Keccakf circuit implemented

2026-01-10 16:01:28 +01:00 · 2021-11-24 12:48:00 +01:00
parent f88c2834fb
commit 4153b516f0
4 changed files with 94 additions and 3 deletions
--- a/circuits/keccak256.circom
+++ b/circuits/keccak256.circom
@@ -64,3 +64,34 @@ template KeccakfRound(r) {
        out[i] <== iota.out[i];
    }
 }
+
+template Keccakf() {
+    signal input in[25*64];
+    signal output out[25*64];
+    var i;
+    var j;
+
+    // 24 rounds
+    component round[24];
+    signal midRound[24*25*64];
+    for (i=0; i<24; i++) {
+        round[i] = KeccakfRound(i);
+        if (i==0) {
+            for (j=0; j<25*64; j++) {
+                midRound[j] <== in[j];
+            }
+        }
+        for (j=0; j<25*64; j++) {
+            round[i].in[j] <== midRound[i*25*64+j];
+        }
+        if (i<23) {
+            for (j=0; j<25*64; j++) {
+                midRound[(i+1)*25*64+j] <== round[i].out[j];
+            }
+        }
+    }
+
+    for (i=0; i<25*64; i++) {
+        out[i] <== round[23].out[i];
+    }
+}
--- a/go-keccak256-bits-impl/keccak_test.go
+++ b/go-keccak256-bits-impl/keccak_test.go
@@ -92,8 +92,19 @@ func TestKeccakf(t *testing.T) {
 			15083668107635345971})

 	// compute again keccakf on the current state
-	// s = keccakf(s)
-	// qt.Assert(t, bitsToU64Array(s[:]), qt.DeepEquals, []uint64{})
+	s = keccakf(s)
+	qt.Assert(t, bitsToU64Array(s[:]), qt.DeepEquals,
+		[]uint64{269318771259381490, 15892848561416382510,
+			12485559500958802382, 4360182510883008729,
+			14284025675983944434, 8800366419087562177, 7881853509112258378,
+			9503857914080778528, 17110477940977988953,
+			13825318756568052601, 11460650932194163315,
+			13272167288297399439, 13599957064256729412,
+			12730838251751851758, 13736647180617564382,
+			5651695613583298166, 15496251216716036782, 9748494184433838858,
+			3637745438296580159, 3821184813198767406, 15603239432236101315,
+			3726326332491237029, 7819962668913661099, 2285898735263816116,
+			13518516210247555620})
 }

 func TestFinal(t *testing.T) {
--- a/test/circuits/keccakf_test.circom
+++ b/test/circuits/keccakf_test.circom
@@ -0,0 +1,5 @@
+pragma circom 2.0.0;
+
+include "../../circuits/keccak256.circom";
+
+component main = Keccakf();
--- a/test/keccak256.js
+++ b/test/keccak256.js
@@ -300,7 +300,7 @@ describe("Keccak-Pad test", function () {
    });
 });

-describe("keccakf test", function () {
+describe("keccakfRound test", function () {
    this.timeout(100000);

    // apt install nlohmann-json3-dev
@@ -346,3 +346,47 @@ describe("keccakf test", function () {
 	assert.deepEqual(stateOutU64, expectedOut);
    });
 });
+
+describe("keccakf test", function () {
+    this.timeout(100000);
+
+    it ("keccakf 1 (testvector generated from go)", async () => {
+	// const cir = await wasm_tester(path.join(__dirname, "circuits", "keccakf_test.circom"));
+	const cir = await c_tester(path.join(__dirname, "circuits", "keccakf_test.circom"));
+	await cir.loadConstraints();
+	console.log("n_constraints", cir.constraints.length);
+
+	const input = [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24];
+	const expectedOut = strsToBigInts(["9472389783892099349", "2159377575142921216", "17826682512249813373", "2325963263767348549", "15086930817298358378", "11661812091723830419", "3517755057770134847", "5223775837645169598", "933274647126506074", "3451250694486589320", "825065683101361807", "6192414258352188799", "14426505790672879210", "3326742392640380689", "16749975585634164134", "17847697619892908514", "11598434253200954839", "6049795840392747215", "8610635351954084385", "18234131770974529925", "15330347418010067760", "12047099911907354591", "4763389569697138851", "6779624089296570504", "15083668107635345971"]);
+
+	const stateIn = u64ArrayToBits(input);
+	const expectedOutBits = u64ArrayToBits(expectedOut);
+
+	const witness = await cir.calculateWitness({ "in": stateIn }, true);
+
+	const stateOut = witness.slice(1, 1+(25*64));
+	const stateOutU64 = bitsToU64Array(stateOut);
+	// console.log(stateOutU64, expectedOut);
+	assert.deepEqual(stateOutU64, expectedOut);
+    });
+
+    it ("keccakf 2 (testvector generated from go)", async () => {
+	// const cir = await wasm_tester(path.join(__dirname, "circuits", "keccakf_test.circom"));
+	const cir = await c_tester(path.join(__dirname, "circuits", "keccakf_test.circom"));
+	await cir.loadConstraints();
+	console.log("n_constraints", cir.constraints.length);
+
+	const input = strsToBigInts(["9472389783892099349", "2159377575142921216", "17826682512249813373", "2325963263767348549", "15086930817298358378", "11661812091723830419", "3517755057770134847", "5223775837645169598", "933274647126506074", "3451250694486589320", "825065683101361807", "6192414258352188799", "14426505790672879210", "3326742392640380689", "16749975585634164134", "17847697619892908514", "11598434253200954839", "6049795840392747215", "8610635351954084385", "18234131770974529925", "15330347418010067760", "12047099911907354591", "4763389569697138851", "6779624089296570504", "15083668107635345971"]);
+	const expectedOut = strsToBigInts(["269318771259381490", "15892848561416382510", "12485559500958802382", "4360182510883008729", "14284025675983944434", "8800366419087562177", "7881853509112258378", "9503857914080778528", "17110477940977988953", "13825318756568052601", "11460650932194163315", "13272167288297399439", "13599957064256729412", "12730838251751851758", "13736647180617564382", "5651695613583298166", "15496251216716036782", "9748494184433838858", "3637745438296580159", "3821184813198767406", "15603239432236101315", "3726326332491237029", "7819962668913661099", "2285898735263816116", "13518516210247555620"]);
+
+	const stateIn = u64ArrayToBits(input);
+	const expectedOutBits = u64ArrayToBits(expectedOut);
+
+	const witness = await cir.calculateWitness({ "in": stateIn }, true);
+
+	const stateOut = witness.slice(1, 1+(25*64));
+	const stateOutU64 = bitsToU64Array(stateOut);
+	// console.log(stateOutU64, expectedOut);
+	assert.deepEqual(stateOutU64, expectedOut);
+    });
+});