pedersen2 adapted

This commit is contained in:
Jordi Baylina 2019-12-13 19:05:20 +01:00
parent 4117ebc64a
commit a8107abbe9
No known key found for this signature in database
GPG Key ID: 7480C80C1BE43112
6 changed files with 22435 additions and 45 deletions

@ -128,6 +128,9 @@ template Segment(nWindows) {
component adders[nWindows-1]; component adders[nWindows-1];
for (i=0; i<nWindows; i++) { for (i=0; i<nWindows; i++) {
windows[i] = Window4(); windows[i] = Window4();
for (j=0; j<4; j++) {
windows[i].in[j] <== in[4*i+j];
}
if (i==0) { if (i==0) {
windows[i].base[0] <== e2m.out[0]; windows[i].base[0] <== e2m.out[0];
windows[i].base[1] <== e2m.out[1]; windows[i].base[1] <== e2m.out[1];
@ -153,9 +156,6 @@ template Segment(nWindows) {
adders[i-1].in2[0] <== windows[i].out[0]; adders[i-1].in2[0] <== windows[i].out[0];
adders[i-1].in2[1] <== windows[i].out[1]; adders[i-1].in2[1] <== windows[i].out[1];
} }
for (j=0; j<4; j++) {
windows[i].in[j] <== in[4*i+j];
}
} }
component m2e = Montgomery2Edwards(); component m2e = Montgomery2Edwards();

@ -31,18 +31,18 @@ function pedersenHash(msg) {
let acc = bigInt.one; let acc = bigInt.one;
for (let b=0; ((b<windowSize-1)&&(o<bits.length)) ; b++) { for (let b=0; ((b<windowSize-1)&&(o<bits.length)) ; b++) {
if (bits[o]) { if (bits[o]) {
acc = acc.add( bigInt.one.shl(b) ); acc = acc.add( bigInt.one.shiftLeft(b) );
} }
o++; o++;
} }
if (o<bits.length) { if (o<bits.length) {
if (bits[o]) { if (bits[o]) {
acc = acc.neg(); acc = bigInt.zero.minus(acc);
} }
o++; o++;
} }
escalar = escalar.add(acc.mul(exp)); escalar = escalar.add(acc.times(exp));
exp = exp.shl(windowSize+1); exp = exp.shiftLeft(windowSize+1);
} }
if (escalar.lesser(bigInt.zero)) { if (escalar.lesser(bigInt.zero)) {

@ -1,8 +1,5 @@
const chai = require("chai");
const path = require("path"); const path = require("path");
const assert = chai.assert;
const bigInt = require("big-integer"); const bigInt = require("big-integer");
const tester = require("circom").tester; const tester = require("circom").tester;

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

@ -1,11 +1,7 @@
const chai = require("chai");
const path = require("path"); const path = require("path");
const snarkjs = require("snarkjs");
const compiler = require("circom");
const assert = chai.assert; const bigInt = require("big-integer");
const tester = require("circom").tester;
const bigInt = snarkjs.bigInt;
const babyJub = require("../src/babyjub.js"); const babyJub = require("../src/babyjub.js");
const pedersen = require("../src/pedersenHash.js"); const pedersen = require("../src/pedersenHash.js");
@ -15,60 +11,39 @@ describe("Pedersen test", function() {
let circuit; let circuit;
this.timeout(100000); this.timeout(100000);
before( async() => { before( async() => {
const cirDef = await compiler(path.join(__dirname, "circuits", "pedersen2_test.circom"));
circuit = new snarkjs.Circuit(cirDef); circuit = await tester(path.join(__dirname, "circuits", "pedersen2_test.circom"));
console.log("NConstrains Pedersen2: " + circuit.nConstraints);
}); });
it("Should pedersen at zero", async () => { it("Should pedersen at zero", async () => {
let w, xout, yout; let w;
w = circuit.calculateWitness({ in: 0}); w = await circuit.calculateWitness({ in: 0});
xout = w[circuit.getSignalIdx("main.out[0]")];
yout = w[circuit.getSignalIdx("main.out[1]")];
const b = Buffer.alloc(32); const b = Buffer.alloc(32);
const h = pedersen.hash(b); const h = pedersen.hash(b);
const hP = babyJub.unpackPoint(h); const hP = babyJub.unpackPoint(h);
/* await circuit.assertOut(w, {out: hP});
console.log(`[${xout.toString()}, ${yout.toString()}]`);
console.log(`[${hP[0].toString()}, ${hP[1].toString()}]`);
*/
assert(xout.equals(hP[0]));
assert(yout.equals(hP[1]));
}); });
it("Should pedersen with 253 ones", async () => { it("Should pedersen with 253 ones", async () => {
let w, xout, yout; let w;
const n = bigInt.one.shl(253).sub(bigInt.one); const n = bigInt.one.shiftLeft(253).minus(bigInt.one);
console.log(n.toString(16));
w = circuit.calculateWitness({ in: n}); w = await circuit.calculateWitness({ in: n});
xout = w[circuit.getSignalIdx("main.out[0]")];
yout = w[circuit.getSignalIdx("main.out[1]")];
const b = Buffer.alloc(32); const b = Buffer.alloc(32);
for (let i=0; i<31; i++) b[i] = 0xFF; for (let i=0; i<31; i++) b[i] = 0xFF;
b[31] = 0x1F; b[31] = 0x1F;
const h = pedersen.hash(b); const h = pedersen.hash(b);
const hP = babyJub.unpackPoint(h); const hP = babyJub.unpackPoint(h);
/* await circuit.assertOut(w, {out: hP});
console.log(`[${xout.toString()}, ${yout.toString()}]`);
console.log(`[${hP[0].toString()}, ${hP[1].toString()}]`);
*/
assert(xout.equals(hP[0]));
assert(yout.equals(hP[1]));
}); });
}); });