arnaucube
/
keccak256-circom
mirror of https://github.com/arnaucube/keccak256-circom.git

pragma circom 2.0.0;

include "./utils.circom";

template step() {
    // out = a ^ (^b) & c
    signal input a[64];
    signal input b[64];
    signal input c[64];
    signal output out[64];
    var i;

    // ^b
    component bXor = XorArraySingle(64);
    for (i=0; i<64; i++) {
        bXor.a[i] <== b[i];
    }
    // (^b)&c
    component bc = AndArray(64);
    for (i=0; i<64; i++) {
        bc.a[i] <== bXor.out[i];
        bc.b[i] <== c[i];
    }
    // a^(^b)&c
    component abc = XorArray(64);
    for (i=0; i<64; i++) {
        abc.a[i] <== a[i];
        abc.b[i] <== bc.out[i];
    }
    for (i=0; i<64; i++) {
        out[i] <== abc.out[i];
    }
}

template Chi() {
    signal input in[25*64];
    signal output out[25*64];

    var i;

    component r0 = step();
    for (i=0; i<64; i++) {
        r0.a[i] <== in[i];
        r0.b[i] <== in[1*64+i];
        r0.c[i] <== in[2*64+i];
    }
    component r1 = step();
    for (i=0; i<64; i++) {
        r1.a[i] <== in[1*64+i];
        r1.b[i] <== in[2*64+i];
        r1.c[i] <== in[3*64+i];
    }
    component r2 = step();
    for (i=0; i<64; i++) {
        r2.a[i] <== in[2*64+i];
        r2.b[i] <== in[3*64+i];
        r2.c[i] <== in[4*64+i];
    }
    component r3 = step();
    for (i=0; i<64; i++) {
        r3.a[i] <== in[3*64+i];
        r3.b[i] <== in[4*64+i];
        r3.c[i] <== in[0*64+i];
    }
    component r4 = step();
    for (i=0; i<64; i++) {
        r4.a[i] <== in[4*64+i];
        r4.b[i] <== in[i];
        r4.c[i] <== in[1*64+i];
    }

    component r5 = step();
    for (i=0; i<64; i++) {
        r5.a[i] <== in[5*64+i];
        r5.b[i] <== in[6*64+i];
        r5.c[i] <== in[7*64+i];
    }
    component r6 = step();
    for (i=0; i<64; i++) {
        r6.a[i] <== in[6*64+i];
        r6.b[i] <== in[7*64+i];
        r6.c[i] <== in[8*64+i];
    }
    component r7 = step();
    for (i=0; i<64; i++) {
        r7.a[i] <== in[7*64+i];
        r7.b[i] <== in[8*64+i];
        r7.c[i] <== in[9*64+i];
    }
    component r8 = step();
    for (i=0; i<64; i++) {
        r8.a[i] <== in[8*64+i];
        r8.b[i] <== in[9*64+i];
        r8.c[i] <== in[5*64+i];
    }
    component r9 = step();
    for (i=0; i<64; i++) {
        r9.a[i] <== in[9*64+i];
        r9.b[i] <== in[5*64+i];
        r9.c[i] <== in[6*64+i];
    }

    component r10 = step();
    for (i=0; i<64; i++) {
        r10.a[i] <== in[10*64+i];
        r10.b[i] <== in[11*64+i];
        r10.c[i] <== in[12*64+i];
    }
    component r11 = step();
    for (i=0; i<64; i++) {
        r11.a[i] <== in[11*64+i];
        r11.b[i] <== in[12*64+i];
        r11.c[i] <== in[13*64+i];
    }
    component r12 = step();
    for (i=0; i<64; i++) {
        r12.a[i] <== in[12*64+i];
        r12.b[i] <== in[13*64+i];
        r12.c[i] <== in[14*64+i];
    }
    component r13 = step();
    for (i=0; i<64; i++) {
        r13.a[i] <== in[13*64+i];
        r13.b[i] <== in[14*64+i];
        r13.c[i] <== in[10*64+i];
    }
    component r14 = step();
    for (i=0; i<64; i++) {
        r14.a[i] <== in[14*64+i];
        r14.b[i] <== in[10*64+i];
        r14.c[i] <== in[11*64+i];
    }

    component r15 = step();
    for (i=0; i<64; i++) {
        r15.a[i] <== in[15*64+i];
        r15.b[i] <== in[16*64+i];
        r15.c[i] <== in[17*64+i];
    }
    component r16 = step();
    for (i=0; i<64; i++) {
        r16.a[i] <== in[16*64+i];
        r16.b[i] <== in[17*64+i];
        r16.c[i] <== in[18*64+i];
    }
    component r17 = step();
    for (i=0; i<64; i++) {
        r17.a[i] <== in[17*64+i];
        r17.b[i] <== in[18*64+i];
        r17.c[i] <== in[19*64+i];
    }
    component r18 = step();
    for (i=0; i<64; i++) {
        r18.a[i] <== in[18*64+i];
        r18.b[i] <== in[19*64+i];
        r18.c[i] <== in[15*64+i];
    }
    component r19 = step();
    for (i=0; i<64; i++) {
        r19.a[i] <== in[19*64+i];
        r19.b[i] <== in[15*64+i];
        r19.c[i] <== in[16*64+i];
    }

    component r20 = step();
    for (i=0; i<64; i++) {
        r20.a[i] <== in[20*64+i];
        r20.b[i] <== in[21*64+i];
        r20.c[i] <== in[22*64+i];
    }
    component r21 = step();
    for (i=0; i<64; i++) {
        r21.a[i] <== in[21*64+i];
        r21.b[i] <== in[22*64+i];
        r21.c[i] <== in[23*64+i];
    }
    component r22 = step();
    for (i=0; i<64; i++) {
        r22.a[i] <== in[22*64+i];
        r22.b[i] <== in[23*64+i];
        r22.c[i] <== in[24*64+i];
    }
    component r23 = step();
    for (i=0; i<64; i++) {
        r23.a[i] <== in[23*64+i];
        r23.b[i] <== in[24*64+i];
        r23.c[i] <== in[20*64+i];
    }
    component r24 = step();
    for (i=0; i<64; i++) {
        r24.a[i] <== in[24*64+i];
        r24.b[i] <== in[20*64+i];
        r24.c[i] <== in[21*64+i];
    }

    for (i=0; i<64; i++) {
        out[i] <== r0.out[i];
        out[1*64+i] <== r1.out[i];
        out[2*64+i] <== r2.out[i];
        out[3*64+i] <== r3.out[i];
        out[4*64+i] <== r4.out[i];

        out[5*64+i] <== r5.out[i];
        out[6*64+i] <== r6.out[i];
        out[7*64+i] <== r7.out[i];
        out[8*64+i] <== r8.out[i];
        out[9*64+i] <== r9.out[i];

        out[10*64+i] <== r10.out[i];
        out[11*64+i] <== r11.out[i];
        out[12*64+i] <== r12.out[i];
        out[13*64+i] <== r13.out[i];
        out[14*64+i] <== r14.out[i];

        out[15*64+i] <== r15.out[i];
        out[16*64+i] <== r16.out[i];
        out[17*64+i] <== r17.out[i];
        out[18*64+i] <== r18.out[i];
        out[19*64+i] <== r19.out[i];

        out[20*64+i] <== r20.out[i];
        out[21*64+i] <== r21.out[i];
        out[22*64+i] <== r22.out[i];
        out[23*64+i] <== r23.out[i];
        out[24*64+i] <== r24.out[i];
    }
}