arnaucube
/
go-iden3-crypto
mirror of https://github.com/arnaucube/go-iden3-crypto.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #16 from iden3/feature/mimc7-goff 

Feature/mimc7 goff
feature/bbjj-goff v0.0.3
Eduard S 4 years ago
committed by GitHub
parent
e8be761ec7 4750e9c83c
commit
ee467c6215
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 55 additions and 245 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +0
    -152
      field/field.go
  2. +0
    -39
      field/field_test.go
  3. +51
    -44
      mimc7/mimc7.go
  4. +2
    -7
      mimc7/mimc7_test.go
  5. +2
    -3
      poseidon/poseidon.go

+ 0
- 152
field/field.go
View File

@ -1,152 +0,0 @@
// code originally taken from https://github.com/arnaucube/go-snark (https://github.com/arnaucube/go-snark/blob/master/fields/fq.go), pasted here to ensure compatibility among future changes
package field
import (
"bytes"
"crypto/rand"
"math/big"
)
// Fq is the Z field over modulus Q
type Fq struct {
Q *big.Int // Q
}
// NewFq generates a new Fq
func NewFq(q *big.Int) Fq {
return Fq{
q,
}
}
// Zero returns a Zero value on the Fq
func (fq Fq) Zero() *big.Int {
return big.NewInt(int64(0))
}
// One returns a One value on the Fq
func (fq Fq) One() *big.Int {
return big.NewInt(int64(1))
}
// Add performs an addition on the Fq
func (fq Fq) Add(a, b *big.Int) *big.Int {
r := new(big.Int).Add(a, b)
return new(big.Int).Mod(r, fq.Q)
}
// Double performs a doubling on the Fq
func (fq Fq) Double(a *big.Int) *big.Int {
r := new(big.Int).Add(a, a)
return new(big.Int).Mod(r, fq.Q)
}
// Sub performs a subtraction on the Fq
func (fq Fq) Sub(a, b *big.Int) *big.Int {
r := new(big.Int).Sub(a, b)
return new(big.Int).Mod(r, fq.Q)
}
// Neg performs a negation on the Fq
func (fq Fq) Neg(a *big.Int) *big.Int {
m := new(big.Int).Neg(a)
return new(big.Int).Mod(m, fq.Q)
}
// Mul performs a multiplication on the Fq
func (fq Fq) Mul(a, b *big.Int) *big.Int {
m := new(big.Int).Mul(a, b)
return new(big.Int).Mod(m, fq.Q)
}
func (fq Fq) MulScalar(base, e *big.Int) *big.Int {
return fq.Mul(base, e)
}
// Inverse returns the inverse on the Fq
func (fq Fq) Inverse(a *big.Int) *big.Int {
return new(big.Int).ModInverse(a, fq.Q)
}
// Div performs the division over the finite field
func (fq Fq) Div(a, b *big.Int) *big.Int {
d := fq.Mul(a, fq.Inverse(b))
return new(big.Int).Mod(d, fq.Q)
}
// Square performs a square operation on the Fq
func (fq Fq) Square(a *big.Int) *big.Int {
m := new(big.Int).Mul(a, a)
return new(big.Int).Mod(m, fq.Q)
}
// Exp performs the exponential over Fq
func (fq Fq) Exp(base *big.Int, e *big.Int) *big.Int {
res := fq.One()
rem := fq.Copy(e)
exp := base
for !bytes.Equal(rem.Bytes(), big.NewInt(int64(0)).Bytes()) {
if BigIsOdd(rem) {
res = fq.Mul(res, exp)
}
exp = fq.Square(exp)
rem = new(big.Int).Rsh(rem, 1)
}
return res
}
func (fq Fq) Rand() (*big.Int, error) {
maxbits := fq.Q.BitLen()
b := make([]byte, (maxbits/8)-1)
_, err := rand.Read(b)
if err != nil {
return nil, err
}
r := new(big.Int).SetBytes(b)
rq := new(big.Int).Mod(r, fq.Q)
// r over q, nil
return rq, nil
}
func (fq Fq) IsZero(a *big.Int) bool {
return bytes.Equal(a.Bytes(), fq.Zero().Bytes())
}
func (fq Fq) Copy(a *big.Int) *big.Int {
return new(big.Int).SetBytes(a.Bytes())
}
func (fq Fq) Affine(a *big.Int) *big.Int {
nq := fq.Neg(fq.Q)
aux := a
if aux.Cmp(big.NewInt(int64(0))) == -1 { // negative value
if aux.Cmp(nq) != 1 { // aux less or equal nq
aux = new(big.Int).Mod(aux, fq.Q)
}
if aux.Cmp(big.NewInt(int64(0))) == -1 { // negative value
aux = new(big.Int).Add(aux, fq.Q)
}
} else {
if aux.Cmp(fq.Q) != -1 { // aux greater or equal nq
aux = new(big.Int).Mod(aux, fq.Q)
}
}
return aux
}
func (fq Fq) Equal(a, b *big.Int) bool {
aAff := fq.Affine(a)
bAff := fq.Affine(b)
return bytes.Equal(aAff.Bytes(), bAff.Bytes())
}
func BigIsOdd(n *big.Int) bool {
one := big.NewInt(int64(1))
and := new(big.Int).And(n, one)
return bytes.Equal(and.Bytes(), big.NewInt(int64(1)).Bytes())
}

+ 0
- 39
field/field_test.go
View File

@ -1,39 +0,0 @@
// code originally taken from https://github.com/arnaucube/go-snark (https://github.com/arnaucube/go-snark/blob/master/fields/fq.go), pasted here to ensure compatibility among future changes
package field
import (
"math/big"
"testing"
"github.com/stretchr/testify/assert"
)
func iToBig(a int) *big.Int {
return big.NewInt(int64(a))
}
func TestFq1(t *testing.T) {
fq1 := NewFq(iToBig(7))
res := fq1.Add(iToBig(4), iToBig(4))
assert.Equal(t, iToBig(1), fq1.Affine(res))
res = fq1.Double(iToBig(5))
assert.Equal(t, iToBig(3), fq1.Affine(res))
res = fq1.Sub(iToBig(5), iToBig(7))
assert.Equal(t, iToBig(5), fq1.Affine(res))
res = fq1.Neg(iToBig(5))
assert.Equal(t, iToBig(2), fq1.Affine(res))
res = fq1.Mul(iToBig(5), iToBig(11))
assert.Equal(t, iToBig(6), fq1.Affine(res))
res = fq1.Inverse(iToBig(4))
assert.Equal(t, iToBig(2), res)
res = fq1.Square(iToBig(5))
assert.Equal(t, iToBig(4), res)
}

+ 51
- 44
mimc7/mimc7.go
View File

@ -6,7 +6,7 @@ import (
"github.com/ethereum/go-ethereum/crypto" "github.com/ethereum/go-ethereum/crypto"
_constants "github.com/iden3/go-iden3-crypto/constants" _constants "github.com/iden3/go-iden3-crypto/constants"
"github.com/iden3/go-iden3-crypto/field"
"github.com/iden3/go-iden3-crypto/ff"
"github.com/iden3/go-iden3-crypto/utils" "github.com/iden3/go-iden3-crypto/utils"
) )
@ -15,73 +15,72 @@ const SEED = "mimc"
var constants = generateConstantsData() var constants = generateConstantsData()
type constantsData struct { type constantsData struct {
maxFieldVal *big.Int
seedHash *big.Int
iv *big.Int
fqR field.Fq
nRounds int
cts []*big.Int
seedHash *big.Int
iv *big.Int
nRounds int
cts []*ff.Element
} }
func generateConstantsData() constantsData { func generateConstantsData() constantsData {
var constants constantsData var constants constantsData
fqR := field.NewFq(_constants.Q)
constants.fqR = fqR
// maxFieldVal is the R value of the Finite Field
constants.maxFieldVal = constants.fqR.Q
constants.seedHash = new(big.Int).SetBytes(crypto.Keccak256([]byte(SEED))) constants.seedHash = new(big.Int).SetBytes(crypto.Keccak256([]byte(SEED)))
c := new(big.Int).SetBytes(crypto.Keccak256([]byte(SEED + "_iv"))) c := new(big.Int).SetBytes(crypto.Keccak256([]byte(SEED + "_iv")))
constants.iv = new(big.Int).Mod(c, constants.maxFieldVal)
constants.iv = new(big.Int).Mod(c, _constants.Q)
constants.nRounds = 91 constants.nRounds = 91
cts := getConstants(constants.fqR, SEED, constants.nRounds)
cts := getConstants(SEED, constants.nRounds)
constants.cts = cts constants.cts = cts
return constants return constants
} }
func getConstants(fqR field.Fq, seed string, nRounds int) []*big.Int {
cts := make([]*big.Int, nRounds)
cts[0] = big.NewInt(int64(0))
func getConstants(seed string, nRounds int) []*ff.Element {
cts := make([]*ff.Element, nRounds)
cts[0] = ff.NewElement()
c := new(big.Int).SetBytes(crypto.Keccak256([]byte(SEED))) c := new(big.Int).SetBytes(crypto.Keccak256([]byte(SEED)))
for i := 1; i < nRounds; i++ { for i := 1; i < nRounds; i++ {
c = new(big.Int).SetBytes(crypto.Keccak256(c.Bytes())) c = new(big.Int).SetBytes(crypto.Keccak256(c.Bytes()))
n := fqR.Affine(c)
cts[i] = n
n := new(big.Int).Mod(c, _constants.Q)
cts[i] = ff.NewElement().SetBigInt(n)
} }
return cts return cts
} }
// MIMC7HashGeneric performs the MIMC7 hash over a *big.Int, in a generic way, where it can be specified the Finite Field over R, and the number of rounds // MIMC7HashGeneric performs the MIMC7 hash over a *big.Int, in a generic way, where it can be specified the Finite Field over R, and the number of rounds
func MIMC7HashGeneric(fqR field.Fq, xIn, k *big.Int, nRounds int) *big.Int {
cts := getConstants(fqR, SEED, nRounds)
var r *big.Int
func MIMC7HashGeneric(xInBI, kBI *big.Int, nRounds int) *big.Int {
xIn := ff.NewElement().SetBigInt(xInBI)
k := ff.NewElement().SetBigInt(kBI)
cts := getConstants(SEED, nRounds)
var r *ff.Element
for i := 0; i < nRounds; i++ { for i := 0; i < nRounds; i++ {
var t *big.Int
var t *ff.Element
if i == 0 { if i == 0 {
t = fqR.Add(xIn, k)
t = ff.NewElement().Add(xIn, k)
} else { } else {
t = fqR.Add(fqR.Add(r, k), cts[i])
t = ff.NewElement().Add(ff.NewElement().Add(r, k), cts[i])
} }
t2 := fqR.Square(t)
t4 := fqR.Square(t2)
r = fqR.Mul(fqR.Mul(t4, t2), t)
t2 := ff.NewElement().Square(t)
t4 := ff.NewElement().Square(t2)
r = ff.NewElement().Mul(ff.NewElement().Mul(t4, t2), t)
} }
return fqR.Affine(fqR.Add(r, k))
rE := ff.NewElement().Add(r, k)
res := big.NewInt(0)
rE.ToBigIntRegular(res)
return res
} }
// HashGeneric performs the MIMC7 hash over a *big.Int array, in a generic way, where it can be specified the Finite Field over R, and the number of rounds // HashGeneric performs the MIMC7 hash over a *big.Int array, in a generic way, where it can be specified the Finite Field over R, and the number of rounds
func HashGeneric(iv *big.Int, arr []*big.Int, fqR field.Fq, nRounds int) (*big.Int, error) {
func HashGeneric(iv *big.Int, arr []*big.Int, nRounds int) (*big.Int, error) {
if !utils.CheckBigIntArrayInField(arr) { if !utils.CheckBigIntArrayInField(arr) {
return nil, errors.New("inputs values not inside Finite Field") return nil, errors.New("inputs values not inside Finite Field")
} }
r := iv r := iv
var err error var err error
for i := 0; i < len(arr); i++ { for i := 0; i < len(arr); i++ {
r = MIMC7HashGeneric(fqR, r, arr[i], nRounds)
r = MIMC7HashGeneric(r, arr[i], nRounds)
if err != nil { if err != nil {
return r, err return r, err
} }
@ -90,20 +89,27 @@ func HashGeneric(iv *big.Int, arr []*big.Int, fqR field.Fq, nRounds int) (*big.I
} }
// MIMC7Hash performs the MIMC7 hash over a *big.Int, using the Finite Field over R and the number of rounds setted in the `constants` variable // MIMC7Hash performs the MIMC7 hash over a *big.Int, using the Finite Field over R and the number of rounds setted in the `constants` variable
func MIMC7Hash(xIn, k *big.Int) *big.Int {
var r *big.Int
func MIMC7Hash(xInBI, kBI *big.Int) *big.Int {
xIn := ff.NewElement().SetBigInt(xInBI)
k := ff.NewElement().SetBigInt(kBI)
var r *ff.Element
for i := 0; i < constants.nRounds; i++ { for i := 0; i < constants.nRounds; i++ {
var t *big.Int
var t *ff.Element
if i == 0 { if i == 0 {
t = constants.fqR.Add(xIn, k)
t = ff.NewElement().Add(xIn, k)
} else { } else {
t = constants.fqR.Add(constants.fqR.Add(r, k), constants.cts[i])
t = ff.NewElement().Add(ff.NewElement().Add(r, k), constants.cts[i])
} }
t2 := constants.fqR.Square(t)
t4 := constants.fqR.Square(t2)
r = constants.fqR.Mul(constants.fqR.Mul(t4, t2), t)
t2 := ff.NewElement().Square(t)
t4 := ff.NewElement().Square(t2)
r = ff.NewElement().Mul(ff.NewElement().Mul(t4, t2), t)
} }
return constants.fqR.Affine(constants.fqR.Add(r, k))
rE := ff.NewElement().Add(r, k)
res := big.NewInt(0)
rE.ToBigIntRegular(res)
return res
} }
// Hash performs the MIMC7 hash over a *big.Int array // Hash performs the MIMC7 hash over a *big.Int array
@ -113,17 +119,18 @@ func Hash(arr []*big.Int, key *big.Int) (*big.Int, error) {
} }
var r *big.Int var r *big.Int
if key == nil { if key == nil {
r = constants.fqR.Zero()
r = big.NewInt(0)
} else { } else {
r = key r = key
} }
for i := 0; i < len(arr); i++ { for i := 0; i < len(arr); i++ {
r = constants.fqR.Add(
constants.fqR.Add(
r = new(big.Int).Add(
new(big.Int).Add(
r, r,
arr[i], arr[i],
), ),
MIMC7Hash(arr[i], r)) MIMC7Hash(arr[i], r))
r = new(big.Int).Mod(r, _constants.Q)
} }
return r, nil return r, nil
} }

+ 2
- 7
mimc7/mimc7_test.go
View File

@ -6,7 +6,6 @@ import (
"testing" "testing"
"github.com/ethereum/go-ethereum/crypto" "github.com/ethereum/go-ethereum/crypto"
"github.com/iden3/go-iden3-crypto/field"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
@ -22,16 +21,12 @@ func TestMIMC7Generic(t *testing.T) {
b2 := big.NewInt(int64(2)) b2 := big.NewInt(int64(2))
b3 := big.NewInt(int64(3)) b3 := big.NewInt(int64(3))
r, ok := new(big.Int).SetString("21888242871839275222246405745257275088548364400416034343698204186575808495617", 10)
assert.True(t, ok)
fqR := field.NewFq(r)
bigArray := []*big.Int{b1, b2, b3} bigArray := []*big.Int{b1, b2, b3}
// Generic Hash // Generic Hash
mhg := MIMC7HashGeneric(fqR, b1, b2, 91)
mhg := MIMC7HashGeneric(b1, b2, 91)
assert.Equal(t, "10594780656576967754230020536574539122676596303354946869887184401991294982664", mhg.String()) assert.Equal(t, "10594780656576967754230020536574539122676596303354946869887184401991294982664", mhg.String())
hg, err := HashGeneric(fqR.Zero(), bigArray, fqR, 91)
hg, err := HashGeneric(big.NewInt(0), bigArray, 91)
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, "6464402164086696096195815557694604139393321133243036833927490113253119343397", (*big.Int)(hg).String()) assert.Equal(t, "6464402164086696096195815557694604139393321133243036833927490113253119343397", (*big.Int)(hg).String())
} }

+ 2
- 3
poseidon/poseidon.go
View File

@ -20,7 +20,7 @@ var constC []*ff.Element
var constM [T][T]*ff.Element var constM [T][T]*ff.Element
func Zero() *ff.Element { func Zero() *ff.Element {
return ff.NewElement().SetZero()
return ff.NewElement()
} }
func modQ(v *big.Int) { func modQ(v *big.Int) {
@ -71,7 +71,7 @@ func getMDS() [T][T]*ff.Element {
func checkAllDifferent(v []*ff.Element) bool { func checkAllDifferent(v []*ff.Element) bool {
for i := 0; i < len(v); i++ { for i := 0; i < len(v); i++ {
if v[i].Equal(ff.NewElement().SetZero()) {
if v[i].Equal(ff.NewElement()) {
return false return false
} }
for j := i + 1; j < len(v); j++ { for j := i + 1; j < len(v); j++ {
@ -92,7 +92,6 @@ func ark(state [T]*ff.Element, c *ff.Element) {
// cubic performs x^5 mod p // cubic performs x^5 mod p
// https://eprint.iacr.org/2019/458.pdf page 8 // https://eprint.iacr.org/2019/458.pdf page 8
// var five = big.NewInt(5)
func cubic(a *ff.Element) { func cubic(a *ff.Element) {
a.Exp(*a, 5) a.Exp(*a, 5)

Write Preview
Loading…
Cancel
Save