Pedersen Hash Base Points Calculation

This commit is contained in:
Jordi Baylina 2018-11-11 19:52:07 +01:00
parent c4c5b66021
commit 81981a142c
No known key found for this signature in database
GPG Key ID: 7480C80C1BE43112
22 changed files with 669 additions and 87 deletions

@ -0,0 +1,84 @@
const bn128 = require("snarkjs").bn128;
const bigInt = require("snarkjs").bigInt;
const createBlakeHash = require("blake-hash");
const assert = require("assert");
function getPoint(S) {
const F = bn128.Fr;
const h = createBlakeHash("blake256").update(S).digest();
assert(h.length == 32);
let sign = false;
if (h[31] & 0x80) {
h[31] = h[31] & 0x7F;
sign = true;
}
let x = bigInt(0);
for (let i=0; i<32; i++) {
x = x.shl(8);
x = x.add(bigInt(h[i]));
}
const a = bigInt("168700");
const d = bigInt("168696");
const x2 = F.square(x);
let y = F.sqrt(F.div(
F.sub(F.one, F.mul(a, x2)),
F.sub(F.one, F.mul(d, x2))));
if (y == null) return null;
if (sign) y = F.neg(y);
return [bn128.Fr.affine(x), bn128.Fr.affine(y)];
}
function generatePoint(S) {
let p= null;
let idx = 0;
while (p==null) {
let sidx = "" + idx;
while (sidx.length<16) sidx = "0"+sidx;
p = getPoint(S+"_"+sidx);
idx++;
}
assert(inCurve(p));
return p;
}
function inCurve(p) {
const F = bn128.Fr;
const a = bigInt("168700");
const d = bigInt("168696");
const x2 = F.square(p[0]);
const y2 = F.square(p[1]);
return F.equals(
F.add(F.mul(a, x2), y2),
F.add(F.one, F.mul(F.mul(x2, y2), d)));
}
const g = [
bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")];
if (!inCurve(g)) {
throw new Error("Generator not In curve -> Some thing goes wrong...");
}
for (let i=0; i<25; i++) {
let S = "" +i;
while (S.length<16) S = "0"+S;
const P = generatePoint("Iden3_PedersenGenerator_"+S);
console.log(`[${P[0].toString()}, ${P[1].toString()}]`);
}

298
circuit.json Normal file

@ -0,0 +1,298 @@
{
"mainCode": "{\n {\n }\n ctx.setVar(\"base\", [], [\"17777552123799933955779906779655732241715742912184938656739573121738514868268\",\"2626589144620713026669568689430873010625803728049924121243784502389097019475\"]);\n}\n",
"signalName2Idx": {
"one": 0,
"main.out[0][0]": 1,
"main.out[0][1]": 2,
"main.out[1][0]": 3,
"main.out[1][1]": 4,
"main.out[2][0]": 5,
"main.out[2][1]": 6,
"main.out[3][0]": 7,
"main.out[3][1]": 8,
"main.out[4][0]": 9,
"main.out[4][1]": 10,
"main.out[5][0]": 11,
"main.out[5][1]": 12,
"main.out[6][0]": 13,
"main.out[6][1]": 14,
"main.out[7][0]": 15,
"main.out[7][1]": 16,
"main.out[8][0]": 17,
"main.out[8][1]": 18,
"main.out[9][0]": 19,
"main.out[9][1]": 20,
"main.out[10][0]": 21,
"main.out[10][1]": 22,
"main.out[11][0]": 23,
"main.out[11][1]": 24,
"main.out[12][0]": 25,
"main.out[12][1]": 26,
"main.out[13][0]": 27,
"main.out[13][1]": 28,
"main.out[14][0]": 29,
"main.out[14][1]": 30,
"main.out[15][0]": 31,
"main.out[15][1]": 32
},
"components": [
{
"name": "main",
"params": {
"base": [
{
"type": "NUMBER",
"value": "17777552123799933955779906779655732241715742912184938656739573121738514868268",
"first_line": 3,
"first_column": 12,
"last_line": 3,
"last_column": 89
},
{
"type": "NUMBER",
"value": "2626589144620713026669568689430873010625803728049924121243784502389097019475",
"first_line": 4,
"first_column": 12,
"last_line": 4,
"last_column": 88
}
],
"k": {
"type": "NUMBER",
"value": "0",
"first_line": 6,
"first_column": 41,
"last_line": 6,
"last_column": 42
}
},
"template": "EscalarMulW4Table",
"inputSignals": 0
}
],
"componentName2Idx": {
"main": 0
},
"signals": [
{
"names": [
"one"
],
"triggerComponents": []
},
{
"names": [
"main.out[0][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[0][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[1][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[1][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[2][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[2][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[3][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[3][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[4][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[4][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[5][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[5][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[6][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[6][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[7][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[7][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[8][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[8][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[9][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[9][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[10][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[10][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[11][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[11][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[12][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[12][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[13][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[13][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[14][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[14][1]"
],
"triggerComponents": []
},
{
"names": [
"main.out[15][0]"
],
"triggerComponents": []
},
{
"names": [
"main.out[15][1]"
],
"triggerComponents": []
}
],
"constraints": [],
"templates": {
"EscalarMulW4Table": "function(ctx) {\n ctx.setVar(\"dbl\", [], ctx.getVar(\"base\",[]));\n for (ctx.setVar(\"i\", [], \"0\");bigInt(ctx.getVar(\"i\",[])).lt(bigInt(bigInt(ctx.getVar(\"k\",[])).mul(bigInt(\"4\")).mod(__P__))) ? 1 : 0;(ctx.setVar(\"i\", [], bigInt(ctx.getVar(\"i\",[])).add(bigInt(\"1\")).mod(__P__))).add(__P__).sub(bigInt(1)).mod(__P__)) { \n {\n ctx.setVar(\"dbl\", [], ctx.callFunction(\"pointAdd\", [ctx.getVar(\"dbl\",[\"0\"]),ctx.getVar(\"dbl\",[\"1\"]),ctx.getVar(\"dbl\",[\"0\"]),ctx.getVar(\"dbl\",[\"1\"])]));\n }\n\n }\n ctx.setSignal(\"out\", [\"0\",\"0\"], \"0\");\n ctx.assert(ctx.getSignal(\"out\", [\"0\",\"0\"]), \"0\");\n ctx.setSignal(\"out\", [\"0\",\"1\"], \"1\");\n ctx.assert(ctx.getSignal(\"out\", [\"0\",\"1\"]), \"1\");\n for (ctx.setVar(\"i\", [], \"1\");bigInt(ctx.getVar(\"i\",[])).lt(bigInt(\"16\")) ? 1 : 0;(ctx.setVar(\"i\", [], bigInt(ctx.getVar(\"i\",[])).add(bigInt(\"1\")).mod(__P__))).add(__P__).sub(bigInt(1)).mod(__P__)) { \n {\n ctx.setVar(\"p\", [], ctx.callFunction(\"pointAdd\", [ctx.getSignal(\"out\", [bigInt(ctx.getVar(\"i\",[])).add(__P__).sub(bigInt(\"1\")).mod(__P__),\"0\"]),ctx.getSignal(\"out\", [bigInt(ctx.getVar(\"i\",[])).add(__P__).sub(bigInt(\"1\")).mod(__P__),\"1\"]),ctx.getVar(\"dbl\",[\"0\"]),ctx.getVar(\"dbl\",[\"1\"])]));\n ctx.setSignal(\"out\", [ctx.getVar(\"i\",[]),\"0\"], ctx.getVar(\"p\",[\"0\"]));\n ctx.assert(ctx.getSignal(\"out\", [ctx.getVar(\"i\",[]),\"0\"]), ctx.getVar(\"p\",[\"0\"]));\n ctx.setSignal(\"out\", [ctx.getVar(\"i\",[]),\"1\"], ctx.getVar(\"p\",[\"1\"]));\n ctx.assert(ctx.getSignal(\"out\", [ctx.getVar(\"i\",[]),\"1\"]), ctx.getVar(\"p\",[\"1\"]));\n }\n\n }\n}\n"
},
"functions": {
"pointAdd": {
"params": [
"x1",
"y1",
"x2",
"y2"
],
"func": "function(ctx) {\n ctx.setVar(\"a\", [], \"168700\");\n ctx.setVar(\"d\", [], \"168696\");\n ctx.setVar(\"res\", [\"0\"], bigInt(bigInt(bigInt(ctx.getVar(\"x1\",[])).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__)).add(bigInt(bigInt(ctx.getVar(\"y1\",[])).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__))).mod(__P__)).mul( bigInt(bigInt(\"1\").add(bigInt(bigInt(bigInt(bigInt(bigInt(ctx.getVar(\"d\",[])).mul(bigInt(ctx.getVar(\"x1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__))).mod(__P__)).inverse(__P__) ).mod(__P__));\n ctx.setVar(\"res\", [\"1\"], bigInt(bigInt(bigInt(ctx.getVar(\"y1\",[])).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__)).add(__P__).sub(bigInt(bigInt(bigInt(ctx.getVar(\"a\",[])).mul(bigInt(ctx.getVar(\"x1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__))).mod(__P__)).mul( bigInt(bigInt(\"1\").add(__P__).sub(bigInt(bigInt(bigInt(bigInt(bigInt(ctx.getVar(\"d\",[])).mul(bigInt(ctx.getVar(\"x1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"x2\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y1\",[]))).mod(__P__)).mul(bigInt(ctx.getVar(\"y2\",[]))).mod(__P__))).mod(__P__)).inverse(__P__) ).mod(__P__));\n return ctx.getVar(\"res\",[]);;\n}\n"
}
},
"nPrvInputs": 0,
"nPubInputs": 0,
"nInputs": 0,
"nOutputs": 0,
"nVars": 1,
"nConstants": 32,
"nSignals": 33
}

22
circuit/eddsa.circom Normal file

@ -0,0 +1,22 @@
templete Verfier() {
signal input hMsg[256];
signal input Ax;
signal input Ay;
signal input Rx;
signal input Ry;
signal input s[256];
componet exps = Exp();
component exph = Exp();
component adder = BabyAdd();
}

@ -43,10 +43,10 @@
*/ */
include "mux4.circom"; include "mux4.circom";
include "expw4table.circom"; include "escalarmulw4table.circom";
include "babyjub.circom"; include "babyjub.circom";
template ExpWindow(k) { template EscalarMulWindow(base, k) {
signal input in[2]; signal input in[2];
signal input sel[4]; signal input sel[4];
@ -58,7 +58,7 @@ template ExpWindow(k) {
var i; var i;
table = ExpW4Table(k); table = EscalarMulW4Table(base, k);
mux = MultiMux4(2); mux = MultiMux4(2);
adder = BabyAdd(); adder = BabyAdd();
@ -86,7 +86,7 @@ template ExpWindow(k) {
┏━━━━━━━━━┓ ┏━━━━━━━━━┓ ┏━━━━━━━━━━━━━━━━━━━┓ ┏━━━━━━━━━┓ ┏━━━━━━━━━┓ ┏━━━━━━━━━━━━━━━━━━━┓
┃ ┃ ┃ ┃ ┃ ┃ ┃ ┃ ┃ ┃ ┃ ┃
(0,1) ════▶┃Window(0)┃═════▶┃Window(1)┃════════ . . . . ═════════▶┃ Window(nBlocks-1) ┃═════▶ out inp ════▶┃Window(0)┃═════▶┃Window(1)┃════════ . . . . ═════════▶┃ Window(nBlocks-1) ┃═════▶ out
┃ ┃ ┃ ┃ ┃ ┃ ┃ ┃ ┃ ┃ ┃ ┃
┗━━━━━━━━━┛ ┗━━━━━━━━━┛ ┗━━━━━━━━━━━━━━━━━━━┛ ┗━━━━━━━━━┛ ┗━━━━━━━━━┛ ┗━━━━━━━━━━━━━━━━━━━┛
▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲
@ -105,8 +105,9 @@ template ExpWindow(k) {
*/ */
template Exp(n) { template EscalarMul(n, base) {
signal input in[n]; signal input in[n];
signal input inp[2]; // Point input to be added
signal output out[2]; signal output out[2];
var nBlocks = ((n-1)>>2)+1; var nBlocks = ((n-1)>>2)+1;
@ -117,7 +118,7 @@ template Exp(n) {
// Construct the windows // Construct the windows
for (i=0; i<nBlocks; i++) { for (i=0; i<nBlocks; i++) {
windows[i] = ExpWindow(i); windows[i] = EscalarMulWindow(base, i);
} }
// Connect the selectors // Connect the selectors
@ -132,8 +133,8 @@ template Exp(n) {
} }
// Start with generator // Start with generator
windows[0].in[0] <== 0; windows[0].in[0] <== inp[0];
windows[0].in[1] <== 1; windows[0].in[1] <== inp[1];
for(i=0; i<nBlocks-1; i++) { for(i=0; i<nBlocks-1; i++) {
windows[i].out[0] ==> windows[i+1].in[0]; windows[i].out[0] ==> windows[i+1].in[0];

@ -8,16 +8,13 @@ function pointAdd(x1,y1,x2,y2) {
return res; return res;
} }
template ExpW4Table(k) { template EscalarMulW4Table(base, k) {
signal output out[16][2]; signal output out[16][2];
var i; var i;
var p[2]; var p[2];
var g = [17777552123799933955779906779655732241715742912184938656739573121738514868268, var dbl = base;
2626589144620713026669568689430873010625803728049924121243784502389097019475];
var dbl = g;
for (i=0; i<k*4; i++) { for (i=0; i<k*4; i++) {
dbl = pointAdd(dbl[0], dbl[1], dbl[0], dbl[1]); dbl = pointAdd(dbl[0], dbl[1], dbl[0], dbl[1]);

47
circuit/pedersen.circom Normal file

@ -0,0 +1,47 @@
include "escalarmul.circom";
component Pedersen(n) {
signal input in[n];
signal output out[2];
var nexps = ((n-1) \ 253) + 1;
var nlastbits = n - (nexps-1)*253;
component escalarMuls[nexps];
var PBASE = [
[17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475],
[17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475],
[17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475],
[17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475],
[17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475]
];
var i;
var j;
for (i=0; i<nexps; i++) {
var nexpbits = (i == nexps-1) ? nlastbits : 253;
escalarMuls[i] = EscalarMul(nexpbits, PBASE[i][0], PBAS[i][1]);
for (j=0; j<nexpbits; j++) {
escalarMuls[i].in[j] <== in[253*i + j];
}
if (i==0) {
escalarMuls[i].inp[0] <== 0;
escalarMuls[i].inp[1] <== 0;
} else {
escalarMuls[i].inp[0] <== escalarMuls[i-1].out[0];
escalarMuls[i].inp[1] <== escalarMuls[i-1].out[1];
}
}
escalarMuls[nexps-1].out[0] ==> out[0];
escalarMuls[nexps-1].out[1] ==> out[1];
}

62
package-lock.json generated

@ -105,6 +105,21 @@
"resolved": "https://registry.npmjs.org/big-integer/-/big-integer-1.6.36.tgz", "resolved": "https://registry.npmjs.org/big-integer/-/big-integer-1.6.36.tgz",
"integrity": "sha512-t70bfa7HYEA1D9idDbmuv7YbsbVkQ+Hp+8KFSul4aE5e/i1bjCNIRYJZlA8Q8p0r9T8cF/RVvwUgRA//FydEyg==" "integrity": "sha512-t70bfa7HYEA1D9idDbmuv7YbsbVkQ+Hp+8KFSul4aE5e/i1bjCNIRYJZlA8Q8p0r9T8cF/RVvwUgRA//FydEyg=="
}, },
"bindings": {
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/bindings/-/bindings-1.3.0.tgz",
"integrity": "sha512-DpLh5EzMR2kzvX1KIlVC0VkC3iZtHKTgdtZ0a3pglBZdaQFjt5S9g9xd1lE+YvXyfd6mtCeRnrUfOLYiTMlNSw=="
},
"blake-hash": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/blake-hash/-/blake-hash-1.1.0.tgz",
"integrity": "sha512-rNbOFPT7DC/0XnLBJ0noWuzcV+9kHwEKzRGljHMDLQzYv6WZT1vjV3UkWQuNFzyr5tIL7zSsw7A834pgTl75xQ==",
"requires": {
"bindings": "^1.2.1",
"inherits": "^2.0.3",
"nan": "^2.2.1"
}
},
"brace-expansion": { "brace-expansion": {
"version": "1.1.11", "version": "1.1.11",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@ -172,9 +187,9 @@
"integrity": "sha1-V00xLt2Iu13YkS6Sht1sCu1KrII=" "integrity": "sha1-V00xLt2Iu13YkS6Sht1sCu1KrII="
}, },
"circom": { "circom": {
"version": "0.0.7", "version": "0.0.17",
"resolved": "https://registry.npmjs.org/circom/-/circom-0.0.7.tgz", "resolved": "https://registry.npmjs.org/circom/-/circom-0.0.17.tgz",
"integrity": "sha512-wo2AdoM+KPOGqgyr9lcN4uft6ZHjtjELUwtJL0SeOKp8038a4MuKVymGfxZZYfjh/WQjB7hSadWMqmA2gnXG3g==", "integrity": "sha512-0oDqyeoCWOZqda+GhRxp8bPNJKtOsVldOy9Nkm+eWo7aBTjtkS6dNm6ZMeu1+1jvSI8648eW+PEC8EIg0z/BvA==",
"requires": { "requires": {
"big-integer": "^1.6.32", "big-integer": "^1.6.32",
"optimist": "^0.6.1", "optimist": "^0.6.1",
@ -357,6 +372,15 @@
"text-table": "^0.2.0" "text-table": "^0.2.0"
} }
}, },
"eslint-plugin-mocha": {
"version": "5.2.0",
"resolved": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-5.2.0.tgz",
"integrity": "sha512-4VTX/qIoxUFRnXLNm6bEhEJyfGnGagmQzV4TWXKzkZgIYyP2FSubEdCjEFTyS/dGwSVRWCWGX7jO7BK8R0kppg==",
"dev": true,
"requires": {
"ramda": "^0.25.0"
}
},
"eslint-scope": { "eslint-scope": {
"version": "4.0.0", "version": "4.0.0",
"resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-4.0.0.tgz", "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-4.0.0.tgz",
@ -847,6 +871,11 @@
"resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.7.tgz", "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.7.tgz",
"integrity": "sha1-MHXOk7whuPq0PhvE2n6BFe0ee6s=" "integrity": "sha1-MHXOk7whuPq0PhvE2n6BFe0ee6s="
}, },
"nan": {
"version": "2.11.1",
"resolved": "https://registry.npmjs.org/nan/-/nan-2.11.1.tgz",
"integrity": "sha512-iji6k87OSXa0CcrLl9z+ZiYSuR2o+c0bGuNmXdrhTQTakxytAFsC56SArGYoiHlJlFoHSnvmhpceZJaXkVuOtA=="
},
"natural-compare": { "natural-compare": {
"version": "1.4.0", "version": "1.4.0",
"resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz",
@ -1034,6 +1063,12 @@
"resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz",
"integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==" "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="
}, },
"ramda": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/ramda/-/ramda-0.25.0.tgz",
"integrity": "sha512-GXpfrYVPwx3K7RQ6aYT8KPS8XViSXUVJT1ONhoKPE9VAleW42YE+U+8VEyGWt41EnEQW7gwecYJriTI0pKoecQ==",
"dev": true
},
"regexpp": { "regexpp": {
"version": "2.0.1", "version": "2.0.1",
"resolved": "https://registry.npmjs.org/regexpp/-/regexpp-2.0.1.tgz", "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-2.0.1.tgz",
@ -1137,6 +1172,17 @@
"is-fullwidth-code-point": "^2.0.0" "is-fullwidth-code-point": "^2.0.0"
} }
}, },
"snarkjs": {
"version": "0.1.5",
"resolved": "https://registry.npmjs.org/snarkjs/-/snarkjs-0.1.5.tgz",
"integrity": "sha512-4GiP60ONIitWRnC5+Gsl7nIO62fvkGN9Y9jsDWBKORZI34eNXJBrMjhCbT+0X57FS2XjY0MsR0/Qvg2cs1H0sQ==",
"requires": {
"big-integer": "^1.6.35",
"chai": "^4.1.2",
"eslint": "^5.3.0",
"yargs": "^12.0.2"
}
},
"sprintf-js": { "sprintf-js": {
"version": "1.0.3", "version": "1.0.3",
"resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
@ -1341,16 +1387,6 @@
"requires": { "requires": {
"camelcase": "^4.1.0" "camelcase": "^4.1.0"
} }
},
"zksnark": {
"version": "0.0.11",
"resolved": "https://registry.npmjs.org/zksnark/-/zksnark-0.0.11.tgz",
"integrity": "sha512-YIOk93pLvc8NDVvedB0SDM1kGjPTdTYC/sgAvc9Dm6qMSYnS7tzCr844QaUlMApFTldz7D/6xlF1l24ttTGLXw==",
"requires": {
"big-integer": "^1.6.35",
"chai": "^4.1.2",
"eslint": "^5.3.0"
}
} }
} }
} }

@ -20,10 +20,12 @@
"author": "Jordi Baylina", "author": "Jordi Baylina",
"license": "GPL-3.0", "license": "GPL-3.0",
"dependencies": { "dependencies": {
"circom": "0.0.7", "blake-hash": "^1.1.0",
"zksnark": "0.0.11" "circom": "0.0.20",
"snarkjs": "0.1.6"
}, },
"devDependencies": { "devDependencies": {
"eslint-plugin-mocha": "^5.2.0",
"mocha": "^5.2.0" "mocha": "^5.2.0"
} }
} }

@ -1,6 +1,6 @@
const chai = require("chai"); const chai = require("chai");
const path = require("path"); const path = require("path");
const zkSnark = require("zksnark"); const snarkjs = require("snarkjs");
const compiler = require("circom"); const compiler = require("circom");
const assert = chai.assert; const assert = chai.assert;
@ -17,15 +17,15 @@ describe("Baby Jub test", () => {
// assert.equal(cirDef.nVars, 2); // assert.equal(cirDef.nVars, 2);
const circuit = new zkSnark.Circuit(cirDef); const circuit = new snarkjs.Circuit(cirDef);
console.log("NConstrains: " + circuit.nConstraints); console.log("NConstrains: " + circuit.nConstraints);
const input={ const input={
x1: zkSnark.bigInt(0), x1: snarkjs.bigInt(0),
y1: zkSnark.bigInt(1), y1: snarkjs.bigInt(1),
x2: zkSnark.bigInt(0), x2: snarkjs.bigInt(0),
y2: zkSnark.bigInt(1) y2: snarkjs.bigInt(1)
} }
const w = circuit.calculateWitness(input); const w = circuit.calculateWitness(input);
@ -45,15 +45,15 @@ describe("Baby Jub test", () => {
// assert.equal(cirDef.nVars, 2); // assert.equal(cirDef.nVars, 2);
const circuit = new zkSnark.Circuit(cirDef); const circuit = new snarkjs.Circuit(cirDef);
console.log("NConstrains: " + circuit.nConstraints); console.log("NConstrains: " + circuit.nConstraints);
const input={ const input={
x1: zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), x1: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
y1: zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"), y1: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
x2: zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), x2: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
y2: zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475") y2: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")
} }
const w = circuit.calculateWitness(input); const w = circuit.calculateWitness(input);
@ -61,8 +61,8 @@ describe("Baby Jub test", () => {
const xout = w[circuit.getSignalIdx("main.xout")]; const xout = w[circuit.getSignalIdx("main.xout")];
const yout = w[circuit.getSignalIdx("main.yout")]; const yout = w[circuit.getSignalIdx("main.yout")];
assert(xout.equals(zkSnark.bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"))); assert(xout.equals(snarkjs.bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365")));
assert(yout.equals(zkSnark.bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"))); assert(yout.equals(snarkjs.bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889")));
}); });
it("Should add 2 different numbers", async () => { it("Should add 2 different numbers", async () => {
@ -73,15 +73,15 @@ describe("Baby Jub test", () => {
// assert.equal(cirDef.nVars, 2); // assert.equal(cirDef.nVars, 2);
const circuit = new zkSnark.Circuit(cirDef); const circuit = new snarkjs.Circuit(cirDef);
console.log("NConstrains: " + circuit.nConstraints); console.log("NConstrains: " + circuit.nConstraints);
const input={ const input={
x1: zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), x1: snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
y1: zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"), y1: snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
x2: zkSnark.bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"), x2: snarkjs.bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
y2: zkSnark.bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311") y2: snarkjs.bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311")
} }
const w = circuit.calculateWitness(input); const w = circuit.calculateWitness(input);
@ -92,7 +92,7 @@ describe("Baby Jub test", () => {
console.log(xout.toString()); console.log(xout.toString());
console.log(yout.toString()); console.log(yout.toString());
assert(xout.equals(zkSnark.bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937"))); assert(xout.equals(snarkjs.bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937")));
assert(yout.equals(zkSnark.bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499"))); assert(yout.equals(snarkjs.bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499")));
}); });
}); });

@ -0,0 +1,26 @@
include "../../circuit/escalarmul.circom";
template Main() {
signal input in[256];
signal output out[2];
var i;
var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475]
component escalarMul = EscalarMul(256, base);
escalarMul.inp[0] <== 0;
escalarMul.inp[1] <== 1;
for (i=0; i<256; i++) {
in[i] ==> escalarMul.in[i];
}
escalarMul.out[0] ==> out[0];
escalarMul.out[1] ==> out[1];
}
component main = Main();

@ -0,0 +1,31 @@
include "../../circuit/escalarmul.circom";
include "../../node_modules/circom/circuits/bitify.circom";
template Main() {
signal input in;
signal output out[2];
var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475]
component n2b = Num2Bits(253);
component escalarMul = EscalarMul(253, base);
escalarMul.inp[0] <== 0;
escalarMul.inp[1] <== 1;
var i;
in ==> n2b.in;
for (i=0; i<253; i++) {
n2b.out[i] ==> escalarMul.in[i];
}
escalarMul.out[0] ==> out[0];
escalarMul.out[1] ==> out[1];
}
component main = Main();

@ -0,0 +1,26 @@
include "../../circuit/escalarmul.circom";
template Main() {
signal input in[256];
signal output out[2];
var i;
var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475]
component escalarMul = EscalarMul(256, base);
escalarMul.inp[0] <== 0;
escalarMul.inp[1] <== 1;
for (i=0; i<256; i++) {
in[i] ==> escalarMul.in[i];
}
escalarMul.out[0] ==> out[0];
escalarMul.out[1] ==> out[1];
}
component main = Main();

@ -0,0 +1,6 @@
include "../../circuit/escalarmulw4table.circom";
var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475]
component main = EscalarMulW4Table(base, 0);

@ -0,0 +1,6 @@
include "../../circuit/escalarmulw4table.circom";
var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475];
component main = EscalarMulW4Table(base, 0);

@ -0,0 +1,6 @@
include "../../circuit/escalarmulw4table.circom";
var base = [17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475]
component main = EscalarMulW4Table(base, 3);

@ -1,4 +1,4 @@
include "../../circuit/exp.circom"; include "../../circuit/escalarmul.circom";
include "../../node_modules/circom/circuits/sha256/bitify.circom"; include "../../node_modules/circom/circuits/sha256/bitify.circom";
@ -7,18 +7,18 @@ template Main() {
signal output out[2]; signal output out[2];
component n2b = Num2Bits(253); component n2b = Num2Bits(253);
component exp = Exp(253); component escalarMul = EscalarMul(253);
var i; var i;
in ==> n2b.in; in ==> n2b.in;
for (i=0; i<253; i++) { for (i=0; i<253; i++) {
n2b.out[i] ==> exp.in[i]; n2b.out[i] ==> escalarMul.in[i];
} }
exp.out[0] ==> out[0]; escalarMul.out[0] ==> out[0];
exp.out[1] ==> out[1]; escalarMul.out[1] ==> out[1];
} }
component main = Main(); component main = Main();

@ -1,4 +1,4 @@
include "../../circuit/exp.circom"; include "../../circuit/escalarmul.circom";
template Main() { template Main() {
@ -7,14 +7,14 @@ template Main() {
var i; var i;
component exp = Exp(256); component escalarMul = EscalarMul(256);
for (i=0; i<256; i++) { for (i=0; i<256; i++) {
in[i] ==> exp.in[i]; in[i] ==> escalarMul.in[i];
} }
exp.out[0] ==> out[0]; escalarMul.out[0] ==> out[0];
exp.out[1] ==> out[1]; escalarMul.out[1] ==> out[1];
} }
component main = Main(); component main = Main();

@ -1,3 +0,0 @@
include "../../circuit/ExpW4Table.circom";
component main = ExpW4Table(0);

@ -1,3 +0,0 @@
include "../../circuit/ExpW4Table.circom";
component main = ExpW4Table(3);

@ -1,5 +1,5 @@
include "../../circuit/mux4.circom"; include "../../circuit/mux4.circom";
include "../../node_modules/circom/circuits/sha256/bitify.circom"; include "../../node_modules/circom/circuits/bitify.circom";
template Constants() { template Constants() {

@ -1,6 +1,6 @@
const chai = require("chai"); const chai = require("chai");
const path = require("path"); const path = require("path");
const zkSnark = require("zksnark"); const snarkjs = require("snarkjs");
const compiler = require("circom"); const compiler = require("circom");
const assert = chai.assert; const assert = chai.assert;
@ -26,22 +26,22 @@ function print(circuit, w, s) {
describe("Exponentioation test", () => { describe("Exponentioation test", () => {
it("Should generate the Exponentiation table in k=0", async () => { it("Should generate the Exponentiation table in k=0", async () => {
const cirDef = await compiler(path.join(__dirname, "circuits", "expw4table_test.circom")); const cirDef = await compiler(path.join(__dirname, "circuits", "escalarmulw4table_test.circom"));
// console.log(JSON.stringify(cirDef, null, 1)); // console.log(JSON.stringify(cirDef, null, 1));
// assert.equal(cirDef.nVars, 2); // assert.equal(cirDef.nVars, 2);
const circuit = new zkSnark.Circuit(cirDef); const circuit = new snarkjs.Circuit(cirDef);
console.log("NConstrains: " + circuit.nConstraints); console.log("NConstrains: " + circuit.nConstraints);
const w = circuit.calculateWitness({}); const w = circuit.calculateWitness({});
let g = [zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), let g = [snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")] snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")]
dbl= [zkSnark.bigInt("0"), zkSnark.bigInt("1")]; dbl= [snarkjs.bigInt("0"), snarkjs.bigInt("1")];
for (let i=0; i<16; i++) { for (let i=0; i<16; i++) {
const xout1 = w[circuit.getSignalIdx(`main.out[${i}][0]`)]; const xout1 = w[circuit.getSignalIdx(`main.out[${i}][0]`)];
@ -62,26 +62,26 @@ describe("Exponentioation test", () => {
it("Should generate the Exponentiation table in k=3", async () => { it("Should generate the Exponentiation table in k=3", async () => {
const cirDef = await compiler(path.join(__dirname, "circuits", "expw4table_test3.circom")); const cirDef = await compiler(path.join(__dirname, "circuits", "escalarmulw4table_test3.circom"));
// console.log(JSON.stringify(cirDef, null, 1)); // console.log(JSON.stringify(cirDef, null, 1));
// assert.equal(cirDef.nVars, 2); // assert.equal(cirDef.nVars, 2);
const circuit = new zkSnark.Circuit(cirDef); const circuit = new snarkjs.Circuit(cirDef);
console.log("NConstrains: " + circuit.nConstraints); console.log("NConstrains: " + circuit.nConstraints);
const w = circuit.calculateWitness({}); const w = circuit.calculateWitness({});
let g = [zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), let g = [snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")] snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")]
for (let i=0; i<12;i++) { for (let i=0; i<12;i++) {
g = addPoint(g,g); g = addPoint(g,g);
} }
dbl= [zkSnark.bigInt("0"), zkSnark.bigInt("1")]; dbl= [snarkjs.bigInt("0"), snarkjs.bigInt("1")];
for (let i=0; i<16; i++) { for (let i=0; i<16; i++) {
const xout1 = w[circuit.getSignalIdx(`main.out[${i}][0]`)]; const xout1 = w[circuit.getSignalIdx(`main.out[${i}][0]`)];
@ -102,13 +102,13 @@ describe("Exponentioation test", () => {
}); });
it("Should exponentiate g^31", async () => { it("Should exponentiate g^31", async () => {
const cirDef = await compiler(path.join(__dirname, "circuits", "exp_test.circom")); const cirDef = await compiler(path.join(__dirname, "circuits", "escalarmul_test.circom"));
// console.log(JSON.stringify(cirDef, null, 1)); // console.log(JSON.stringify(cirDef, null, 1));
// assert.equal(cirDef.nVars, 2); // assert.equal(cirDef.nVars, 2);
const circuit = new zkSnark.Circuit(cirDef); const circuit = new snarkjs.Circuit(cirDef);
console.log("NConstrains: " + circuit.nConstraints); console.log("NConstrains: " + circuit.nConstraints);
@ -116,8 +116,8 @@ describe("Exponentioation test", () => {
assert(circuit.checkWitness(w)); assert(circuit.checkWitness(w));
let g = [zkSnark.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"), let g = [snarkjs.bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
zkSnark.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")] snarkjs.bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")]
let c = [0n, 1n]; let c = [0n, 1n];
@ -158,9 +158,9 @@ describe("Exponentioation test", () => {
}).timeout(10000000); }).timeout(10000000);
it("Number of constrains for 256 bits", async () => { it("Number of constrains for 256 bits", async () => {
const cirDef = await compiler(path.join(__dirname, "circuits", "exp_test_min.circom")); const cirDef = await compiler(path.join(__dirname, "circuits", "escalarmul_test_min.circom"));
const circuit = new zkSnark.Circuit(cirDef); const circuit = new snarkjs.Circuit(cirDef);
console.log("NConstrains: " + circuit.nConstraints); console.log("NConstrains: " + circuit.nConstraints);
}).timeout(10000000); }).timeout(10000000);

@ -1,6 +1,6 @@
const chai = require("chai"); const chai = require("chai");
const path = require("path"); const path = require("path");
const zkSnark = require("zksnark"); const snarkjs = require("snarkjs");
const compiler = require("circom"); const compiler = require("circom");
const assert = chai.assert; const assert = chai.assert;
@ -17,17 +17,17 @@ describe("Mux4 test", () => {
// assert.equal(cirDef.nVars, 2); // assert.equal(cirDef.nVars, 2);
const circuit = new zkSnark.Circuit(cirDef); const circuit = new snarkjs.Circuit(cirDef);
console.log("NConstrains: " + circuit.nConstraints); console.log("NConstrains: " + circuit.nConstraints);
for (i=0; i<16; i++) { for (i=0; i<16; i++) {
const w = circuit.calculateWitness({ "selector": zkSnark.bigInt(i).toString() }); const w = circuit.calculateWitness({ "selector": snarkjs.bigInt(i).toString() });
assert(w[0].equals(zkSnark.bigInt(1))); assert(w[0].equals(snarkjs.bigInt(1)));
console.log(i + " -> " + w[circuit.getSignalIdx("main.out")].toString()); console.log(i + " -> " + w[circuit.getSignalIdx("main.out")].toString());
// assert(w[circuit.getSignalIdx("main.out")].equals(zkSnark.bigInt("100").add(zkSnark.bigInt(i)))); // assert(w[circuit.getSignalIdx("main.out")].equals(snarkjs.bigInt("100").add(snarkjs.bigInt(i))));
} }
}); });
}); });