Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
f04a318800 | ||
|
|
b15c7c8089 |
@@ -140,54 +140,49 @@ template SegmentMulFix(nWindows) {
|
||||
e2m.in[1] <== base[1];
|
||||
|
||||
component windows[nWindows];
|
||||
component adders[nWindows-1];
|
||||
component cadders[nWindows-1];
|
||||
component adders[nWindows];
|
||||
component cadders[nWindows];
|
||||
for (i=0; i<nWindows; i++) {
|
||||
windows[i] = WindowMulFix();
|
||||
cadders[i] = MontgomeryAdd();
|
||||
if (i==0) {
|
||||
windows[i].base[0] <== e2m.out[0];
|
||||
windows[i].base[1] <== e2m.out[1];
|
||||
cadders[i].in1[0] <== e2m.out[0];
|
||||
cadders[i].in1[1] <== e2m.out[1];
|
||||
} else {
|
||||
windows[i].base[0] <== windows[i-1].out8[0];
|
||||
windows[i].base[1] <== windows[i-1].out8[1];
|
||||
|
||||
adders[i-1] = MontgomeryAdd();
|
||||
cadders[i-1] = MontgomeryAdd();
|
||||
if (i==1) {
|
||||
adders[i-1].in1[0] <== windows[0].out[0];
|
||||
adders[i-1].in1[1] <== windows[0].out[1];
|
||||
cadders[i-1].in1[0] <== e2m.out[0];
|
||||
cadders[i-1].in1[1] <== e2m.out[1];
|
||||
} else {
|
||||
adders[i-1].in1[0] <== adders[i-2].out[0];
|
||||
adders[i-1].in1[1] <== adders[i-2].out[1];
|
||||
cadders[i-1].in1[0] <== cadders[i-2].out[0];
|
||||
cadders[i-1].in1[1] <== cadders[i-2].out[1];
|
||||
}
|
||||
adders[i-1].in2[0] <== windows[i].out[0];
|
||||
adders[i-1].in2[1] <== windows[i].out[1];
|
||||
cadders[i-1].in2[0] <== windows[i-1].out8[0];
|
||||
cadders[i-1].in2[1] <== windows[i-1].out8[1];
|
||||
cadders[i].in1[0] <== cadders[i-1].out[0];
|
||||
cadders[i].in1[1] <== cadders[i-1].out[1];
|
||||
}
|
||||
cadders[i].in2[0] <== windows[i].out8[0];
|
||||
cadders[i].in2[1] <== windows[i].out8[1];
|
||||
for (j=0; j<3; j++) {
|
||||
windows[i].in[j] <== e[3*i+j];
|
||||
}
|
||||
}
|
||||
|
||||
for (i=0; i<nWindows; i++) {
|
||||
adders[i] = MontgomeryAdd();
|
||||
if (i==0) {
|
||||
adders[i].in1[0] <== windows[nWindows-1].out8[0];
|
||||
adders[i].in1[1] <== windows[nWindows-1].out8[1];
|
||||
} else {
|
||||
adders[i].in1[0] <== adders[i-1].out[0];
|
||||
adders[i].in1[1] <== adders[i-1].out[1];
|
||||
}
|
||||
adders[i].in2[0] <== windows[i].out[0];
|
||||
adders[i].in2[1] <== windows[i].out[1];
|
||||
}
|
||||
|
||||
component m2e = Montgomery2Edwards();
|
||||
component cm2e = Montgomery2Edwards();
|
||||
|
||||
if (nWindows > 1) {
|
||||
m2e.in[0] <== adders[nWindows-2].out[0];
|
||||
m2e.in[1] <== adders[nWindows-2].out[1];
|
||||
cm2e.in[0] <== cadders[nWindows-2].out[0];
|
||||
cm2e.in[1] <== cadders[nWindows-2].out[1];
|
||||
} else {
|
||||
m2e.in[0] <== windows[0].out[0];
|
||||
m2e.in[1] <== windows[0].out[1];
|
||||
cm2e.in[0] <== e2m.out[0];
|
||||
cm2e.in[1] <== e2m.out[1];
|
||||
}
|
||||
m2e.in[0] <== adders[nWindows-1].out[0];
|
||||
m2e.in[1] <== adders[nWindows-1].out[1];
|
||||
cm2e.in[0] <== cadders[nWindows-1].out[0];
|
||||
cm2e.in[1] <== cadders[nWindows-1].out[1];
|
||||
|
||||
component cAdd = BabyAdd();
|
||||
cAdd.x1 <== m2e.out[0];
|
||||
@@ -195,7 +190,6 @@ template SegmentMulFix(nWindows) {
|
||||
cAdd.x2 <== -cm2e.out[0];
|
||||
cAdd.y2 <== cm2e.out[1];
|
||||
|
||||
|
||||
cAdd.xout ==> out[0];
|
||||
cAdd.yout ==> out[1];
|
||||
|
||||
@@ -214,7 +208,7 @@ template EscalarMulFix(n, BASE) {
|
||||
signal input e[n]; // Input in binary format
|
||||
signal output out[2]; // Point (Twisted format)
|
||||
|
||||
var nsegments = (n-1)\249 +1;
|
||||
var nsegments = (n-1)\246 +1; // 249 probably would work. But I'm not sure and for security I keep 246
|
||||
var nlastsegment = n - (nsegments-1)*249;
|
||||
|
||||
component segments[nsegments];
|
||||
|
||||
2
package-lock.json
generated
2
package-lock.json
generated
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "circomlib",
|
||||
"version": "0.0.10",
|
||||
"version": "0.0.11",
|
||||
"lockfileVersion": 1,
|
||||
"requires": true,
|
||||
"dependencies": {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "circomlib",
|
||||
"version": "0.0.10",
|
||||
"version": "0.0.11",
|
||||
"description": "Basic circuits library for Circom",
|
||||
"main": "index.js",
|
||||
"directories": {
|
||||
|
||||
@@ -50,6 +50,51 @@ describe("Escalarmul test", function () {
|
||||
assert(yout.equals(babyjub.Base8[1]));
|
||||
});
|
||||
|
||||
it("Should generate scalar mul of a specific constant", async () => {
|
||||
|
||||
const s = bigInt("2351960337287830298912035165133676222414898052661454064215017316447594616519");
|
||||
const base8 = [
|
||||
bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
|
||||
bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")
|
||||
];
|
||||
|
||||
const w = circuit.calculateWitness({"e": s});
|
||||
|
||||
assert(circuit.checkWitness(w));
|
||||
|
||||
const xout = w[circuit.getSignalIdx("main.out[0]")];
|
||||
const yout = w[circuit.getSignalIdx("main.out[1]")];
|
||||
|
||||
const expectedRes = babyjub.mulPointEscalar(base8, s);
|
||||
|
||||
assert(xout.equals(expectedRes[0]));
|
||||
assert(yout.equals(expectedRes[1]));
|
||||
});
|
||||
|
||||
it("Should generate scalar mul of the firsts 50 elements", async () => {
|
||||
|
||||
const base8 = [
|
||||
bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
|
||||
bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")
|
||||
];
|
||||
|
||||
for (let i=0; i<50; i++) {
|
||||
const s = bigInt(i);
|
||||
|
||||
const w = circuit.calculateWitness({"e": s});
|
||||
|
||||
assert(circuit.checkWitness(w));
|
||||
|
||||
const xout = w[circuit.getSignalIdx("main.out[0]")];
|
||||
const yout = w[circuit.getSignalIdx("main.out[1]")];
|
||||
|
||||
const expectedRes = babyjub.mulPointEscalar(base8, s);
|
||||
|
||||
assert(xout.equals(expectedRes[0]));
|
||||
assert(yout.equals(expectedRes[1]));
|
||||
}
|
||||
});
|
||||
|
||||
it("If multiply by order should return 0", async () => {
|
||||
|
||||
const w = circuit.calculateWitness({"e": babyjub.subOrder });
|
||||
|
||||
Reference in New Issue
Block a user