2018-12-06 19:32:49 +03:00
|
|
|
/*
|
|
|
|
Copyright 2018 0KIMS association.
|
|
|
|
|
|
|
|
This file is part of circom (Zero Knowledge Circuit Compiler).
|
|
|
|
|
|
|
|
circom is a free software: you can redistribute it and/or modify it
|
|
|
|
under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
circom is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
|
|
|
|
License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with circom. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
2019-09-05 17:41:58 +03:00
|
|
|
include "constants.circom";
|
2018-12-06 19:32:49 +03:00
|
|
|
include "sha256compression.circom";
|
|
|
|
include "../bitify.circom"
|
|
|
|
|
|
|
|
template Sha256_2() {
|
|
|
|
signal input a;
|
|
|
|
signal input b;
|
|
|
|
signal output out;
|
|
|
|
|
2019-09-05 17:41:58 +03:00
|
|
|
var i;
|
|
|
|
var k;
|
|
|
|
|
2018-12-06 19:32:49 +03:00
|
|
|
component bits2num = Bits2Num(216);
|
|
|
|
component num2bits[2];
|
|
|
|
|
|
|
|
num2bits[0] = Num2Bits(216);
|
|
|
|
num2bits[1] = Num2Bits(216);
|
|
|
|
|
|
|
|
num2bits[0].in <== a;
|
|
|
|
num2bits[1].in <== b;
|
|
|
|
|
2019-09-05 17:41:58 +03:00
|
|
|
|
2018-12-06 19:32:49 +03:00
|
|
|
component sha256compression = Sha256compression() ;
|
|
|
|
|
2019-09-05 17:41:58 +03:00
|
|
|
component ha0 = H(0);
|
|
|
|
component hb0 = H(1);
|
|
|
|
component hc0 = H(2);
|
|
|
|
component hd0 = H(3);
|
|
|
|
component he0 = H(4);
|
|
|
|
component hf0 = H(5);
|
|
|
|
component hg0 = H(6);
|
|
|
|
component hh0 = H(7);
|
|
|
|
|
|
|
|
for (k=0; k<32; k++ ) {
|
|
|
|
sha256compression.hin[0*32+k] <== ha0.out[k];
|
|
|
|
sha256compression.hin[1*32+k] <== hb0.out[k];
|
|
|
|
sha256compression.hin[2*32+k] <== hc0.out[k];
|
|
|
|
sha256compression.hin[3*32+k] <== hd0.out[k];
|
|
|
|
sha256compression.hin[4*32+k] <== he0.out[k];
|
|
|
|
sha256compression.hin[5*32+k] <== hf0.out[k];
|
|
|
|
sha256compression.hin[6*32+k] <== hg0.out[k];
|
|
|
|
sha256compression.hin[7*32+k] <== hh0.out[k];
|
|
|
|
}
|
2018-12-06 19:32:49 +03:00
|
|
|
|
|
|
|
for (i=0; i<216; i++) {
|
|
|
|
sha256compression.inp[i] <== num2bits[0].out[215-i];
|
|
|
|
sha256compression.inp[i+216] <== num2bits[1].out[215-i];
|
|
|
|
}
|
|
|
|
|
|
|
|
sha256compression.inp[432] <== 1;
|
|
|
|
|
|
|
|
for (i=433; i<503; i++) {
|
|
|
|
sha256compression.inp[i] <== 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
sha256compression.inp[503] <== 1;
|
|
|
|
sha256compression.inp[504] <== 1;
|
|
|
|
sha256compression.inp[505] <== 0;
|
|
|
|
sha256compression.inp[506] <== 1;
|
|
|
|
sha256compression.inp[507] <== 1;
|
|
|
|
sha256compression.inp[508] <== 0;
|
|
|
|
sha256compression.inp[509] <== 0;
|
|
|
|
sha256compression.inp[510] <== 0;
|
|
|
|
sha256compression.inp[511] <== 0;
|
|
|
|
|
|
|
|
for (i=0; i<216; i++) {
|
|
|
|
bits2num.in[i] <== sha256compression.out[255-i];
|
|
|
|
}
|
|
|
|
|
|
|
|
out <== bits2num.out;
|
|
|
|
}
|