From e48f7347ebcf964f091339f6b745ef2360882c9a Mon Sep 17 00:00:00 2001 From: arnaucube Date: Tue, 2 Nov 2021 20:17:36 +0100 Subject: [PATCH] Add Circom Pad impl --- README.md | 5 +-- circuits/keccak256.circom | 46 +++++++++++++++++++++++++++ go-keccak256-bits-impl/keccak_test.go | 27 ++++++++++++++++ test/circuits/pad_test.circom | 5 +++ test/keccak256.js | 21 ++++++++++++ 5 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 circuits/keccak256.circom create mode 100644 test/circuits/pad_test.circom diff --git a/README.md b/README.md index 8ffcb77..15f9030 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ # keccak256-circom [![Test](https://github.com/arnaucube/keccak256-circom/workflows/Test/badge.svg)](https://github.com/arnaucube/keccak256-circom/actions?query=workflow%3ATest) -WIP repo. Once ready, will do a PR into [circomlib](https://github.com/iden3/circomlib). +Keccak256 hash function (ethereum version) implemented in [circom](https://github.com/iden3/circom). Spec: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf + +**Warning**: WIP, this is an experimental repo. -Spec: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf diff --git a/circuits/keccak256.circom b/circuits/keccak256.circom new file mode 100644 index 0000000..a646742 --- /dev/null +++ b/circuits/keccak256.circom @@ -0,0 +1,46 @@ +pragma circom 2.0.0; + +include "./utils.circom"; + +template Pad(nBits) { + signal input in[nBits]; + var blockSize=136*8; + signal output out[blockSize]; + signal out2[blockSize]; + var i; + + for (i=0; i> i) & 1; + } + for (i=nBits+8; i> i) & 1; + } + for (i=0; i<8; i++) { + out[blockSize-8+i] <== aux.out[i]; + } + for (i=0; i { + const cir = await wasm_tester(path.join(__dirname, "circuits", "pad_test.circom")); + + const input = [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]; + const expectedOut = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128]; + + const stateIn = bytesToBits(input); + + const witness = await cir.calculateWitness({ "in": stateIn }, true); + + const stateOut = witness.slice(1, 1+(136*8)); + const stateOutBytes = bitsToBytes(stateOut); + // console.log(stateOutBytes, expectedOut); + assert.deepEqual(stateOutBytes, expectedOut); + }); +}); +