From ba656fefbed44f94d88e6bba46f908b7115230eb Mon Sep 17 00:00:00 2001
From: Kobi Gurkan <kobigurk@gmail.com>
Date: Thu, 14 Nov 2019 17:31:00 +0200
Subject: [PATCH] mimcsponge: makes the contract hash-only

---
 circuits/README.md                         |  2 +-
 src/mimcsponge_gencontract.js              | 78 +++++++++-------------
 test/circuits/mimc_sponge_hash_test.circom |  2 +-
 test/mimcspongecontract.js                 |  4 +-
 4 files changed, 37 insertions(+), 49 deletions(-)

diff --git a/circuits/README.md b/circuits/README.md
index 30b1cd2..afd4a1f 100644
--- a/circuits/README.md
+++ b/circuits/README.md
@@ -512,7 +512,7 @@ Implementation of MiMC-7 hash in Fp being...  (link to description of the hash)
 
 ### mimcsponge
 
-- `MiMCSponge(nInputs, nRounds, nOutputs)`
+- `MiMCSponge(nInputs, nOutputs)`
 
     - DESCRIPTION
     - SCHEMA
diff --git a/src/mimcsponge_gencontract.js b/src/mimcsponge_gencontract.js
index eb7d27b..1fd5bb1 100644
--- a/src/mimcsponge_gencontract.js
+++ b/src/mimcsponge_gencontract.js
@@ -20,34 +20,29 @@ function createCode(seed, n) {
     C.push("0x00");
     C.mload();
     C.div();
-    C.push("0x3f1a1187"); // MiMCSponge(uint256,uint256,uint256)
+    C.push("0xf47d33b5"); // MiMCSponge(uint256,uint256)
     C.eq();
     C.jmpi("start");
     C.invalid();
 
     C.label("start");
     C.push("0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001");  // q
-    C.push("0x44");
-    C.mload();          // k q
     C.push("0x04");
-    C.mload();          // xL k q
-    C.dup(2);           // q xL k q
+    C.mload();          // xL q
+    C.dup(1);           // q xL q
     C.push("0x24");
-    C.mload();          // xR q xL k q
-    C.dup(1);           // q xR q xL k q
-    C.dup(0);           // q q xR q xL k q
-    C.dup(4);           // xL q q xR q xL k q
-    C.dup(6);           // k xL q q xR q xL k q
-    C.addmod();         // t=k+xL q xR q xL k q
-    C.dup(1);           // q t q xR q xL k q
-    C.dup(0);           // q q t q xR q xL k q
-    C.dup(2);           // t q q t q xR q xL k q
-    C.dup(0);           // t t q q t q xR q xL k q
-    C.mulmod();         // b=t^2 q t q xR q xL k q
-    C.dup(0);           // b b q t q xR q xL k q
-    C.mulmod();         // c=t^4 t q xR q xL k q
-    C.mulmod();         // d=t^5 xR q xL k q
-    C.addmod();         // e=t^5+xR xL k q (for next round: xL xR k q)
+    C.mload();          // xR q xL q
+    C.dup(1);           // q xR q xL q
+    C.dup(3);           // xL q xR q xL q
+    C.dup(1);           // q xL q xR q xL q
+    C.dup(0);           // q q xL q xR q xL q
+    C.dup(2);           // xL q q xL q xR q xL q
+    C.dup(0);           // xL xL q q xL q xR q xL q
+    C.mulmod();         // b=xL^2 q xL q xR q xL q
+    C.dup(0);           // b b q xL q xR q xL q
+    C.mulmod();         // c=xL^4 xL q xR q xL q
+    C.mulmod();         // d=xL^5 xR q xL q
+    C.addmod();         // e=xL^5+xR xL q (for next round: xL xR q)
 
     for (let i=0; i<n-1; i++) {
         if (i < n-2) {
@@ -55,27 +50,24 @@ function createCode(seed, n) {
         } else {
           ci = "0x00";
         }
-        C.swap(1);      // xR xL k q
-        C.dup(3);       // q xR xL k q
-        C.dup(3);       // k q xR xL k q
-        C.dup(1);       // q k q xR xL k q
-        C.dup(4);       // xL q k q xR xL k q
-        C.push(ci);     // ci xL q k q xR xL k q
-        C.addmod();     // a=ci+xL k q xR xL k q
-        C.addmod();     // t=a+k xR xL k q
-        C.dup(4);       // q t xR xL k q
-        C.swap(1);      // t q xR xL k q
-        C.dup(1);       // q t q xR xL k q
-        C.dup(0);       // q q t q xR xL k q
-        C.dup(2);       // t q q t q xR xL k q
-        C.dup(0);       // t t q q t q xR xL k q
-        C.mulmod();     // b=t^2 q t q xR xL k q
-        C.dup(0);       // b b q t q xR xL k q
-        C.mulmod();     // c=t^4 t q xR xL k q
-        C.mulmod();     // d=t^5 xR xL k q
-        C.dup(4);       // q d xR xL k q
-        C.swap(2);      // xR d q xL k q
-        C.addmod();     // e=t^5+xR xL k q (for next round: xL xR k q)
+        C.swap(1);      // xR xL q
+        C.dup(2);       // q xR xL q
+        C.dup(2);       // xL q xR xL q
+        C.push(ci);     // ci xL q xR xL q
+        C.addmod();     // a=ci+xL xR xL q
+        C.dup(3);       // q a xR xL q
+        C.swap(1);      // a q xR xL q
+        C.dup(1);       // q a q xR xL q
+        C.dup(0);       // q q a q xR xL q
+        C.dup(2);       // a q q a q xR xL q
+        C.dup(0);       // a a q q a q xR xL q
+        C.mulmod();     // b=a^2 q a q xR xL q
+        C.dup(0);       // b b q a q xR xL q
+        C.mulmod();     // c=a^4 a q xR xL q
+        C.mulmod();     // d=a^5 xR xL q
+        C.dup(3);       // q d xR xL q
+        C.swap(2);      // xR d q xL q
+        C.addmod();     // e=a^5+xR xL q (for next round: xL xR q)
     }
 
     C.push("0x20");
@@ -100,10 +92,6 @@ module.exports.abi = [
             {
                 "name": "xR_in",
                 "type": "uint256"
-            },
-            {
-                "name": "k",
-                "type": "uint256"
             }
         ],
         "name": "MiMCSponge",
diff --git a/test/circuits/mimc_sponge_hash_test.circom b/test/circuits/mimc_sponge_hash_test.circom
index f6be502..7cda28d 100644
--- a/test/circuits/mimc_sponge_hash_test.circom
+++ b/test/circuits/mimc_sponge_hash_test.circom
@@ -1,3 +1,3 @@
 include "../../circuits/mimcsponge.circom"
 
-component main = MiMCSponge(2, 220, 3);
+component main = MiMCSponge(2, 3);
diff --git a/test/mimcspongecontract.js b/test/mimcspongecontract.js
index a2e7394..ba2ed75 100644
--- a/test/mimcspongecontract.js
+++ b/test/mimcspongecontract.js
@@ -33,8 +33,8 @@ describe("MiMC Sponge Smart contract test", () => {
     });
 
     it("Shold calculate the mimc correctly", async () => {
-        const res = await mimc.methods.MiMCSponge(1,2,3).call();
-        const res2 = await mimcjs.hash(1,2,3);
+        const res = await mimc.methods.MiMCSponge(1,2).call();
+        const res2 = await mimcjs.hash(1,2, 0);
 
         assert.equal(res.xL.toString(), res2.xL.toString());
         assert.equal(res.xR.toString(), res2.xR.toString());