From c95c95b7b161297df2940bd4eb19e36f43e4a07e Mon Sep 17 00:00:00 2001 From: arnaucube Date: Fri, 30 Aug 2019 18:36:41 +0200 Subject: [PATCH] add Poseidon multihash ([]*big.Int), add HashBytes for MiMC7 & Poseidon --- mimc7/mimc7.go | 18 +++++++++++ mimc7/mimc7_test.go | 5 +++ poseidon/poseidon.go | 67 +++++++++++++++++++++++++++++++-------- poseidon/poseidon_test.go | 38 ++++++++++++++++++++++ 4 files changed, 115 insertions(+), 13 deletions(-) diff --git a/mimc7/mimc7.go b/mimc7/mimc7.go index 6ee158a..f2b618f 100644 --- a/mimc7/mimc7.go +++ b/mimc7/mimc7.go @@ -127,3 +127,21 @@ func Hash(arr []*big.Int, key *big.Int) (*big.Int, error) { } return r, nil } + +// HashBytes hashes a msg byte slice by blocks of 31 bytes encoded as +// little-endian +func HashBytes(b []byte) (*big.Int, error) { + n := 31 + bElems := make([]*big.Int, 0, len(b)/n+1) + for i := 0; i < len(b)/n; i++ { + v := new(big.Int) + utils.SetBigIntFromLEBytes(v, b[n*i:n*(i+1)]) + bElems = append(bElems, v) + } + if len(b)%n != 0 { + v := new(big.Int) + utils.SetBigIntFromLEBytes(v, b[(len(b)/n)*n:]) + bElems = append(bElems, v) + } + return Hash(bElems, nil) +} diff --git a/mimc7/mimc7_test.go b/mimc7/mimc7_test.go index a5ee769..4f0a4ef 100644 --- a/mimc7/mimc7_test.go +++ b/mimc7/mimc7_test.go @@ -77,6 +77,11 @@ func TestMIMC7(t *testing.T) { assert.Nil(t, err) // same hash value than the iden3js and circomlib tests: assert.Equal(t, "0x"+hex.EncodeToString((*big.Int)(h4).Bytes()), "0x284bc1f34f335933a23a433b6ff3ee179d682cd5e5e2fcdd2d964afa85104beb") + + msg := []byte("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.") + hmsg, err := HashBytes(msg) + assert.Nil(t, err) + assert.Equal(t, "16855787120419064316734350414336285711017110414939748784029922801367685456065", hmsg.String()) } func BenchmarkMIMC7(b *testing.B) { diff --git a/poseidon/poseidon.go b/poseidon/poseidon.go index 730479e..6cc4568 100644 --- a/poseidon/poseidon.go +++ b/poseidon/poseidon.go @@ -107,12 +107,13 @@ func ark(state []*big.Int, c *big.Int) []*big.Int { return state } -// cubic performs x^3 mod p +// cubic performs x^5 mod p +// https://eprint.iacr.org/2019/458.pdf page 8 func cubic(a *big.Int) *big.Int { return constants.fqR.Mul(a, constants.fqR.Square(constants.fqR.Square(a))) } -// sbox https://eprint.iacr.org/2019/458.pdf pag.6 +// sbox https://eprint.iacr.org/2019/458.pdf page 6 func sbox(state []*big.Int, i int) []*big.Int { if (i < NROUNDSF/2) || (i >= NROUNDSF/2+NROUNDSP) { for j := 0; j < T; j++ { @@ -133,25 +134,18 @@ func mix(state []*big.Int, m [][]*big.Int) []*big.Int { newState[i] = constants.fqR.Add(newState[i], constants.fqR.Mul(m[i][j], state[j])) } } - for i := 0; i < len(state); i++ { - state[i] = newState[i] - } - return state + return newState } -// Hash computes the Poseidon hash for the given inputs -func Hash(inp []*big.Int) (*big.Int, error) { - var state []*big.Int +// PoseidonHash computes the Poseidon hash for the given inputs +func PoseidonHash(inp []*big.Int) (*big.Int, error) { if len(inp) == 0 || len(inp) > T { return nil, errors.New("wrong inputs length") } if !utils.CheckBigIntArrayInField(inp, constants.fqR.Q) { return nil, errors.New("inputs values not inside Finite Field") } - - for i := 0; i < len(inp); i++ { - state = append(state, inp[i]) - } + state := inp for i := len(inp); i < T; i++ { state = append(state, constants.fqR.Zero()) } @@ -164,3 +158,50 @@ func Hash(inp []*big.Int) (*big.Int, error) { } return state[0], nil } + +// Hash performs the Poseidon hash over a *big.Int array +// in chunks of 5 elements +func Hash(arr []*big.Int) (*big.Int, error) { + if !utils.CheckBigIntArrayInField(arr, constants.fqR.Q) { + return nil, errors.New("inputs values not inside Finite Field") + } + + r := constants.fqR.Zero() + for i := 0; i < len(arr); i = i + 5 { + var fiveElems []*big.Int + for j := 0; j < 5; j++ { + if i+j < len(arr) { + fiveElems = append(fiveElems, arr[i+j]) + } else { + fiveElems = append(fiveElems, big.NewInt(int64(0))) + } + } + ph, err := PoseidonHash(fiveElems) + if err != nil { + return nil, err + } + r = constants.fqR.Add( + r, + ph) + } + + return r, nil +} + +// HashBytes hashes a msg byte slice by blocks of 31 bytes encoded as +// little-endian +func HashBytes(b []byte) (*big.Int, error) { + n := 31 + bElems := make([]*big.Int, 0, len(b)/n+1) + for i := 0; i < len(b)/n; i++ { + v := new(big.Int) + utils.SetBigIntFromLEBytes(v, b[n*i:n*(i+1)]) + bElems = append(bElems, v) + } + if len(b)%n != 0 { + v := new(big.Int) + utils.SetBigIntFromLEBytes(v, b[(len(b)/n)*n:]) + bElems = append(bElems, v) + } + return Hash(bElems) +} diff --git a/poseidon/poseidon_test.go b/poseidon/poseidon_test.go index 506ba73..c4e8581 100644 --- a/poseidon/poseidon_test.go +++ b/poseidon/poseidon_test.go @@ -5,6 +5,7 @@ import ( "math/big" "testing" + "github.com/iden3/go-iden3-crypto/utils" "github.com/stretchr/testify/assert" "golang.org/x/crypto/blake2b" ) @@ -26,4 +27,41 @@ func TestPoseidon(t *testing.T) { h, err = Hash([]*big.Int{b3, b4}) assert.Nil(t, err) assert.Equal(t, "17185195740979599334254027721507328033796809509313949281114643312710535000993", h.String()) + + msg := []byte("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.") + n := 31 + msgElems := make([]*big.Int, 0, len(msg)/n+1) + for i := 0; i < len(msg)/n; i++ { + v := new(big.Int) + utils.SetBigIntFromLEBytes(v, msg[n*i:n*(i+1)]) + msgElems = append(msgElems, v) + } + if len(msg)%n != 0 { + v := new(big.Int) + utils.SetBigIntFromLEBytes(v, msg[(len(msg)/n)*n:]) + msgElems = append(msgElems, v) + } + hmsg, err := Hash(msgElems) + assert.Nil(t, err) + assert.Equal(t, "11821124228916291136371255062457365369197326845706357273715164664419275913793", hmsg.String()) + + msg2 := []byte("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Lorem ipsum dolor sit amet.") + msg2Elems := make([]*big.Int, 0, len(msg2)/n+1) + for i := 0; i < len(msg2)/n; i++ { + v := new(big.Int) + utils.SetBigIntFromLEBytes(v, msg2[n*i:n*(i+1)]) + msg2Elems = append(msg2Elems, v) + } + if len(msg2)%n != 0 { + v := new(big.Int) + utils.SetBigIntFromLEBytes(v, msg2[(len(msg2)/n)*n:]) + msg2Elems = append(msg2Elems, v) + } + hmsg2, err := Hash(msg2Elems) + assert.Nil(t, err) + assert.Equal(t, "10747013384255785702102976082726575658403084163954725275481577373644732938016", hmsg2.String()) + + hmsg2, err = HashBytes(msg2) + assert.Nil(t, err) + assert.Equal(t, "10747013384255785702102976082726575658403084163954725275481577373644732938016", hmsg2.String()) }