Merge pull request #16 from iden3/feature/mimc7-goff

Feature/mimc7 goff
4 years ago · ee467c6215
5 changed files with 55 additions and 245 deletions
--- a/field/field.go
+++ b/field/field.go
@ -1,152 +0,0 @@
 // code originally taken from https://github.com/arnaucube/go-snark (https://github.com/arnaucube/go-snark/blob/master/fields/fq.go), pasted here to ensure compatibility among future changes

 package field

 import (
 	"bytes"
 	"crypto/rand"
 	"math/big"
 )

 // Fq is the Z field over modulus Q
 type Fq struct {
 	Q *big.Int // Q
 }

 // NewFq generates a new Fq
 func NewFq(q *big.Int) Fq {
 	return Fq{
 		q,
 	}
 }

 // Zero returns a Zero value on the Fq
 func (fq Fq) Zero() *big.Int {
 	return big.NewInt(int64(0))
 }

 // One returns a One value on the Fq
 func (fq Fq) One() *big.Int {
 	return big.NewInt(int64(1))
 }

 // Add performs an addition on the Fq
 func (fq Fq) Add(a, b *big.Int) *big.Int {
 	r := new(big.Int).Add(a, b)
 	return new(big.Int).Mod(r, fq.Q)
 }

 // Double performs a doubling on the Fq
 func (fq Fq) Double(a *big.Int) *big.Int {
 	r := new(big.Int).Add(a, a)
 	return new(big.Int).Mod(r, fq.Q)
 }

 // Sub performs a subtraction on the Fq
 func (fq Fq) Sub(a, b *big.Int) *big.Int {
 	r := new(big.Int).Sub(a, b)
 	return new(big.Int).Mod(r, fq.Q)
 }

 // Neg performs a negation on the Fq
 func (fq Fq) Neg(a *big.Int) *big.Int {
 	m := new(big.Int).Neg(a)
 	return new(big.Int).Mod(m, fq.Q)
 }

 // Mul performs a multiplication on the Fq
 func (fq Fq) Mul(a, b *big.Int) *big.Int {
 	m := new(big.Int).Mul(a, b)
 	return new(big.Int).Mod(m, fq.Q)
 }

 func (fq Fq) MulScalar(base, e *big.Int) *big.Int {
 	return fq.Mul(base, e)
 }

 // Inverse returns the inverse on the Fq
 func (fq Fq) Inverse(a *big.Int) *big.Int {
 	return new(big.Int).ModInverse(a, fq.Q)
 }

 // Div performs the division over the finite field
 func (fq Fq) Div(a, b *big.Int) *big.Int {
 	d := fq.Mul(a, fq.Inverse(b))
 	return new(big.Int).Mod(d, fq.Q)
 }

 // Square performs a square operation on the Fq
 func (fq Fq) Square(a *big.Int) *big.Int {
 	m := new(big.Int).Mul(a, a)
 	return new(big.Int).Mod(m, fq.Q)
 }

 // Exp performs the exponential over Fq
 func (fq Fq) Exp(base *big.Int, e *big.Int) *big.Int {
 	res := fq.One()
 	rem := fq.Copy(e)
 	exp := base

 	for !bytes.Equal(rem.Bytes(), big.NewInt(int64(0)).Bytes()) {
 		if BigIsOdd(rem) {
 			res = fq.Mul(res, exp)
 		}
 		exp = fq.Square(exp)
 		rem = new(big.Int).Rsh(rem, 1)
 	}
 	return res
 }

 func (fq Fq) Rand() (*big.Int, error) {

 	maxbits := fq.Q.BitLen()
 	b := make([]byte, (maxbits/8)-1)
 	_, err := rand.Read(b)
 	if err != nil {
 		return nil, err
 	}
 	r := new(big.Int).SetBytes(b)
 	rq := new(big.Int).Mod(r, fq.Q)

 	// r over q, nil
 	return rq, nil
 }

 func (fq Fq) IsZero(a *big.Int) bool {
 	return bytes.Equal(a.Bytes(), fq.Zero().Bytes())
 }

 func (fq Fq) Copy(a *big.Int) *big.Int {
 	return new(big.Int).SetBytes(a.Bytes())
 }

 func (fq Fq) Affine(a *big.Int) *big.Int {
 	nq := fq.Neg(fq.Q)

 	aux := a
 	if aux.Cmp(big.NewInt(int64(0))) == -1 { // negative value
 		if aux.Cmp(nq) != 1 { // aux less or equal nq
 			aux = new(big.Int).Mod(aux, fq.Q)
 		}
 		if aux.Cmp(big.NewInt(int64(0))) == -1 { // negative value
 			aux = new(big.Int).Add(aux, fq.Q)
 		}
 	} else {
 		if aux.Cmp(fq.Q) != -1 { // aux greater or equal nq
 			aux = new(big.Int).Mod(aux, fq.Q)
 		}
 	}
 	return aux
 }

 func (fq Fq) Equal(a, b *big.Int) bool {
 	aAff := fq.Affine(a)
 	bAff := fq.Affine(b)
 	return bytes.Equal(aAff.Bytes(), bAff.Bytes())
 }

 func BigIsOdd(n *big.Int) bool {
 	one := big.NewInt(int64(1))
 	and := new(big.Int).And(n, one)
 	return bytes.Equal(and.Bytes(), big.NewInt(int64(1)).Bytes())
 }
--- a/field/field_test.go
+++ b/field/field_test.go
@ -1,39 +0,0 @@
 // code originally taken from https://github.com/arnaucube/go-snark (https://github.com/arnaucube/go-snark/blob/master/fields/fq.go), pasted here to ensure compatibility among future changes

 package field

 import (
 	"math/big"
 	"testing"

 	"github.com/stretchr/testify/assert"
 )

 func iToBig(a int) *big.Int {
 	return big.NewInt(int64(a))
 }

 func TestFq1(t *testing.T) {
 	fq1 := NewFq(iToBig(7))

 	res := fq1.Add(iToBig(4), iToBig(4))
 	assert.Equal(t, iToBig(1), fq1.Affine(res))

 	res = fq1.Double(iToBig(5))
 	assert.Equal(t, iToBig(3), fq1.Affine(res))

 	res = fq1.Sub(iToBig(5), iToBig(7))
 	assert.Equal(t, iToBig(5), fq1.Affine(res))

 	res = fq1.Neg(iToBig(5))
 	assert.Equal(t, iToBig(2), fq1.Affine(res))

 	res = fq1.Mul(iToBig(5), iToBig(11))
 	assert.Equal(t, iToBig(6), fq1.Affine(res))

 	res = fq1.Inverse(iToBig(4))
 	assert.Equal(t, iToBig(2), res)

 	res = fq1.Square(iToBig(5))
 	assert.Equal(t, iToBig(4), res)
 }
--- a/mimc7/mimc7.go
+++ b/mimc7/mimc7.go
@ -6,7 +6,7 @@ import (

 	"github.com/ethereum/go-ethereum/crypto"
 	_constants "github.com/iden3/go-iden3-crypto/constants"
 	"github.com/iden3/go-iden3-crypto/field"
 	"github.com/iden3/go-iden3-crypto/ff"
 	"github.com/iden3/go-iden3-crypto/utils"
 )

@ -15,73 +15,72 @@ const SEED = "mimc"
 var constants = generateConstantsData()

 type constantsData struct {
 	maxFieldVal *big.Int
 	seedHash    *big.Int
 	iv          *big.Int
 	fqR         field.Fq
 	nRounds     int
 	cts         []*big.Int
 	seedHash *big.Int
 	iv       *big.Int
 	nRounds  int
 	cts      []*ff.Element
 }

 func generateConstantsData() constantsData {
 	var constants constantsData

 	fqR := field.NewFq(_constants.Q)
 	constants.fqR = fqR

 	// maxFieldVal is the R value of the Finite Field
 	constants.maxFieldVal = constants.fqR.Q

 	constants.seedHash = new(big.Int).SetBytes(crypto.Keccak256([]byte(SEED)))
 	c := new(big.Int).SetBytes(crypto.Keccak256([]byte(SEED + "_iv")))
 	constants.iv = new(big.Int).Mod(c, constants.maxFieldVal)
 	constants.iv = new(big.Int).Mod(c, _constants.Q)

 	constants.nRounds = 91
 	cts := getConstants(constants.fqR, SEED, constants.nRounds)
 	cts := getConstants(SEED, constants.nRounds)
 	constants.cts = cts
 	return constants
 }

 func getConstants(fqR field.Fq, seed string, nRounds int) []*big.Int {
 	cts := make([]*big.Int, nRounds)
 	cts[0] = big.NewInt(int64(0))
 func getConstants(seed string, nRounds int) []*ff.Element {
 	cts := make([]*ff.Element, nRounds)
 	cts[0] = ff.NewElement()
 	c := new(big.Int).SetBytes(crypto.Keccak256([]byte(SEED)))
 	for i := 1; i < nRounds; i++ {
 		c = new(big.Int).SetBytes(crypto.Keccak256(c.Bytes()))

 		n := fqR.Affine(c)
 		cts[i] = n
 		n := new(big.Int).Mod(c, _constants.Q)
 		cts[i] = ff.NewElement().SetBigInt(n)
 	}
 	return cts
 }

 // MIMC7HashGeneric performs the MIMC7 hash over a *big.Int, in a generic way, where it can be specified the Finite Field over R, and the number of rounds
 func MIMC7HashGeneric(fqR field.Fq, xIn, k *big.Int, nRounds int) *big.Int {
 	cts := getConstants(fqR, SEED, nRounds)
 	var r *big.Int
 func MIMC7HashGeneric(xInBI, kBI *big.Int, nRounds int) *big.Int {
 	xIn := ff.NewElement().SetBigInt(xInBI)
 	k := ff.NewElement().SetBigInt(kBI)

 	cts := getConstants(SEED, nRounds)
 	var r *ff.Element
 	for i := 0; i < nRounds; i++ {
 		var t *big.Int
 		var t *ff.Element
 		if i == 0 {
 			t = fqR.Add(xIn, k)
 			t = ff.NewElement().Add(xIn, k)
 		} else {
 			t = fqR.Add(fqR.Add(r, k), cts[i])
 			t = ff.NewElement().Add(ff.NewElement().Add(r, k), cts[i])
 		}
 		t2 := fqR.Square(t)
 		t4 := fqR.Square(t2)
 		r = fqR.Mul(fqR.Mul(t4, t2), t)
 		t2 := ff.NewElement().Square(t)
 		t4 := ff.NewElement().Square(t2)
 		r = ff.NewElement().Mul(ff.NewElement().Mul(t4, t2), t)
 	}
 	return fqR.Affine(fqR.Add(r, k))
 	rE := ff.NewElement().Add(r, k)

 	res := big.NewInt(0)
 	rE.ToBigIntRegular(res)
 	return res
 }

 // HashGeneric performs the MIMC7 hash over a *big.Int array, in a generic way, where it can be specified the Finite Field over R, and the number of rounds
 func HashGeneric(iv *big.Int, arr []*big.Int, fqR field.Fq, nRounds int) (*big.Int, error) {
 func HashGeneric(iv *big.Int, arr []*big.Int, nRounds int) (*big.Int, error) {
 	if !utils.CheckBigIntArrayInField(arr) {
 		return nil, errors.New("inputs values not inside Finite Field")
 	}
 	r := iv
 	var err error
 	for i := 0; i < len(arr); i++ {
 		r = MIMC7HashGeneric(fqR, r, arr[i], nRounds)
 		r = MIMC7HashGeneric(r, arr[i], nRounds)
 		if err != nil {
 			return r, err
 		}
@ -90,20 +89,27 @@ func HashGeneric(iv *big.Int, arr []*big.Int, fqR field.Fq, nRounds int) (*big.I
 }

 // MIMC7Hash performs the MIMC7 hash over a *big.Int, using the Finite Field over R and the number of rounds setted in the `constants` variable
 func MIMC7Hash(xIn, k *big.Int) *big.Int {
 	var r *big.Int
 func MIMC7Hash(xInBI, kBI *big.Int) *big.Int {
 	xIn := ff.NewElement().SetBigInt(xInBI)
 	k := ff.NewElement().SetBigInt(kBI)

 	var r *ff.Element
 	for i := 0; i < constants.nRounds; i++ {
 		var t *big.Int
 		var t *ff.Element
 		if i == 0 {
 			t = constants.fqR.Add(xIn, k)
 			t = ff.NewElement().Add(xIn, k)
 		} else {
 			t = constants.fqR.Add(constants.fqR.Add(r, k), constants.cts[i])
 			t = ff.NewElement().Add(ff.NewElement().Add(r, k), constants.cts[i])
 		}
 		t2 := constants.fqR.Square(t)
 		t4 := constants.fqR.Square(t2)
 		r = constants.fqR.Mul(constants.fqR.Mul(t4, t2), t)
 		t2 := ff.NewElement().Square(t)
 		t4 := ff.NewElement().Square(t2)
 		r = ff.NewElement().Mul(ff.NewElement().Mul(t4, t2), t)
 	}
 	return constants.fqR.Affine(constants.fqR.Add(r, k))
 	rE := ff.NewElement().Add(r, k)

 	res := big.NewInt(0)
 	rE.ToBigIntRegular(res)
 	return res
 }

 // Hash performs the MIMC7 hash over a *big.Int array
@ -113,17 +119,18 @@ func Hash(arr []*big.Int, key *big.Int) (*big.Int, error) {
 	}
 	var r *big.Int
 	if key == nil {
 		r = constants.fqR.Zero()
 		r = big.NewInt(0)
 	} else {
 		r = key
 	}
 	for i := 0; i < len(arr); i++ {
 		r = constants.fqR.Add(
 			constants.fqR.Add(
 		r = new(big.Int).Add(
 			new(big.Int).Add(
 				r,
 				arr[i],
 			),
 			MIMC7Hash(arr[i], r))
 		r = new(big.Int).Mod(r, _constants.Q)
 	}
 	return r, nil
 }
--- a/mimc7/mimc7_test.go
+++ b/mimc7/mimc7_test.go
@ -6,7 +6,6 @@ import (
 	"testing"

 	"github.com/ethereum/go-ethereum/crypto"
 	"github.com/iden3/go-iden3-crypto/field"
 	"github.com/stretchr/testify/assert"
 )

@ -22,16 +21,12 @@ func TestMIMC7Generic(t *testing.T) {
 	b2 := big.NewInt(int64(2))
 	b3 := big.NewInt(int64(3))

 	r, ok := new(big.Int).SetString("21888242871839275222246405745257275088548364400416034343698204186575808495617", 10)
 	assert.True(t, ok)
 	fqR := field.NewFq(r)

 	bigArray := []*big.Int{b1, b2, b3}

 	// Generic Hash
 	mhg := MIMC7HashGeneric(fqR, b1, b2, 91)
 	mhg := MIMC7HashGeneric(b1, b2, 91)
 	assert.Equal(t, "10594780656576967754230020536574539122676596303354946869887184401991294982664", mhg.String())
 	hg, err := HashGeneric(fqR.Zero(), bigArray, fqR, 91)
 	hg, err := HashGeneric(big.NewInt(0), bigArray, 91)
 	assert.Nil(t, err)
 	assert.Equal(t, "6464402164086696096195815557694604139393321133243036833927490113253119343397", (*big.Int)(hg).String())
 }
--- a/poseidon/poseidon.go
+++ b/poseidon/poseidon.go
@ -20,7 +20,7 @@ var constC []*ff.Element
 var constM [T][T]*ff.Element

 func Zero() *ff.Element {
 	return ff.NewElement().SetZero()
 	return ff.NewElement()
 }

 func modQ(v *big.Int) {
@ -71,7 +71,7 @@ func getMDS() [T][T]*ff.Element {

 func checkAllDifferent(v []*ff.Element) bool {
 	for i := 0; i < len(v); i++ {
 		if v[i].Equal(ff.NewElement().SetZero()) {
 		if v[i].Equal(ff.NewElement()) {
 			return false
 		}
 		for j := i + 1; j < len(v); j++ {
@ -92,7 +92,6 @@ func ark(state [T]*ff.Element, c *ff.Element) {

 // cubic performs x^5 mod p
 // https://eprint.iacr.org/2019/458.pdf page 8
 // var five = big.NewInt(5)

 func cubic(a *ff.Element) {
 	a.Exp(*a, 5)