs the Poseidon hash over a *big.Int array // Hash performs the Poseidon hash over a *big.Int array
// in chunks of 5 elements // in chunks of 5 elements
func Hash(arr []*big.Int) (*big.Int, error) { func Hash(arr []*big.Int) (*big.Int, error) {
if !utils.CheckBigIntArrayInField(arr, constants.fqR.Q) { if !utils.CheckBigIntArrayInField(arr, constants.Q) {
return nil, errors.New("inputs values not inside Finite Field") return nil, errors.New("inputs values not inside Finite Field")
} }
r := constants.fqR.Zero() r := big.NewInt(1)
for i := 0; i < len(arr); i = i + T - 1 { for i := 0; i < len(arr); i = i + T - 1 {
var toHash [T]*big.Int var toHash [T]*big.Int
for j := 0; j < T-1; j++ { j := 0
if i+j < len(arr) { for ; j < T-1; j++ {
toHash[j] = arr[i+j] if i+j >= len(arr) {
} else { break
toHash[j] = _constants.Zero
} }
toHash[j] = arr[i+j]
} }
toHash[T-1] = r toHash[j] = r
ph, err := PoseidonHash(toHash[:]) j++
for ; j < T; j++ {
toHash[j] = constants.Zero
}
ph, err := PoseidonHash(toHash)
if err != nil { if err != nil {
return nil, err return nil, err
} }
r = constants.fqR.Add( modQ(r.Add(r, ph))
r,
ph)
} }
return r, nil return r, nil
@@ -195,12 +196,12 @@ func HashBytes(b []byte) (*big.Int, error) {
n := 31 n := 31
bElems := make([]*big.Int, 0, len(b)/n+1) bElems := make([]*big.Int, 0, len(b)/n+1)
for i := 0; i < len(b)/n; i++ { for i := 0; i < len(b)/n; i++ {
v := new(big.Int) v := Zero()
utils.SetBigIntFromLEBytes(v, b[n*i:n*(i+1)]) utils.SetBigIntFromLEBytes(v, b[n*i:n*(i+1)])
bElems = append(bElems, v) bElems = append(bElems, v)
} }
if len(b)%n != 0 { if len(b)%n != 0 {
v := new(big.Int) v := Zero()
utils.SetBigIntFromLEBytes(v, b[(len(b)/n)*n:]) utils.SetBigIntFromLEBytes(v, b[(len(b)/n)*n:])
bElems = append(bElems, v) bElems = append(bElems, v)
} }

10
poseidon/poseidon_test.go
View File

@@ -20,13 +20,13 @@ func TestPoseidon(t *testing.T) {
b2 := big.NewInt(int64(2)) b2 := big.NewInt(int64(2))
h, err := Hash([]*big.Int{b1, b2}) h, err := Hash([]*big.Int{b1, b2})
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, "12242166908188651009877250812424843524687801523336557272219921456462821518061", h.String()) assert.Equal(t, "4932297968297298434239270129193057052722409868268166443802652458940273154855", h.String())
b3 := big.NewInt(int64(3)) b3 := big.NewInt(int64(3))
b4 := big.NewInt(int64(4)) b4 := big.NewInt(int64(4))
h, err = Hash([]*big.Int{b3, b4}) h, err = Hash([]*big.Int{b3, b4})
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, "17185195740979599334254027721507328033796809509313949281114643312710535000993", h.String()) assert.Equal(t, "4635491972858758537477743930622086396911540895966845494943021655521913507504", h.String())
msg := []byte("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.") msg := []byte("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.")
n := 31 n := 31
@@ -43,7 +43,7 @@ func TestPoseidon(t *testing.T) {
} }
hmsg, err := Hash(msgElems) hmsg, err := Hash(msgElems)
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, "19204466598658860237115179437116112945222240370078952939676636700594938553268", hmsg.String()) assert.Equal(t, "16019700159595764790637132363672701294192939959594423814006267756172551741065", hmsg.String())
msg2 := []byte("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Lorem ipsum dolor sit amet.") msg2 := []byte("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Lorem ipsum dolor sit amet.")
msg2Elems := make([]*big.Int, 0, len(msg2)/n+1) msg2Elems := make([]*big.Int, 0, len(msg2)/n+1)
@@ -59,11 +59,11 @@ func TestPoseidon(t *testing.T) {
} }
hmsg2, err := Hash(msg2Elems) hmsg2, err := Hash(msg2Elems)
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, "11846976426841208067103690249139614816718727366915557488657094868020932500524", hmsg2.String()) assert.Equal(t, "2978613163687734485261639854325792381691890647104372645321246092227111432722", hmsg2.String())
hmsg2, err = HashBytes(msg2) hmsg2, err = HashBytes(msg2)
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, "11846976426841208067103690249139614816718727366915557488657094868020932500524", hmsg2.String()) assert.Equal(t, "2978613163687734485261639854325792381691890647104372645321246092227111432722", hmsg2.String())
} }
func TestPoseidonBrokenChunks(t *testing.T) { func TestPoseidonBrokenChunks(t *testing.T) {