Pedersen Hash Base Points Calculation

calcpedersenbases/calcpedersenbases.js

@@ -0,0 +1,84 @@
+const bn128 = require("snarkjs").bn128;
+const bigInt = require("snarkjs").bigInt;
+const createBlakeHash = require("blake-hash");
+const assert = require("assert");
+
+function getPoint(S) {
+    const F = bn128.Fr;
+    const h = createBlakeHash("blake256").update(S).digest();
+
+    assert(h.length == 32);
+
+    let sign = false;
+    if (h[31] & 0x80) {
+        h[31] = h[31] & 0x7F;
+        sign = true;
+    }
+
+    let x = bigInt(0);
+    for (let i=0; i<32; i++) {
+        x = x.shl(8);
+        x = x.add(bigInt(h[i]));
+    }
+
+    const a = bigInt("168700");
+    const d = bigInt("168696");
+
+    const x2 = F.square(x);
+
+    let y = F.sqrt(F.div(
+        F.sub(F.one, F.mul(a, x2)),
+        F.sub(F.one, F.mul(d, x2))));
+
+    if (y == null) return null;
+
+    if (sign) y = F.neg(y);
+
+    return [bn128.Fr.affine(x), bn128.Fr.affine(y)];
+}
+
+
+function generatePoint(S) {
+    let p= null;
+    let idx = 0;
+    while (p==null) {
+        let sidx = "" + idx;
+        while (sidx.length<16) sidx = "0"+sidx;
+        p = getPoint(S+"_"+sidx);
+        idx++;
+    }
+    assert(inCurve(p));
+    return p;
+}
+
+function inCurve(p) {
+    const F = bn128.Fr;
+
+    const a = bigInt("168700");
+    const d = bigInt("168696");
+
+    const x2 = F.square(p[0]);
+    const y2 = F.square(p[1]);
+
+    return F.equals(
+        F.add(F.mul(a, x2), y2),
+        F.add(F.one, F.mul(F.mul(x2, y2), d)));
+}
+
+const g = [
+    bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+    bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")];
+
+if (!inCurve(g)) {
+    throw new Error("Generator not In curve -> Some thing goes wrong...");
+}
+
+for (let i=0; i<25; i++) {
+    let S = "" +i;
+    while (S.length<16) S = "0"+S;
+    const P = generatePoint("Iden3_PedersenGenerator_"+S);
+    console.log(`[${P[0].toString()}, ${P[1].toString()}]`);
+}
+
+
+

circuit.json

@@ -0,0 +1,298 @@
+{
+ "mainCode": "{\n    {\n    }\n    ctx.setVar(\"base\", [], [\"17777552123799933955779906779655732241715742912184938656739573121738514868268\",\"2626589144620713026669568689430873010625803728049924121243784502389097019475\"]);\n}\n",
+ "signalName2Idx": {
+  "one": 0,
+  "main.out[0][0]": 1,
+  "main.out[0][1]": 2,
+  "main.out[1][0]": 3,
+  "main.out[1][1]": 4,
+  "main.out[2][0]": 5,
+  "main.out[2][1]": 6,
+  "main.out[3][0]": 7,
+  "main.out[3][1]": 8,
+  "main.out[4][0]": 9,
+  "main.out[4][1]": 10,
+  "main.out[5][0]": 11,
+  "main.out[5][1]": 12,
+  "main.out[6][0]": 13,
+  "main.out[6][1]": 14,
+  "main.out[7][0]": 15,
+  "main.out[7][1]": 16,
+  "main.out[8][0]": 17,
+  "main.out[8][1]": 18,
+  "main.out[9][0]": 19,
+  "main.out[9][1]": 20,
+  "main.out[10][0]": 21,
+  "main.out[10][1]": 22,
+  "main.out[11][0]": 23,
+  "main.out[11][1]": 24,
+  "main.out[12][0]": 25,
+  "main.out[12][1]": 26,
+  "main.out[13][0]": 27,
+  "main.out[13][1]": 28,
+  "main.out[14][0]": 29,
+  "main.out[14][1]": 30,
+  "main.out[15][0]": 31,
+  "main.out[15][1]": 32
+ },
+ "components": [
+  {
+   "name": "main",
+   "params": {
+    "base": [
+     {
+      "type": "NUMBER",
+      "value": "17777552123799933955779906779655732241715742912184938656739573121738514868268",
+      "first_line": 3,
+      "first_column": 12,
+      "last_line": 3,
+      "last_column": 89
+     },
+     {
+      "type": "NUMBER",
+      "value": "2626589144620713026669568689430873010625803728049924121243784502389097019475",
+      "first_line": 4,
+      "first_column": 12,
+      "last_line": 4,
+      "last_column": 88
+     }
+    ],
+    "k": {
+     "type": "NUMBER",
+     "value": "0",
+     "first_line": 6,
+     "first_column": 41,
+     "last_line": 6,
+     "last_column": 42
+    }
+   },
+   "template": "EscalarMulW4Table",
+   "inputSignals": 0
+  }
+ ],
+ "componentName2Idx": {
+  "main": 0
+ },
+ "signals": [
+  {
+   "names": [
+    "one"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[0][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[0][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[1][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[1][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[2][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[2][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[3][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[3][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[4][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[4][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[5][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[5][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[6][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[6][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[7][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[7][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[8][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[8][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[9][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[9][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[10][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[10][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[11][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[11][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[12][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[12][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[13][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[13][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[14][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[14][1]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[15][0]"
+   ],
+   "triggerComponents": []
+  },
+  {
+   "names": [
+    "main.out[15][1]"
+   ],
+   "triggerComponents": []
+  }
+ ],
+ "constraints": [],
+ "templates": {
+  "EscalarMulW4Table": "function(ctx) {\n    ctx.setVar(\"dbl\", [], ctx.getVar(\"base\",[]));\n    for (ctx.setVar(\"i\", [], \"0\");bigInt(ctx.getVar(\"i\",[])).lt(bigInt(bigInt(ctx.getVar(\"k\",[])).mul(bigInt(\"4\")).mod(__P__))) ? 1 : 0;(ctx.setVar(\"i\", [], bigInt(ctx.getVar(\"i\",[])).add(bigInt(\"1\")).mod(__P__))).add(__P__).sub(bigInt(1)).mod(__P__)) { \n    {\n        ctx.setVar(\"dbl\", [], ctx.callFunction(\"pointAdd\", [ctx.getVar(\"dbl\",[\"0\"]),ctx.getVar(\"dbl\",[\"1\"]),ctx.getVar(\"dbl\",[\"0\"]),ctx.getVar(\"dbl\",[\"1\"])]));\n    }\n\n     }\n    ctx.setSignal(\"out\", [\"0\",\"0\"], \"0\");\n    ctx.assert(ctx.getSignal(\"out\", [\"0\",\"0\"]), \"0\");\n    ctx.setSignal(\"out\", [\"0\",\"1\"], \"1\");\n    ctx.assert(ctx.getSignal(\"out\", [\"0\",\"1\"]), \"1\");\n    for (ctx.setVar(\"i\", [], \"1\");bigInt(ctx.getVar(\"i\",[])).lt(bigInt(\"16\")) ? 1 : 0;(ctx.setVar(\"i\", [], bigInt(ctx.getVar(\"i\",[])).add(bigInt(\"1\")).mod(__P__))).add(__P__).sub(bigInt(1)).mod(__P__)) { \n    {\n        ctx.setVar(\"p\", [], ctx.callFunction(\"pointAdd\", [ctx.getSignal(\"out\", [bigInt(ctx.getVar(\"i\",[])).add(__P__).sub(bigInt(\"1\")).mod(__P__),\"0\"]),ctx.getSignal(\"out\", [bigInt(ctx.getVar(\"i\",[])).add(__P__).sub(bigInt(\"1\")).mod(__P__),\"1\"]),ctx.getVar(\"dbl\",[\"0\"]),ctx.getVar(\"dbl\",[\"1\"])]));\n        ctx.setSignal(\"out\", [ctx.getVar(\"i\",[]),\"0\"], ctx.getVar(\"p\",[\"0\"]));\n        ctx.assert(ctx.getSignal(\"out\", [ctx.getVar(\"i\",[]),\"0\"]), ctx.getVar(\"p\",[\"0\"]));\n        ctx.setSignal(\"out\", [ctx.getVar(\"i\",[]),\"1\"], ctx.getVar(\"p\",[\"1\"]));\n        ctx.assert(ctx.getSignal(\"out\", [ctx.getVar(\"i\",[]),\"1\"]), ctx.getVar(\"p\",[\"1\"]));\n    }\n\n     }\n}\n"
+ },
+ "functions": {
+  "pointAdd": {
+   "params": [
+    "x1",
+    "y1",
+    "x2",
+    "y2"
+   ],
+   "func": "function(ctx) {\n    ctx.setVar(\"a\", [], \"168700\");\n    ctx.setVar(\"d\", [], \"168696\");\n    ctx.setVar(\"res\", [\"0\"], bigInt(bigInt(bigInt(ctx.getVar(\"x1\",[])).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__)).add(bigInt(bigInt(ctx.getVar(\"y1\",[])).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__))).mod(__P__)).mul( bigInt(bigInt(\"1\").add(bigInt(bigInt(bigInt(bigInt(bigInt(ctx.getVar(\"d\",[])).mul(bigInt(ctx.getVar(\"x1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__))).mod(__P__)).inverse(__P__) ).mod(__P__));\n    ctx.setVar(\"res\", [\"1\"], bigInt(bigInt(bigInt(ctx.getVar(\"y1\",[])).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__)).add(__P__).sub(bigInt(bigInt(bigInt(ctx.getVar(\"a\",[])).mul(bigInt(ctx.getVar(\"x1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__))).mod(__P__)).mul( bigInt(bigInt(\"1\").add(__P__).sub(bigInt(bigInt(bigInt(bigInt(bigInt(ctx.getVar(\"d\",[])).mul(bigInt(ctx.getVar(\"x1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__))).mod(__P__)).inverse(__P__) ).mod(__P__));\n    return ctx.getVar(\"res\",[]);;\n}\n"
+  }
+ },
+ "nPrvInputs": 0,
+ "nPubInputs": 0,
+ "nInputs": 0,
+ "nOutputs": 0,
+ "nVars": 1,
+ "nConstants": 32,
+ "nSignals": 33
+}

circuit/eddsa.circom

@@ -0,0 +1,22 @@
+
+
+
+
+templete Verfier() {
+    signal input hMsg[256];
+
+    signal input Ax;
+    signal input Ay;
+
+    signal input Rx;
+    signal input Ry;
+
+    signal input s[256];
+
+
+    componet exps = Exp();
+    component exph = Exp();
+
+    component adder = BabyAdd();
+
+}

circuit/escalarmul.circom

@@ -43,10 +43,10 @@
  */
 
 include "mux4.circom";
-include "expw4table.circom";
+include "escalarmulw4table.circom";
 include "babyjub.circom";
 
-template ExpWindow(k) {
+template EscalarMulWindow(base, k) {
 
     signal input in[2];
     signal input sel[4];
@@ -58,7 +58,7 @@ template ExpWindow(k) {
 
     var i;
 
-    table = ExpW4Table(k);
+    table = EscalarMulW4Table(base, k);
     mux = MultiMux4(2);
     adder = BabyAdd();
 
@@ -86,7 +86,7 @@ template ExpWindow(k) {
 
                 ┏━━━━━━━━━┓      ┏━━━━━━━━━┓                            ┏━━━━━━━━━━━━━━━━━━━┓
                 ┃         ┃      ┃         ┃                            ┃                   ┃
-     (0,1) ════▶┃Window(0)┃═════▶┃Window(1)┃════════  . . . . ═════════▶┃ Window(nBlocks-1) ┃═════▶ out
+      inp  ════▶┃Window(0)┃═════▶┃Window(1)┃════════  . . . . ═════════▶┃ Window(nBlocks-1) ┃═════▶ out
                 ┃         ┃      ┃         ┃                            ┃                   ┃
                 ┗━━━━━━━━━┛      ┗━━━━━━━━━┛                            ┗━━━━━━━━━━━━━━━━━━━┛
                   ▲ ▲ ▲ ▲          ▲ ▲ ▲ ▲                                    ▲ ▲ ▲ ▲
@@ -105,8 +105,9 @@ template ExpWindow(k) {
 
  */
 
-template Exp(n) {
+template EscalarMul(n, base) {
     signal input in[n];
+    signal input inp[2];   // Point input to be added
     signal output out[2];
 
     var nBlocks = ((n-1)>>2)+1;
@@ -117,7 +118,7 @@ template Exp(n) {
 
     // Construct the windows
     for (i=0; i<nBlocks; i++) {
-      windows[i] = ExpWindow(i);
+      windows[i] = EscalarMulWindow(base, i);
     }
 
     // Connect the selectors
@@ -132,8 +133,8 @@ template Exp(n) {
     }
 
     // Start with generator
-    windows[0].in[0] <== 0;
-    windows[0].in[1] <== 1;
+    windows[0].in[0] <== inp[0];
+    windows[0].in[1] <== inp[1];
 
     for(i=0; i<nBlocks-1; i++) {
         windows[i].out[0] ==> windows[i+1].in[0];

circuit/escalarmulw4table.circom

@@ -8,16 +8,13 @@ function pointAdd(x1,y1,x2,y2) {
     return res;
 }
 
-template ExpW4Table(k) {
+template EscalarMulW4Table(base, k) {
     signal output out[16][2];
 
     var i;
     var p[2];
 
-    var g = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
-             2626589144620713026669568689430873010625803728049924121243784502389097019475];
-
-    var dbl = g;
+    var dbl = base;
 
     for (i=0; i<k*4; i++) {
         dbl = pointAdd(dbl[0], dbl[1], dbl[0], dbl[1]);

circuit/pedersen.circom

@@ -0,0 +1,47 @@
+
+include "escalarmul.circom";
+
+component Pedersen(n) {
+    signal input in[n];
+    signal output out[2];
+
+    var nexps = ((n-1) \ 253) + 1;
+    var nlastbits = n - (nexps-1)*253;
+
+    component escalarMuls[nexps];
+
+    var PBASE = [
+                    [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+                     2626589144620713026669568689430873010625803728049924121243784502389097019475],
+                    [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+                     2626589144620713026669568689430873010625803728049924121243784502389097019475],
+                    [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+                     2626589144620713026669568689430873010625803728049924121243784502389097019475],
+                    [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+                     2626589144620713026669568689430873010625803728049924121243784502389097019475],
+                    [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+                     2626589144620713026669568689430873010625803728049924121243784502389097019475]
+                ];
+
+    var i;
+    var j;
+    for (i=0; i<nexps; i++) {
+        var nexpbits = (i == nexps-1) ? nlastbits : 253;
+        escalarMuls[i] = EscalarMul(nexpbits, PBASE[i][0], PBAS[i][1]);
+
+        for (j=0; j<nexpbits; j++) {
+            escalarMuls[i].in[j] <== in[253*i + j];
+        }
+
+        if (i==0) {
+            escalarMuls[i].inp[0] <== 0;
+            escalarMuls[i].inp[1] <== 0;
+        } else {
+            escalarMuls[i].inp[0] <== escalarMuls[i-1].out[0];
+            escalarMuls[i].inp[1] <== escalarMuls[i-1].out[1];
+        }
+    }
+
+    escalarMuls[nexps-1].out[0] ==> out[0];
+    escalarMuls[nexps-1].out[1] ==> out[1];
+}

package-lock.json

@@ -105,6 +105,21 @@
       "resolved": "https://registry.npmjs.org/big-integer/-/big-integer-1.6.36.tgz",
       "integrity": "sha512-t70bfa7HYEA1D9idDbmuv7YbsbVkQ+Hp+8KFSul4aE5e/i1bjCNIRYJZlA8Q8p0r9T8cF/RVvwUgRA//FydEyg=="
     },
+    "bindings": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.3.0.tgz",
+      "integrity": "sha512-DpLh5EzMR2kzvX1KIlVC0VkC3iZtHKTgdtZ0a3pglBZdaQFjt5S9g9xd1lE+YvXyfd6mtCeRnrUfOLYiTMlNSw=="
+    },
+    "blake-hash": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/blake-hash/-/blake-hash-1.1.0.tgz",
+      "integrity": "sha512-rNbOFPT7DC/0XnLBJ0noWuzcV+9kHwEKzRGljHMDLQzYv6WZT1vjV3UkWQuNFzyr5tIL7zSsw7A834pgTl75xQ==",
+      "requires": {
+        "bindings": "^1.2.1",
+        "inherits": "^2.0.3",
+        "nan": "^2.2.1"
+      }
+    },
     "brace-expansion": {
       "version": "1.1.11",
       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@@ -172,9 +187,9 @@
       "integrity": "sha1-V00xLt2Iu13YkS6Sht1sCu1KrII="
     },
     "circom": {
-      "version": "0.0.7",
-      "resolved": "https://registry.npmjs.org/circom/-/circom-0.0.7.tgz",
-      "integrity": "sha512-wo2AdoM+KPOGqgyr9lcN4uft6ZHjtjELUwtJL0SeOKp8038a4MuKVymGfxZZYfjh/WQjB7hSadWMqmA2gnXG3g==",
+      "version": "0.0.17",
+      "resolved": "https://registry.npmjs.org/circom/-/circom-0.0.17.tgz",
+      "integrity": "sha512-0oDqyeoCWOZqda+GhRxp8bPNJKtOsVldOy9Nkm+eWo7aBTjtkS6dNm6ZMeu1+1jvSI8648eW+PEC8EIg0z/BvA==",
       "requires": {
         "big-integer": "^1.6.32",
         "optimist": "^0.6.1",
@@ -357,6 +372,15 @@
         "text-table": "^0.2.0"
       }
     },
+    "eslint-plugin-mocha": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-5.2.0.tgz",
+      "integrity": "sha512-4VTX/qIoxUFRnXLNm6bEhEJyfGnGagmQzV4TWXKzkZgIYyP2FSubEdCjEFTyS/dGwSVRWCWGX7jO7BK8R0kppg==",
+      "dev": true,
+      "requires": {
+        "ramda": "^0.25.0"
+      }
+    },
     "eslint-scope": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-4.0.0.tgz",
@@ -847,6 +871,11 @@
       "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.7.tgz",
       "integrity": "sha1-MHXOk7whuPq0PhvE2n6BFe0ee6s="
     },
+    "nan": {
+      "version": "2.11.1",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.11.1.tgz",
+      "integrity": "sha512-iji6k87OSXa0CcrLl9z+ZiYSuR2o+c0bGuNmXdrhTQTakxytAFsC56SArGYoiHlJlFoHSnvmhpceZJaXkVuOtA=="
+    },
     "natural-compare": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz",
@@ -1034,6 +1063,12 @@
       "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz",
       "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="
     },
+    "ramda": {
+      "version": "0.25.0",
+      "resolved": "https://registry.npmjs.org/ramda/-/ramda-0.25.0.tgz",
+      "integrity": "sha512-GXpfrYVPwx3K7RQ6aYT8KPS8XViSXUVJT1ONhoKPE9VAleW42YE+U+8VEyGWt41EnEQW7gwecYJriTI0pKoecQ==",
+      "dev": true
+    },
     "regexpp": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-2.0.1.tgz",
@@ -1137,6 +1172,17 @@
         "is-fullwidth-code-point": "^2.0.0"
       }
     },
+    "snarkjs": {
+      "version": "0.1.5",
+      "resolved": "https://registry.npmjs.org/snarkjs/-/snarkjs-0.1.5.tgz",
+      "integrity": "sha512-4GiP60ONIitWRnC5+Gsl7nIO62fvkGN9Y9jsDWBKORZI34eNXJBrMjhCbT+0X57FS2XjY0MsR0/Qvg2cs1H0sQ==",
+      "requires": {
+        "big-integer": "^1.6.35",
+        "chai": "^4.1.2",
+        "eslint": "^5.3.0",
+        "yargs": "^12.0.2"
+      }
+    },
     "sprintf-js": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
@@ -1341,16 +1387,6 @@
       "requires": {
         "camelcase": "^4.1.0"
       }
-    },
-    "zksnark": {
-      "version": "0.0.11",
-      "resolved": "https://registry.npmjs.org/zksnark/-/zksnark-0.0.11.tgz",
-      "integrity": "sha512-YIOk93pLvc8NDVvedB0SDM1kGjPTdTYC/sgAvc9Dm6qMSYnS7tzCr844QaUlMApFTldz7D/6xlF1l24ttTGLXw==",
-      "requires": {
-        "big-integer": "^1.6.35",
-        "chai": "^4.1.2",
-        "eslint": "^5.3.0"
-      }
     }
   }
 }

package.json

@@ -20,10 +20,12 @@
   "author": "Jordi Baylina",
   "license": "GPL-3.0",
   "dependencies": {
-    "circom": "0.0.7",
-    "zksnark": "0.0.11"
+    "blake-hash": "^1.1.0",
+    "circom": "0.0.20",
+    "snarkjs": "0.1.6"
   },
   "devDependencies": {
+    "eslint-plugin-mocha": "^5.2.0",
     "mocha": "^5.2.0"
   }
 }

test/babyjub.js

@@ -1,6 +1,6 @@
 const chai = require("chai");
 const path = require("path");
-const zkSnark = require("zksnark");
+const snarkjs = require("snarkjs");
 const compiler = require("circom");
 
 const assert = chai.assert;
@@ -17,15 +17,15 @@ describe("Baby Jub test", () => {
 
 //        assert.equal(cirDef.nVars, 2);
 
-        const circuit = new zkSnark.Circuit(cirDef);
+        const circuit = new snarkjs.Circuit(cirDef);
 
         console.log("NConstrains: " + circuit.nConstraints);
 
         const input={
-            x1: zkSnark.bigInt(0),
-            y1: zkSnark.bigInt(1),
-            x2: zkSnark.bigInt(0),
-            y2: zkSnark.bigInt(1)
+            x1: snarkjs.bigInt(0),
+            y1: snarkjs.bigInt(1),
+            x2: snarkjs.bigInt(0),
+            y2: snarkjs.bigInt(1)
         }
 
         const w = circuit.calculateWitness(input);
@@ -45,15 +45,15 @@ describe("Baby Jub test", () => {
 
 //        assert.equal(cirDef.nVars, 2);
 
-        const circuit = new zkSnark.Circuit(cirDef);
+        const circuit = new snarkjs.Circuit(cirDef);
 
         console.log("NConstrains: " + circuit.nConstraints);
 
         const input={
-            x1: zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
-            y1: zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
-            x2: zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
-            y2: zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")
+            x1: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+            y1: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+            x2: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+            y2: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")
         }
 
         const w = circuit.calculateWitness(input);
@@ -61,8 +61,8 @@ describe("Baby Jub test", () => {
         const xout = w[circuit.getSignalIdx("main.xout")];
         const yout = w[circuit.getSignalIdx("main.yout")];
 
-        assert(xout.equals(zkSnark.bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365")));
-        assert(yout.equals(zkSnark.bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889")));
+        assert(xout.equals(snarkjs.bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365")));
+        assert(yout.equals(snarkjs.bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889")));
     });
 
     it("Should add 2 different numbers", async () => {
@@ -73,15 +73,15 @@ describe("Baby Jub test", () => {
 
 //        assert.equal(cirDef.nVars, 2);
 
-        const circuit = new zkSnark.Circuit(cirDef);
+        const circuit = new snarkjs.Circuit(cirDef);
 
         console.log("NConstrains: " + circuit.nConstraints);
 
         const input={
-            x1: zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
-            y1: zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
-            x2: zkSnark.bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
-            y2: zkSnark.bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311")
+            x1: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+            y1: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+            x2: snarkjs.bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
+            y2: snarkjs.bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311")
         }
 
         const w = circuit.calculateWitness(input);
@@ -92,7 +92,7 @@ describe("Baby Jub test", () => {
         console.log(xout.toString());
         console.log(yout.toString());
 
-        assert(xout.equals(zkSnark.bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937")));
-        assert(yout.equals(zkSnark.bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499")));
+        assert(xout.equals(snarkjs.bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937")));
+        assert(yout.equals(snarkjs.bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499")));
     });
 });

test/circuits/escalarmul_min_test.circom

@@ -0,0 +1,26 @@
+include "../../circuit/escalarmul.circom";
+
+
+template Main() {
+    signal input in[256];
+    signal output out[2];
+
+    var i;
+
+    var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+                2626589144620713026669568689430873010625803728049924121243784502389097019475]
+
+    component escalarMul = EscalarMul(256, base);
+
+    escalarMul.inp[0] <== 0;
+    escalarMul.inp[1] <== 1;
+
+    for  (i=0; i<256; i++) {
+        in[i] ==> escalarMul.in[i];
+    }
+
+    escalarMul.out[0] ==> out[0];
+    escalarMul.out[1] ==> out[1];
+}
+
+component main = Main();

test/circuits/escalarmul_test.circom

@@ -0,0 +1,31 @@
+include "../../circuit/escalarmul.circom";
+include "../../node_modules/circom/circuits/bitify.circom";
+
+
+template Main() {
+    signal input in;
+    signal output out[2];
+
+    var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+            2626589144620713026669568689430873010625803728049924121243784502389097019475]
+
+
+    component n2b = Num2Bits(253);
+    component escalarMul = EscalarMul(253, base);
+
+    escalarMul.inp[0] <== 0;
+    escalarMul.inp[1] <== 1;
+
+    var i;
+
+    in ==> n2b.in;
+
+    for  (i=0; i<253; i++) {
+        n2b.out[i] ==> escalarMul.in[i];
+    }
+
+    escalarMul.out[0] ==> out[0];
+    escalarMul.out[1] ==> out[1];
+}
+
+component main = Main();

test/circuits/escalarmul_test_min.circom

@@ -0,0 +1,26 @@
+include "../../circuit/escalarmul.circom";
+
+
+template Main() {
+    signal input in[256];
+    signal output out[2];
+
+    var i;
+
+    var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+                2626589144620713026669568689430873010625803728049924121243784502389097019475]
+
+    component escalarMul = EscalarMul(256, base);
+
+    escalarMul.inp[0] <== 0;
+    escalarMul.inp[1] <== 1;
+
+    for  (i=0; i<256; i++) {
+        in[i] ==> escalarMul.in[i];
+    }
+
+    escalarMul.out[0] ==> out[0];
+    escalarMul.out[1] ==> out[1];
+}
+
+component main = Main();

test/circuits/escalarmulw4table.circom

@@ -0,0 +1,6 @@
+include "../../circuit/escalarmulw4table.circom";
+
+var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+            2626589144620713026669568689430873010625803728049924121243784502389097019475]
+
+component main = EscalarMulW4Table(base, 0);

test/circuits/escalarmulw4table_test.circom

@@ -0,0 +1,6 @@
+include "../../circuit/escalarmulw4table.circom";
+
+var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+            2626589144620713026669568689430873010625803728049924121243784502389097019475];
+
+component main = EscalarMulW4Table(base, 0);

test/circuits/escalarmulw4table_test3.circom

@@ -0,0 +1,6 @@
+include "../../circuit/escalarmulw4table.circom";
+
+var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
+            2626589144620713026669568689430873010625803728049924121243784502389097019475]
+
+component main = EscalarMulW4Table(base, 3);

test/circuits/exp_test.circom

@@ -1,4 +1,4 @@
-include "../../circuit/exp.circom";
+include "../../circuit/escalarmul.circom";
 include "../../node_modules/circom/circuits/sha256/bitify.circom";
 
 
@@ -7,18 +7,18 @@ template Main() {
     signal output out[2];
 
     component n2b = Num2Bits(253);
-    component exp = Exp(253);
+    component escalarMul = EscalarMul(253);
 
     var i;
 
     in ==> n2b.in;
 
     for  (i=0; i<253; i++) {
-        n2b.out[i] ==> exp.in[i];
+        n2b.out[i] ==> escalarMul.in[i];
     }
 
-    exp.out[0] ==> out[0];
-    exp.out[1] ==> out[1];
+    escalarMul.out[0] ==> out[0];
+    escalarMul.out[1] ==> out[1];
 }
 
 component main = Main();

test/circuits/exp_test_min.circom

@@ -1,4 +1,4 @@
-include "../../circuit/exp.circom";
+include "../../circuit/escalarmul.circom";
 
 
 template Main() {
@@ -7,14 +7,14 @@ template Main() {
 
     var i;
 
-    component exp = Exp(256);
+    component escalarMul = EscalarMul(256);
 
     for  (i=0; i<256; i++) {
-        in[i] ==> exp.in[i];
+        in[i] ==> escalarMul.in[i];
     }
 
-    exp.out[0] ==> out[0];
-    exp.out[1] ==> out[1];
+    escalarMul.out[0] ==> out[0];
+    escalarMul.out[1] ==> out[1];
 }
 
 component main = Main();

test/circuits/expw4table_test.circom

@@ -1,3 +0,0 @@
-include "../../circuit/ExpW4Table.circom";
-
-component main = ExpW4Table(0);

test/circuits/expw4table_test3.circom

@@ -1,3 +0,0 @@
-include "../../circuit/ExpW4Table.circom";
-
-component main = ExpW4Table(3);

test/circuits/mux4_1.circom

@@ -1,5 +1,5 @@
 include "../../circuit/mux4.circom";
-include "../../node_modules/circom/circuits/sha256/bitify.circom";
+include "../../node_modules/circom/circuits/bitify.circom";
 
 
 template Constants() {

test/escalarmul.js

@@ -1,6 +1,6 @@
 const chai = require("chai");
 const path = require("path");
-const zkSnark = require("zksnark");
+const snarkjs = require("snarkjs");
 const compiler = require("circom");
 
 const assert = chai.assert;
@@ -26,22 +26,22 @@ function print(circuit, w, s) {
 describe("Exponentioation test", () => {
     it("Should generate the Exponentiation table in k=0", async () => {
 
-        const cirDef = await compiler(path.join(__dirname, "circuits", "expw4table_test.circom"));
+        const cirDef = await compiler(path.join(__dirname, "circuits", "escalarmulw4table_test.circom"));
 
 //        console.log(JSON.stringify(cirDef, null, 1));
 
 //        assert.equal(cirDef.nVars, 2);
 
-        const circuit = new zkSnark.Circuit(cirDef);
+        const circuit = new snarkjs.Circuit(cirDef);
 
         console.log("NConstrains: " + circuit.nConstraints);
 
         const w = circuit.calculateWitness({});
 
-        let g = [zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
-                 zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")]
+        let g = [snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+                 snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")]
 
-        dbl= [zkSnark.bigInt("0"), zkSnark.bigInt("1")];
+        dbl= [snarkjs.bigInt("0"), snarkjs.bigInt("1")];
 
         for (let i=0; i<16; i++) {
             const xout1 = w[circuit.getSignalIdx(`main.out[${i}][0]`)];
@@ -62,26 +62,26 @@ describe("Exponentioation test", () => {
 
     it("Should generate the Exponentiation table in k=3", async () => {
 
-        const cirDef = await compiler(path.join(__dirname, "circuits", "expw4table_test3.circom"));
+        const cirDef = await compiler(path.join(__dirname, "circuits", "escalarmulw4table_test3.circom"));
 
 //        console.log(JSON.stringify(cirDef, null, 1));
 
 //        assert.equal(cirDef.nVars, 2);
 
-        const circuit = new zkSnark.Circuit(cirDef);
+        const circuit = new snarkjs.Circuit(cirDef);
 
         console.log("NConstrains: " + circuit.nConstraints);
 
         const w = circuit.calculateWitness({});
 
-        let g = [zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
-                 zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")]
+        let g = [snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+                 snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")]
 
         for (let i=0; i<12;i++) {
             g = addPoint(g,g);
         }
 
-        dbl= [zkSnark.bigInt("0"), zkSnark.bigInt("1")];
+        dbl= [snarkjs.bigInt("0"), snarkjs.bigInt("1")];
 
         for (let i=0; i<16; i++) {
             const xout1 = w[circuit.getSignalIdx(`main.out[${i}][0]`)];
@@ -102,13 +102,13 @@ describe("Exponentioation test", () => {
     });
 
     it("Should exponentiate g^31", async () => {
-        const cirDef = await compiler(path.join(__dirname, "circuits", "exp_test.circom"));
+        const cirDef = await compiler(path.join(__dirname, "circuits", "escalarmul_test.circom"));
 
 //        console.log(JSON.stringify(cirDef, null, 1));
 
 //        assert.equal(cirDef.nVars, 2);
 
-        const circuit = new zkSnark.Circuit(cirDef);
+        const circuit = new snarkjs.Circuit(cirDef);
 
         console.log("NConstrains: " + circuit.nConstraints);
 
@@ -116,8 +116,8 @@ describe("Exponentioation test", () => {
 
         assert(circuit.checkWitness(w));
 
-        let g = [zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
-                 zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")]
+        let g = [snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+                 snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")]
 
         let c = [0n, 1n];
 
@@ -158,9 +158,9 @@ describe("Exponentioation test", () => {
     }).timeout(10000000);
 
     it("Number of constrains for 256 bits", async () => {
-        const cirDef = await compiler(path.join(__dirname, "circuits", "exp_test_min.circom"));
+        const cirDef = await compiler(path.join(__dirname, "circuits", "escalarmul_test_min.circom"));
 
-        const circuit = new zkSnark.Circuit(cirDef);
+        const circuit = new snarkjs.Circuit(cirDef);
 
         console.log("NConstrains: " + circuit.nConstraints);
     }).timeout(10000000);

test/multiplexer.js

@@ -1,6 +1,6 @@
 const chai = require("chai");
 const path = require("path");
-const zkSnark = require("zksnark");
+const snarkjs = require("snarkjs");
 const compiler = require("circom");
 
 const assert = chai.assert;
@@ -17,17 +17,17 @@ describe("Mux4 test", () => {
 
 //        assert.equal(cirDef.nVars, 2);
 
-        const circuit = new zkSnark.Circuit(cirDef);
+        const circuit = new snarkjs.Circuit(cirDef);
 
         console.log("NConstrains: " + circuit.nConstraints);
 
         for (i=0; i<16; i++) {
-            const w = circuit.calculateWitness({ "selector": zkSnark.bigInt(i).toString() });
+            const w = circuit.calculateWitness({ "selector": snarkjs.bigInt(i).toString() });
 
-            assert(w[0].equals(zkSnark.bigInt(1)));
+            assert(w[0].equals(snarkjs.bigInt(1)));
 
             console.log(i + " -> " + w[circuit.getSignalIdx("main.out")].toString());
-//            assert(w[circuit.getSignalIdx("main.out")].equals(zkSnark.bigInt("100").add(zkSnark.bigInt(i))));
+//            assert(w[circuit.getSignalIdx("main.out")].equals(snarkjs.bigInt("100").add(snarkjs.bigInt(i))));
         }
     });
 });