tornado-packages/circomlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: tornado-packages:v0.1.2
Branches Tags
tornado-packages:master tornado-packages:tornado-trees tornado-packages:feat/audit_fixes
tornado-packages:v0.2.4 tornado-packages:v0.2.3 tornado-packages:v0.2.2 tornado-packages:v0.2.1 tornado-packages:v0.2.0 tornado-packages:v0.1.2 tornado-packages:v0.1.1 tornado-packages:v0.1.0 tornado-packages:v0.0.21 tornado-packages:v0.0.20 tornado-packages:v0.0.19 tornado-packages:audit tornado-packages:v0.0.18 tornado-packages:v0.0.17 tornado-packages:v0.0.16 tornado-packages:v0.0.15 tornado-packages:v0.0.14 tornado-packages:v0.0.13 tornado-packages:v0.0.12 tornado-packages:v0.0.11 tornado-packages:v0.0.10 tornado-packages:v0.0.9 tornado-packages:v0.0.8 tornado-packages:v0.0.7 tornado-packages:v0.0.6 tornado-packages:v0.0.5 tornado-packages:v0.0.4 tornado-packages:v0.0.3 tornado-packages:v0.0.2
..
compare: tornado-packages:v0.2.4
Branches Tags
tornado-packages:master tornado-packages:tornado-trees tornado-packages:feat/audit_fixes
tornado-packages:v0.2.4 tornado-packages:v0.2.3 tornado-packages:v0.2.2 tornado-packages:v0.2.1 tornado-packages:v0.2.0 tornado-packages:v0.1.2 tornado-packages:v0.1.1 tornado-packages:v0.1.0 tornado-packages:v0.0.21 tornado-packages:v0.0.20 tornado-packages:v0.0.19 tornado-packages:audit tornado-packages:v0.0.18 tornado-packages:v0.0.17 tornado-packages:v0.0.16 tornado-packages:v0.0.15 tornado-packages:v0.0.14 tornado-packages:v0.0.13 tornado-packages:v0.0.12 tornado-packages:v0.0.11 tornado-packages:v0.0.10 tornado-packages:v0.0.9 tornado-packages:v0.0.8 tornado-packages:v0.0.7 tornado-packages:v0.0.6 tornado-packages:v0.0.5 tornado-packages:v0.0.4 tornado-packages:v0.0.3 tornado-packages:v0.0.2

18 Commits
v0.1.2 ... v0.2.4

Author SHA1 Message Date
Jordi Baylina
6bcbf3370e 0.2.4 2020-08-31 18:30:11 +02:00
Jordi Baylina
9d876a1b32 deps 2020-08-31 18:30:04 +02:00
Jordi Baylina
d422471b5b Merge pull request #49 from krlosMata/feature/fix-smt-update 
fix smt update
 2020-08-31 17:14:45 +02:00
Jordi Baylina
01da5f90db Merge pull request #50 from tornadocash/poseidon-pr-2 
add poseidon comments and refactorings
 2020-08-28 04:29:49 +02:00
poma
fabc586fea add poseidon comments and refactorings 2020-08-27 16:46:49 +03:00
krlosMata
7e93b3fcf8 fix smt update 2020-08-25 13:08:53 +02:00
Jordi Baylina
3f4734d4dd Merge pull request #48 from kobigurk/kobigurk/fix_and_assert_less_than 
fix: improve LessThan and adds assert
 2020-08-24 11:12:11 +02:00
Kobi Gurkan
1cd3d203c5 fix LessThan and adds assert 2020-08-24 10:46:37 +03:00
Jordi Baylina
01e3f0d680 Poseidon genContract nInputs as parameters 2020-08-09 17:19:53 +02:00
Jordi Baylina
86c6a2a6f5 New Version of Poseidon 2020-08-09 17:13:04 +02:00
Jordi Baylina
5269afee0a 0.2.3 2020-04-20 11:01:20 +02:00
Jordi Baylina
48c721c8af smtdb key string 2020-04-20 11:01:11 +02:00
Jordi Baylina
0efecf16fa 0.2.2 2020-04-19 18:46:11 +02:00
Jordi Baylina
7705fe8339 deps 2020-04-19 18:45:43 +02:00
Jordi Baylina
401c9e0728 0.2.1 2020-04-19 12:24:04 +02:00
Jordi Baylina
d5ed1c3ce4 Go back to blake 2020-04-19 12:23:55 +02:00
Jordi Baylina
6a1efe4820 0.2.0 2020-04-18 22:34:09 +02:00
Jordi Baylina
b2ac4daaa7 Blake to Blake2b and use of native big num 2020-04-18 22:33:59 +02:00
56 changed files with 5555 additions and 2360 deletions
Expand all files Collapse all files

38
circuits/README.md
View File

@@ -49,7 +49,7 @@ Folder containing the circuit implementation of Sparse Merkle Trees.
- OUTPUT
- BENCHMARKS
- EXAMPLE
### babyjub
Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby_jubjub) in twisted Edwards form. (TODO: Expose here the characteristics of the curve?)
@@ -58,22 +58,22 @@ Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby
- `BabyAdd()`
- DESCRIPTION
It adds two points on the Baby Jubjub curve. More specifically, given two points P1 = (`x1`, `y1`) and P2 = (`x2`, `y2`) it returns a point P3 = (`xout`, `yout`) such that
(`xout`, `yout`) = (`x1`,`y1`) + (`x2`,`y2`)
(`xout`, `yout`) = (`x1`,`y1`) + (`x2`,`y2`)
= ((`x1y2`+`y1x2`)/(1+`dx1x2y1y2`)),(`y1y2`-`ax1x2`)/(1-`dx1x2y1y2`))
- SCHEMA
```
var a var d
| |
| |
______v_________v_______
______v_________v_______
input x1 ----> | |
input y1 ----> | BabyAdd() | ----> output xout
input x2 ----> | | ----> output yout
input y2 ----> |________________________|
input y2 ----> |________________________|
```
- INPUTS
@@ -84,16 +84,16 @@ Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby
| `y1` | Bigint | Field element of Fp | Second coordinate of a point (x1, y1) on E. |
| `x2` | Bigint | Field element of Fp | First coordinate of a point (x2, y2) on E. |
| `y2` | Bigint | Field element of Fp | Second coordinate of a point (x2, y2) on E. |
Requirement: at least `x1`!=`x2` or `y1`!=`y2`.
- OUTPUT
| Input | Representation | Description | |
| ------------- | ------------- | ------------- | ------------- |
| `xout` | Bigint | Field element of Fp | First coordinate of the addition point (xout, yout) = (x1, y1) + (x2, y2). |
| `yout` | Bigint | Field element of Fp | Second coordinate of the addition point (xout, yout) = (x1, y1) + (x2, y2). |
- BENCHMARKS (constraints)
- EXAMPLE
@@ -108,7 +108,7 @@ Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby
- `BabyCheck()`
- DESCRIPTION : checks if a given point is in the curve.
- DESCRIPTION : checks if a given point is in the curve.
- SCHEMA
- INPUT
- OUTPUT
@@ -127,7 +127,7 @@ Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby
### binsub
- `BinSub(n)`
- `BinSub(n)`
- DESCRIPTION: binary substraction.
- SCHEMA
@@ -140,7 +140,7 @@ Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby
- `nbits(a)`
- DESCRIPTION : binary sum.
- DESCRIPTION : binary sum.
- SCHEMA
- INPUT
- OUTPUT
@@ -149,7 +149,7 @@ Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby
- `BinSum(n, ops)`
- DESCRIPTION
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
@@ -169,7 +169,7 @@ Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby
- `Num2Bits_strict()`
- DESCRIPTION
- DESCRIPTION
- SCHEMA
- INPUT
- OUTPUT
@@ -259,7 +259,7 @@ Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby
- BENCHMARKS
- EXAMPLE
### compconstant
### compconstant
- `CompConstant(ct)`
@@ -688,7 +688,7 @@ Implementation of MiMC-7 hash in Fp being... (link to description of the hash)
### pedersen_old
Old version of the Pedersen hash (do not use any
Old version of the Pedersen hash (do not use any
more?).
### pedersen
@@ -720,7 +720,7 @@ more?).
- BENCHMARKS
- EXAMPLE
### pointbits
### pointbits
- `sqrt(n)`
@@ -780,7 +780,7 @@ Implementation of Poseidon hash function (LINK)
- BENCHMARKS
- EXAMPLE
- `Ark(t, C)`
- `Ark(t, C, r)`
- DESCRIPTION
- SCHEMA
@@ -798,7 +798,7 @@ Implementation of Poseidon hash function (LINK)
- BENCHMARKS
- EXAMPLE
- `Poseidon(nInputs, t, nRoundsF, nRoundsP)`
- `Poseidon(nInputs)`
- DESCRIPTION
- SCHEMA

3
circuits/comparators.circom
View File

@@ -86,10 +86,11 @@ template LessThan(n) {
*/
template LessThan(n) {
assert(n <= 252);
signal input in[2];
signal output out;
component n2b = Num2Bits(n*2+1);
component n2b = Num2Bits(n+1);
n2b.in <== in[0]+ (1<<n) - in[1];

2
circuits/eddsaposeidon.circom
View File

@@ -51,7 +51,7 @@ template EdDSAPoseidonVerifier() {
// Calculate the h = H(R,A, msg)
component hash = Poseidon(5, 6, 8, 57);
component hash = Poseidon(5);
hash.inputs[0] <== R8x;
hash.inputs[1] <== R8y;

3
circuits/pedersen.circom
View File

@@ -187,7 +187,8 @@ template Pedersen(n) {
[6814338563135591367010655964669793483652536871717891893032616415581401894627,13660303521961041205824633772157003587453809761793065294055279768121314853695],
[3571615583211663069428808372184817973703476260057504149923239576077102575715,11981351099832644138306422070127357074117642951423551606012551622164230222506],
[18597552580465440374022635246985743886550544261632147935254624835147509493269,6753322320275422086923032033899357299485124665258735666995435957890214041481]
]
];
var nSegments = ((n-1)\200)+1;

1
circuits/pedersen_old.circom
View File

@@ -39,6 +39,7 @@ template Pedersen(n) {
[6814338563135591367010655964669793483652536871717891893032616415581401894627,13660303521961041205824633772157003587453809761793065294055279768121314853695],
[3571615583211663069428808372184817973703476260057504149923239576077102575715,11981351099832644138306422070127357074117642951423551606012551622164230222506],
[18597552580465440374022635246985743886550544261632147935254624835147509493269,6753322320275422086923032033899357299485124665258735666995435957890214041481]
];
var i;

184
circuits/poseidon.circom
View File

@@ -1,3 +1,4 @@
include "./poseidon_constants.circom";
template Sigma() {
signal input in;
@@ -12,169 +13,53 @@ template Sigma() {
out <== in4*in;
}
template Ark(t, C) {
template Ark(t, C, r) {
signal input in[t];
signal output out[t];
for (var i=0; i<t; i++) {
out[i] <== in[i] + C;
out[i] <== in[i] + C[i + r];
}
}
template Mix(t, M) {
signal input in[t];
signal output out[t];
var lc;
var i;
var j;
for (i=0; i<t; i++) {
for (var i=0; i<t; i++) {
lc = 0;
for (j=0; j<t; j++) {
lc = lc + M[i][j]*in[j];
for (var j=0; j<t; j++) {
lc += M[j][i]*in[j];
}
out[i] <== lc;
}
}
// var nRoundsF = 8;
// var nRoundsP = 57;
// var t = 6;
template Poseidon(nInputs, t, nRoundsF, nRoundsP) {
var C[65] = [
14397397413755236225575615486459253198602422701513067526754101844196324375522,
10405129301473404666785234951972711717481302463898292859783056520670200613128,
5179144822360023508491245509308555580251733042407187134628755730783052214509,
9132640374240188374542843306219594180154739721841249568925550236430986592615,
20360807315276763881209958738450444293273549928693737723235350358403012458514,
17933600965499023212689924809448543050840131883187652471064418452962948061619,
3636213416533737411392076250708419981662897009810345015164671602334517041153,
2008540005368330234524962342006691994500273283000229509835662097352946198608,
16018407964853379535338740313053768402596521780991140819786560130595652651567,
20653139667070586705378398435856186172195806027708437373983929336015162186471,
17887713874711369695406927657694993484804203950786446055999405564652412116765,
4852706232225925756777361208698488277369799648067343227630786518486608711772,
8969172011633935669771678412400911310465619639756845342775631896478908389850,
20570199545627577691240476121888846460936245025392381957866134167601058684375,
16442329894745639881165035015179028112772410105963688121820543219662832524136,
20060625627350485876280451423010593928172611031611836167979515653463693899374,
16637282689940520290130302519163090147511023430395200895953984829546679599107,
15599196921909732993082127725908821049411366914683565306060493533569088698214,
16894591341213863947423904025624185991098788054337051624251730868231322135455,
1197934381747032348421303489683932612752526046745577259575778515005162320212,
6172482022646932735745595886795230725225293469762393889050804649558459236626,
21004037394166516054140386756510609698837211370585899203851827276330669555417,
15262034989144652068456967541137853724140836132717012646544737680069032573006,
15017690682054366744270630371095785995296470601172793770224691982518041139766,
15159744167842240513848638419303545693472533086570469712794583342699782519832,
11178069035565459212220861899558526502477231302924961773582350246646450941231,
21154888769130549957415912997229564077486639529994598560737238811887296922114,
20162517328110570500010831422938033120419484532231241180224283481905744633719,
2777362604871784250419758188173029886707024739806641263170345377816177052018,
15732290486829619144634131656503993123618032247178179298922551820261215487562,
6024433414579583476444635447152826813568595303270846875177844482142230009826,
17677827682004946431939402157761289497221048154630238117709539216286149983245,
10716307389353583413755237303156291454109852751296156900963208377067748518748,
14925386988604173087143546225719076187055229908444910452781922028996524347508,
8940878636401797005293482068100797531020505636124892198091491586778667442523,
18911747154199663060505302806894425160044925686870165583944475880789706164410,
8821532432394939099312235292271438180996556457308429936910969094255825456935,
20632576502437623790366878538516326728436616723089049415538037018093616927643,
71447649211767888770311304010816315780740050029903404046389165015534756512,
2781996465394730190470582631099299305677291329609718650018200531245670229393,
12441376330954323535872906380510501637773629931719508864016287320488688345525,
2558302139544901035700544058046419714227464650146159803703499681139469546006,
10087036781939179132584550273563255199577525914374285705149349445480649057058,
4267692623754666261749551533667592242661271409704769363166965280715887854739,
4945579503584457514844595640661884835097077318604083061152997449742124905548,
17742335354489274412669987990603079185096280484072783973732137326144230832311,
6266270088302506215402996795500854910256503071464802875821837403486057988208,
2716062168542520412498610856550519519760063668165561277991771577403400784706,
19118392018538203167410421493487769944462015419023083813301166096764262134232,
9386595745626044000666050847309903206827901310677406022353307960932745699524,
9121640807890366356465620448383131419933298563527245687958865317869840082266,
3078975275808111706229899605611544294904276390490742680006005661017864583210,
7157404299437167354719786626667769956233708887934477609633504801472827442743,
14056248655941725362944552761799461694550787028230120190862133165195793034373,
14124396743304355958915937804966111851843703158171757752158388556919187839849,
11851254356749068692552943732920045260402277343008629727465773766468466181076,
9799099446406796696742256539758943483211846559715874347178722060519817626047,
10156146186214948683880719664738535455146137901666656566575307300522957959544,
19908645952733301583346063785055921934459499091029406575311417879963332475861,
11766105336238068471342414351862472329437473380853789942065610694000443387471,
11002137593249972174092192767251572171769044073555430468487809799220351297047,
284136377911685911941431040940403846843630064858778505937392780738953624163,
19448733709802908339787967270452055364068697565906862913410983275341804035680,
14423660424692802524250720264041003098290275890428483723270346403986712981505,
10635360132728137321700090133109897687122647659471659996419791842933639708516
];
var M[6][6] = [
[
19167410339349846567561662441069598364702008768579734801591448511131028229281,
14183033936038168803360723133013092560869148726790180682363054735190196956789,
9067734253445064890734144122526450279189023719890032859456830213166173619761,
16378664841697311562845443097199265623838619398287411428110917414833007677155,
12968540216479938138647596899147650021419273189336843725176422194136033835172,
3636162562566338420490575570584278737093584021456168183289112789616069756675
],[
17034139127218860091985397764514160131253018178110701196935786874261236172431,
2799255644797227968811798608332314218966179365168250111693473252876996230317,
2482058150180648511543788012634934806465808146786082148795902594096349483974,
16563522740626180338295201738437974404892092704059676533096069531044355099628,
10468644849657689537028565510142839489302836569811003546969773105463051947124,
3328913364598498171733622353010907641674136720305714432354138807013088636408
],[
18985203040268814769637347880759846911264240088034262814847924884273017355969,
8652975463545710606098548415650457376967119951977109072274595329619335974180,
970943815872417895015626519859542525373809485973005165410533315057253476903,
19406667490568134101658669326517700199745817783746545889094238643063688871948,
17049854690034965250221386317058877242629221002521630573756355118745574274967,
4964394613021008685803675656098849539153699842663541444414978877928878266244
],[
19025623051770008118343718096455821045904242602531062247152770448380880817517,
9077319817220936628089890431129759976815127354480867310384708941479362824016,
4770370314098695913091200576539533727214143013236894216582648993741910829490,
4298564056297802123194408918029088169104276109138370115401819933600955259473,
6905514380186323693285869145872115273350947784558995755916362330070690839131,
4783343257810358393326889022942241108539824540285247795235499223017138301952
],[
16205238342129310687768799056463408647672389183328001070715567975181364448609,
8303849270045876854140023508764676765932043944545416856530551331270859502246,
20218246699596954048529384569730026273241102596326201163062133863539137060414,
1712845821388089905746651754894206522004527237615042226559791118162382909269,
13001155522144542028910638547179410124467185319212645031214919884423841839406,
16037892369576300958623292723740289861626299352695838577330319504984091062115
],[
15162889384227198851506890526431746552868519326873025085114621698588781611738,
13272957914179340594010910867091459756043436017766464331915862093201960540910,
9416416589114508529880440146952102328470363729880726115521103179442988482948,
8035240799672199706102747147502951589635001418759394863664434079699838251138,
21642389080762222565487157652540372010968704000567605990102641816691459811717,
20261355950827657195644012399234591122288573679402601053407151083849785332516
]
];
template Poseidon(nInputs) {
signal input inputs[nInputs];
signal output out;
component ark[nRoundsF + nRoundsP];
component sigmaF[nRoundsF][t];
component sigmaP[nRoundsP];
component mix[nRoundsF + nRoundsP];
// Using recommended parameters from whitepaper https://eprint.iacr.org/2019/458.pdf (table 2, table 8)
// Generated by https://extgit.iaik.tugraz.at/krypto/hadeshash/-/blob/master/code/calc_round_numbers.py
// And rounded up to nearest integer that divides by t
var N_ROUNDS_P[8] = [56, 57, 56, 60, 60, 63, 64, 63];
var t = nInputs + 1;
var nRoundsF = 8;
var nRoundsP = N_ROUNDS_P[t - 2];
var C[t*(nRoundsF + nRoundsP)] = POSEIDON_C(t);
var M[t][t] = POSEIDON_M(t);
component ark[nRoundsF + nRoundsP - 1];
component sigmaF[nRoundsF - 1][t];
component sigmaP[nRoundsP];
component mix[nRoundsF + nRoundsP - 1];
var i;
var j;
var k;
for (i=0; i<(nRoundsF + nRoundsP); i++) {
ark[i] = Ark(t, C[i]);
mix[i] = Mix(t, M);
for (j=0; j<t; j++) {
for (var i=0; i<nRoundsF + nRoundsP - 1; i++) {
ark[i] = Ark(t, C, t*i);
for (var j=0; j<t; j++) {
if (i==0) {
if (j<nInputs) {
ark[i].in[j] <== inputs[j];
@@ -186,23 +71,28 @@ template Poseidon(nInputs, t, nRoundsF, nRoundsP) {
}
}
if ((i<(nRoundsF/2)) || (i>= (nRoundsP + nRoundsF/2))) {
k= i<nRoundsF/2 ? i : (i-nRoundsP);
for (j=0; j<t; j++) {
if (i < nRoundsF/2 || i >= nRoundsP + nRoundsF/2) {
k = i < nRoundsF/2 ? i : i - nRoundsP;
mix[i] = Mix(t, M);
for (var j=0; j<t; j++) {
sigmaF[k][j] = Sigma();
sigmaF[k][j].in <== ark[i].out[j];
mix[i].in[j] <== sigmaF[k][j].out;
}
} else {
k= i-nRoundsF/2;
k = i - nRoundsF/2;
mix[i] = Mix(t, M);
sigmaP[k] = Sigma();
sigmaP[k].in <== ark[i].out[0];
mix[i].in[0] <== sigmaP[k].out;
for (j=1; j<t; j++) {
for (var j=1; j<t; j++) {
mix[i].in[j] <== ark[i].out[j];
}
}
}
out <== mix[nRoundsF + nRoundsP -1].out[0];
// last round is done only for the first word, so we do it manually to save constraints
component lastSigmaF = Sigma();
lastSigmaF.in <== mix[nRoundsF + nRoundsP - 2].out[0] + C[t*(nRoundsF + nRoundsP - 1)];
out <== lastSigmaF.out;
}

94
circuits/poseidon_constants.circom Normal file
View File

File diff suppressed because one or more lines are too long

4
circuits/smt/smthash_poseidon.circom
View File

@@ -29,7 +29,7 @@ template SMTHash1() {
signal input value;
signal output out;
component h = Poseidon(3, 6, 8, 57); // Constant
component h = Poseidon(3); // Constant
h.inputs[0] <== key;
h.inputs[1] <== value;
h.inputs[2] <== 1;
@@ -48,7 +48,7 @@ template SMTHash2() {
signal input R;
signal output out;
component h = Poseidon(2, 6, 8, 57); // Constant
component h = Poseidon(2); // Constant
h.inputs[0] <== L;
h.inputs[1] <== R;

2
index.js
View File

@@ -7,8 +7,6 @@ exports.pedersenHash = require("./src/pedersenHash");
exports.SMT = require("./src/smt").SMT;
exports.SMTMemDB = require("./src/smt_memdb");
exports.poseidon = require("./src/poseidon");
exports.leInt2Buff = require("./src/utils").leInt2Buff;
exports.leBuff2int = require("./src/utils").leBuff2int;

2522
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

14
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "circomlib",
"version": "0.1.2",
"version": "0.2.4",
"description": "Basic circuits library for Circom",
"main": "index.js",
"directories": {
@@ -26,15 +26,13 @@
"dependencies": {
"blake-hash": "^1.1.0",
"blake2b": "^2.1.3",
"circom": "0.5.3",
"ffjavascript": "0.0.3",
"snarkjs": "^0.1.22",
"typedarray-to-buffer": "^3.1.5",
"web3": "^1.2.6"
"circom": "0.5.21",
"ffjavascript": "0.1.0"
},
"devDependencies": {
"eslint": "^6.8.0",
"ganache-cli": "^6.9.1",
"mocha": "^7.1.1"
"ganache-cli": "^6.10.1",
"mocha": "^7.1.1",
"web3": "^1.2.11"
}
}

53
src/babyjub.js
View File

@@ -1,6 +1,6 @@
const bigInt = require("big-integer");
const ZqField = require("ffjavascript").ZqField;
const utils = require("./utils.js");
const F1Field = require("ffjavascript").F1Field;
const Scalar = require("ffjavascript").Scalar;
const utils = require("ffjavascript").utils;
exports.addPoint = addPoint;
exports.mulPointEscalar = mulPointEscalar;
@@ -8,23 +8,27 @@ exports.inCurve = inCurve;
exports.inSubgroup = inSubgroup;
exports.packPoint = packPoint;
exports.unpackPoint = unpackPoint;
exports.p = Scalar.fromString("21888242871839275222246405745257275088548364400416034343698204186575808495617");
const F = new F1Field(exports.p);
exports.F = F;
exports.Generator = [
bigInt("995203441582195749578291179787384436505546430278305826713579947235728471134"),
bigInt("5472060717959818805561601436314318772137091100104008585924551046643952123905")
F.e("995203441582195749578291179787384436505546430278305826713579947235728471134"),
F.e("5472060717959818805561601436314318772137091100104008585924551046643952123905")
];
exports.Base8 = [
bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
F.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
F.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
];
exports.order = bigInt("21888242871839275222246405745257275088614511777268538073601725287587578984328");
exports.subOrder = exports.order.shiftRight(3);
exports.p = bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617");
exports.A = bigInt("168700");
exports.D = bigInt("168696");
exports.order = Scalar.fromString("21888242871839275222246405745257275088614511777268538073601725287587578984328");
exports.subOrder = Scalar.shiftRight(exports.order, 3);
exports.A = F.e("168700");
exports.D = F.e("168696");
function addPoint(a,b) {
const F = new ZqField(exports.p);
const res = [];
@@ -44,28 +48,28 @@ function addPoint(a,b) {
res[0] = F.div(
F.add(beta, gamma),
F.add(bigInt.one, dtau)
F.add(F.one, dtau)
);
res[1] = F.div(
F.add(delta, F.sub(F.mul(exports.A,beta), gamma)),
F.sub(bigInt.one, dtau)
F.sub(F.one, dtau)
);
return res;
}
function mulPointEscalar(base, e) {
let res = [bigInt("0"),bigInt("1")];
let rem = bigInt(e);
let res = [F.e("0"),F.e("1")];
let rem = e;
let exp = base;
while (! rem.isZero()) {
if (rem.isOdd()) {
while (! Scalar.isZero(rem)) {
if (Scalar.isOdd(rem)) {
res = addPoint(res, exp);
}
exp = addPoint(exp, exp);
rem = rem.shiftRight(1);
rem = Scalar.shiftRight(rem, 1);
}
return res;
@@ -74,11 +78,10 @@ function mulPointEscalar(base, e) {
function inSubgroup(P) {
if (!inCurve(P)) return false;
const res= mulPointEscalar(P, exports.subOrder);
return (res[0].equals(bigInt(0))) && (res[1].equals(bigInt(1)));
return (F.isZero(res[0]) && F.eq(res[1], F.one));
}
function inCurve(P) {
const F = new ZqField(exports.p);
const x2 = F.square(P[0]);
const y2 = F.square(P[1]);
@@ -92,15 +95,13 @@ function inCurve(P) {
function packPoint(P) {
const buff = utils.leInt2Buff(P[1], 32);
if (P[0].greater(exports.p.shiftRight(1))) {
if (F.lt(P[0], F.zero)) {
buff[31] = buff[31] | 0x80;
}
return buff;
}
function unpackPoint(_buff) {
const F = new ZqField(exports.p);
const buff = Buffer.from(_buff);
let sign = false;
const P = new Array(2);
@@ -109,7 +110,7 @@ function unpackPoint(_buff) {
buff[31] = buff[31] & 0x7F;
}
P[1] = utils.leBuff2int(buff);
if (P[1].greaterOrEquals(exports.p)) return null;
if (Scalar.gt(P[1], exports.p)) return null;
const y2 = F.square(P[1]);

63
src/eddsa.js
View File

@@ -1,7 +1,8 @@
const createBlakeHash = require("blake-hash");
const bigInt = require("big-integer");
const Scalar = require("ffjavascript").Scalar;
const F1Field = require("ffjavascript").F1Field;
const babyJub = require("./babyjub");
const utils = require("./utils");
const utils = require("ffjavascript").utils;
const pedersenHash = require("./pedersenHash").hash;
const mimc7 = require("./mimc7");
const poseidon = require("./poseidon.js");
@@ -33,7 +34,7 @@ function pruneBuffer(_buff) {
function prv2pub(prv) {
const sBuff = pruneBuffer(createBlakeHash("blake512").update(prv).digest().slice(0,32));
let s = utils.leBuff2int(sBuff);
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shiftRight(3));
const A = babyJub.mulPointEscalar(babyJub.Base8, Scalar.shr(s,3));
return A;
}
@@ -41,17 +42,18 @@ function sign(prv, msg) {
const h1 = createBlakeHash("blake512").update(prv).digest();
const sBuff = pruneBuffer(h1.slice(0,32));
const s = utils.leBuff2int(sBuff);
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shiftRight(3));
const A = babyJub.mulPointEscalar(babyJub.Base8, Scalar.shr(s, 3));
const rBuff = createBlakeHash("blake512").update(Buffer.concat([h1.slice(32,64), msg])).digest();
let r = utils.leBuff2int(rBuff);
r = r.mod(babyJub.subOrder);
const Fr = new F1Field(babyJub.subOrder);
r = Fr.e(r);
const R8 = babyJub.mulPointEscalar(babyJub.Base8, r);
const R8p = babyJub.packPoint(R8);
const Ap = babyJub.packPoint(A);
const hmBuff = pedersenHash(Buffer.concat([R8p, Ap, msg]));
const hm = utils.leBuff2int(hmBuff);
const S = r.add(hm.times(s)).mod(babyJub.subOrder);
const S = Fr.add(r , Fr.mul(hm, s));
return {
R8: R8,
S: S
@@ -62,15 +64,16 @@ function signMiMC(prv, msg) {
const h1 = createBlakeHash("blake512").update(prv).digest();
const sBuff = pruneBuffer(h1.slice(0,32));
const s = utils.leBuff2int(sBuff);
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shiftRight(3));
const A = babyJub.mulPointEscalar(babyJub.Base8, Scalar.shr(s, 3));
const msgBuff = utils.leInt2Buff(msg, 32);
const rBuff = createBlakeHash("blake512").update(Buffer.concat([h1.slice(32,64), msgBuff])).digest();
let r = utils.leBuff2int(rBuff);
r = r.mod(babyJub.subOrder);
const Fr = new F1Field(babyJub.subOrder);
r = Fr.e(r);
const R8 = babyJub.mulPointEscalar(babyJub.Base8, r);
const hm = mimc7.multiHash([R8[0], R8[1], A[0], A[1], msg]);
const S = r.add(hm.times(s)).mod(babyJub.subOrder);
const S = Fr.add(r , Fr.mul(hm, s));
return {
R8: R8,
S: S
@@ -81,15 +84,16 @@ function signMiMCSponge(prv, msg) {
const h1 = createBlakeHash("blake512").update(prv).digest();
const sBuff = pruneBuffer(h1.slice(0,32));
const s = utils.leBuff2int(sBuff);
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shiftRight(3));
const A = babyJub.mulPointEscalar(babyJub.Base8, Scalar.shr(s, 3));
const msgBuff = utils.leInt2Buff(msg, 32);
const rBuff = createBlakeHash("blake512").update(Buffer.concat([h1.slice(32,64), msgBuff])).digest();
let r = utils.leBuff2int(rBuff);
r = r.mod(babyJub.subOrder);
const Fr = new F1Field(babyJub.subOrder);
r = Fr.e(r);
const R8 = babyJub.mulPointEscalar(babyJub.Base8, r);
const hm = mimcsponge.multiHash([R8[0], R8[1], A[0], A[1], msg]);
const S = r.add(hm.times(s)).mod(babyJub.subOrder);
const S = Fr.add(r , Fr.mul(hm, s));
return {
R8: R8,
S: S
@@ -100,16 +104,16 @@ function signPoseidon(prv, msg) {
const h1 = createBlakeHash("blake512").update(prv).digest();
const sBuff = pruneBuffer(h1.slice(0,32));
const s = utils.leBuff2int(sBuff);
const A = babyJub.mulPointEscalar(babyJub.Base8, s.shiftRight(3));
const A = babyJub.mulPointEscalar(babyJub.Base8, Scalar.shr(s, 3));
const msgBuff = utils.leInt2Buff(msg, 32);
const rBuff = createBlakeHash("blake512").update(Buffer.concat([h1.slice(32,64), msgBuff])).digest();
let r = utils.leBuff2int(rBuff);
r = r.mod(babyJub.subOrder);
const Fr = new F1Field(babyJub.subOrder);
r = Fr.e(r);
const R8 = babyJub.mulPointEscalar(babyJub.Base8, r);
const hash = poseidon.createHash(6, 8, 57);
const hm = hash([R8[0], R8[1], A[0], A[1], msg]);
const S = r.add(hm.times(s)).mod(babyJub.subOrder);
const hm = poseidon([R8[0], R8[1], A[0], A[1], msg]);
const S = Fr.add(r , Fr.mul(hm, s));
return {
R8: R8,
S: S
@@ -133,11 +137,11 @@ function verify(msg, sig, A) {
const hm = utils.leBuff2int(hmBuff);
const Pleft = babyJub.mulPointEscalar(babyJub.Base8, sig.S);
let Pright = babyJub.mulPointEscalar(A, hm.times(bigInt("8")));
let Pright = babyJub.mulPointEscalar(A, Scalar.mul(hm,8));
Pright = babyJub.addPoint(sig.R8, Pright);
if (!Pleft[0].equals(Pright[0])) return false;
if (!Pleft[1].equals(Pright[1])) return false;
if (!babyJub.F.eq(Pleft[0],Pright[0])) return false;
if (!babyJub.F.eq(Pleft[1],Pright[1])) return false;
return true;
}
@@ -155,11 +159,11 @@ function verifyMiMC(msg, sig, A) {
const hm = mimc7.multiHash([sig.R8[0], sig.R8[1], A[0], A[1], msg]);
const Pleft = babyJub.mulPointEscalar(babyJub.Base8, sig.S);
let Pright = babyJub.mulPointEscalar(A, hm.times(bigInt("8")));
let Pright = babyJub.mulPointEscalar(A, Scalar.mul(hm, 8));
Pright = babyJub.addPoint(sig.R8, Pright);
if (!Pleft[0].equals(Pright[0])) return false;
if (!Pleft[1].equals(Pright[1])) return false;
if (!babyJub.F.eq(Pleft[0],Pright[0])) return false;
if (!babyJub.F.eq(Pleft[1],Pright[1])) return false;
return true;
}
@@ -175,15 +179,14 @@ function verifyPoseidon(msg, sig, A) {
if (!babyJub.inCurve(A)) return false;
if (sig.S>= babyJub.subOrder) return false;
const hash = poseidon.createHash(6, 8, 57);
const hm = hash([sig.R8[0], sig.R8[1], A[0], A[1], msg]);
const hm = poseidon([sig.R8[0], sig.R8[1], A[0], A[1], msg]);
const Pleft = babyJub.mulPointEscalar(babyJub.Base8, sig.S);
let Pright = babyJub.mulPointEscalar(A, hm.times(bigInt("8")));
let Pright = babyJub.mulPointEscalar(A, Scalar.mul(hm, 8));
Pright = babyJub.addPoint(sig.R8, Pright);
if (!Pleft[0].equals(Pright[0])) return false;
if (!Pleft[1].equals(Pright[1])) return false;
if (!babyJub.F.eq(Pleft[0],Pright[0])) return false;
if (!babyJub.F.eq(Pleft[1],Pright[1])) return false;
return true;
}
@@ -204,8 +207,8 @@ function verifyMiMCSponge(msg, sig, A) {
let Pright = babyJub.mulPointEscalar(A, hm.times(bigInt("8")));
Pright = babyJub.addPoint(sig.R8, Pright);
if (!Pleft[0].equals(Pright[0])) return false;
if (!Pleft[1].equals(Pright[1])) return false;
if (!babyJub.F.eq(Pleft[0],Pright[0])) return false;
if (!babyJub.F.eq(Pleft[1],Pright[1])) return false;
return true;
}

11
src/evmasm.js
View File

@@ -154,6 +154,17 @@ class Contract {
}
push(data) {
if (typeof data === "number") {
let isNeg;
if (data<0) {
isNeg = true;
data = -data;
}
data = data.toString(16);
if (data.length % 2 == 1) data = "0" + data;
data = "0x" + data;
if (isNeg) data = "-"+data;
}
const d = Web3Utils.hexToBytes(Web3Utils.toHex(data));
if (d.length == 0 || d.length > 32) {
throw new Error("Assertion failed");

3
src/g2_gencontract.js
View File

@@ -4,7 +4,6 @@
const Contract = require("./evmasm");
const G2 = require("snarkjs").bn128.G2;
const bigInt = require("snarkjs").bigInt;
function toHex256(a) {
@@ -539,7 +538,7 @@ function createCode(P, w) {
function storeVals() {
C.push(VAR_POINTS); // p
for (let i=0; i<NPOINTS; i++) {
const MP = G2.affine(G2.mulScalar(P, bigInt(i)));
const MP = G2.affine(G2.mulScalar(P, i));
for (let j=0; j<2; j++) {
for (let k=0; k<2; k++) {
C.push(toHex256(MP[j][k])); // MP[0][0] p

17
src/mimc7.js
View File

@@ -1,8 +1,9 @@
const bigInt = require("big-integer");
const Scalar = require("ffjavascript").Scalar;
const ZqField = require("ffjavascript").ZqField;
const Web3Utils = require("web3-utils");
const F = new ZqField(bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617"));
const F = new ZqField(Scalar.fromString("21888242871839275222246405745257275088548364400416034343698204186575808495617"));
exports.F = F;
const SEED = "mimc";
const NROUNDS = 91;
@@ -10,7 +11,7 @@ const NROUNDS = 91;
exports.getIV = (seed) => {
if (typeof seed === "undefined") seed = SEED;
const c = Web3Utils.keccak256(seed+"_iv");
const cn = bigInt(Web3Utils.toBN(c).toString());
const cn = Scalar.FromString(Web3Utils.toBN(c).toString());
const iv = cn.mod(F.p);
return iv;
};
@@ -25,17 +26,17 @@ exports.getConstants = (seed, nRounds) => {
const n1 = Web3Utils.toBN(c).mod(Web3Utils.toBN(F.p.toString()));
const c2 = Web3Utils.padLeft(Web3Utils.toHex(n1), 64);
cts[i] = bigInt(Web3Utils.toBN(c2).toString());
cts[i] = Scalar.fromString(Web3Utils.toBN(c2).toString());
}
cts[0] = bigInt(0);
cts[0] = F.e(0);
return cts;
};
const cts = exports.getConstants(SEED, 91);
exports.hash = (_x_in, _k) =>{
const x_in = bigInt(_x_in);
const k = bigInt(_k);
const x_in = F.e(_x_in);
const k = F.e(_k);
let r;
for (let i=0; i<NROUNDS; i++) {
const c = cts[i];
@@ -58,7 +59,7 @@ exports.multiHash = (arr, key) => {
r,
arr[i]
),
exports.hash(bigInt(arr[i]), r)
exports.hash(F.e(arr[i]), r)
);
}
return r;

22
src/mimcsponge.js
View File

@@ -1,7 +1,7 @@
const bigInt = require("big-integer");
const Scalar = require("ffjavascript").Scalar
const Web3Utils = require("web3-utils");
const ZqField = require("ffjavascript").ZqField;
const F = new ZqField(bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617"));
const F = new ZqField(Scalar.fromString("21888242871839275222246405745257275088548364400416034343698204186575808495617"));
const SEED = "mimcsponge";
const NROUNDS = 220;
@@ -9,7 +9,7 @@ const NROUNDS = 220;
exports.getIV = (seed) => {
if (typeof seed === "undefined") seed = SEED;
const c = Web3Utils.keccak256(seed+"_iv");
const cn = bigInt(Web3Utils.toBN(c).toString());
const cn = Scalar.fromString(Web3Utils.toBN(c).toString());
const iv = cn.mod(F.p);
return iv;
};
@@ -24,23 +24,23 @@ exports.getConstants = (seed, nRounds) => {
const n1 = Web3Utils.toBN(c).mod(Web3Utils.toBN(F.p.toString()));
const c2 = Web3Utils.padLeft(Web3Utils.toHex(n1), 64);
cts[i] = bigInt(Web3Utils.toBN(c2).toString());
cts[i] = F.e(Web3Utils.toBN(c2).toString());
}
cts[0] = bigInt(0);
cts[cts.length - 1] = bigInt(0);
cts[0] = F.e(0);
cts[cts.length - 1] = F.e(0);
return cts;
};
const cts = exports.getConstants(SEED, NROUNDS);
exports.hash = (_xL_in, _xR_in, _k) =>{
let xL = bigInt(_xL_in);
let xR = bigInt(_xR_in);
const k = bigInt(_k);
let xL = F.e(_xL_in);
let xR = F.e(_xR_in);
const k = F.e(_k);
for (let i=0; i<NROUNDS; i++) {
const c = cts[i];
const t = (i==0) ? F.add(xL, k) : F.add(F.add(xL, k), c);
const xR_tmp = bigInt(xR);
const xR_tmp = F.e(xR);
if (i < (NROUNDS - 1)) {
xR = xL;
xL = F.add(xR_tmp, F.pow(t, 5));
@@ -66,7 +66,7 @@ exports.multiHash = (arr, key, numOutputs) => {
let C = F.zero;
for (let i=0; i<arr.length; i++) {
R = F.add(R, bigInt(arr[i]));
R = F.add(R, F.e(arr[i]));
const S = exports.hash(R, C, key);
R = S.xL;
C = S.xR;

41
src/pedersenHash.js
View File

@@ -1,6 +1,7 @@
const bigInt = require("big-integer");
const babyJub = require("./babyjub");
const createBlakeHash = require("blake-hash");
const blake2b = require("blake2b");
const Scalar = require("ffjavascript").Scalar;
const GENPOINT_PREFIX = "PedersenGenerator";
const windowSize = 4;
@@ -9,13 +10,23 @@ const nWindowsPerSegment = 50;
exports.hash = pedersenHash;
exports.getBasePoint = getBasePoint;
function pedersenHash(msg) {
function baseHash(type, S) {
if (type == "blake") {
return createBlakeHash("blake256").update(S).digest();
} else if (type == "blake2b") {
return Buffer.from(blake2b(32).update(Buffer.from(S)).digest());
}
}
function pedersenHash(msg, options) {
options = options || {};
options.baseHash = options.baseHash || "blake";
const bitsPerSegment = windowSize*nWindowsPerSegment;
const bits = buffer2bits(msg);
const nSegments = Math.floor((bits.length - 1)/(windowSize*nWindowsPerSegment)) +1;
let accP = [bigInt.zero,bigInt.one];
let accP = [babyJub.F.zero,babyJub.F.one];
for (let s=0; s<nSegments; s++) {
let nWindows;
@@ -24,32 +35,32 @@ function pedersenHash(msg) {
} else {
nWindows = nWindowsPerSegment;
}
let escalar = bigInt.zero;
let exp = bigInt.one;
let escalar = Scalar.e(0);
let exp = Scalar.e(1);
for (let w=0; w<nWindows; w++) {
let o = s*bitsPerSegment + w*windowSize;
let acc = bigInt.one;
let acc = Scalar.e(1);
for (let b=0; ((b<windowSize-1)&&(o<bits.length)) ; b++) {
if (bits[o]) {
acc = acc.add( bigInt.one.shiftLeft(b) );
acc = Scalar.add(acc, Scalar.shl(Scalar.e(1), b) );
}
o++;
}
if (o<bits.length) {
if (bits[o]) {
acc = bigInt.zero.minus(acc);
acc = Scalar.neg(acc);
}
o++;
}
escalar = escalar.add(acc.times(exp));
exp = exp.shiftLeft(windowSize+1);
escalar = Scalar.add(escalar, Scalar.mul(acc, exp));
exp = Scalar.shl(exp, windowSize+1);
}
if (escalar.lesser(bigInt.zero)) {
escalar = babyJub.subOrder.add(escalar);
if (Scalar.lt(escalar, 0)) {
escalar = Scalar.add( escalar, babyJub.subOrder);
}
accP = babyJub.addPoint(accP, babyJub.mulPointEscalar(getBasePoint(s), escalar));
accP = babyJub.addPoint(accP, babyJub.mulPointEscalar(getBasePoint(options.baseHash, s), escalar));
}
return babyJub.packPoint(accP);
@@ -57,13 +68,13 @@ function pedersenHash(msg) {
let bases = [];
function getBasePoint(pointIdx) {
function getBasePoint(baseHashType, pointIdx) {
if (pointIdx<bases.length) return bases[pointIdx];
let p= null;
let tryIdx = 0;
while (p==null) {
const S = GENPOINT_PREFIX + "_" + padLeftZeros(pointIdx, 32) + "_" + padLeftZeros(tryIdx, 32);
const h = createBlakeHash("blake256").update(S).digest();
const h = baseHash(baseHashType, S);
h[31] = h[31] & 0xBF; // Set 255th bit to 0 (256th is the signal and 254th is the last possible bit to 1)
p = babyJub.unpackPoint(h);
tryIdx++;

10
src/pedersen_printbases.js
View File

@@ -7,7 +7,15 @@ if (typeof process.argv[2] != "undefined") {
nBases = 5;
}
let baseHash;
if (typeof process.argv[3] != "undefined") {
baseHash = process.argv[3];
} else {
baseHash = "blake";
}
for (let i=0; i < nBases; i++) {
const p = pedersenHash.getBasePoint(i);
const p = pedersenHash.getBasePoint(baseHash, i);
console.log(`[${p[0]},${p[1]}]`);
}

147
src/poseidon.js
View File

@@ -1,120 +1,49 @@
const bigInt = require("big-integer");
const blake2b = require("blake2b");
const assert = require("assert");
const Scalar = require("ffjavascript").Scalar;
const ZqField = require("ffjavascript").ZqField;
const utils = require("./utils");
const { unstringifyBigInts } = require("ffjavascript").utils;
const F = new ZqField(bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617"));
// Prime 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
const F = new ZqField(Scalar.fromString("21888242871839275222246405745257275088548364400416034343698204186575808495617"));
const SEED = "poseidon";
const NROUNDSF = 8;
const NROUNDSP = 57;
const T = 6;
// Parameters are generated by a reference script https://extgit.iaik.tugraz.at/krypto/hadeshash/-/blob/master/code/generate_parameters_grain.sage
// Used like so: sage generate_parameters_grain.sage 1 0 254 2 8 56 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
const { C, M } = unstringifyBigInts(require("./poseidon_constants.json"));
function getPseudoRandom(seed, n) {
const res = [];
let input = Buffer.from(seed);
let h = blake2b(32).update(input).digest();
while (res.length<n) {
const n = F.normalize(utils.leBuff2int(h));
res.push(n);
h = blake2b(32).update(h).digest();
}
// Using recommended parameters from whitepaper https://eprint.iacr.org/2019/458.pdf (table 2, table 8)
// Generated by https://extgit.iaik.tugraz.at/krypto/hadeshash/-/blob/master/code/calc_round_numbers.py
// And rounded up to nearest integer that divides by t
const N_ROUNDS_F = 8;
const N_ROUNDS_P = [56, 57, 56, 60, 60, 63, 64, 63];
return res;
}
const pow5 = a => F.mul(a, F.square(F.square(a, a)));
function allDifferent(v) {
for (let i=0; i<v.length; i++) {
if (v[i].isZero()) return false;
for (let j=i+1; j<v.length; j++) {
if (v[i].equals(v[j])) return false;
function poseidon(inputs) {
assert(inputs.length > 0);
assert(inputs.length < N_ROUNDS_P.length - 1);
const t = inputs.length + 1;
const nRoundsF = N_ROUNDS_F;
const nRoundsP = N_ROUNDS_P[t - 2];
let state = [...inputs.map(a => F.e(a)), F.zero];
for (let r = 0; r < nRoundsF + nRoundsP; r++) {
state = state.map((a, i) => F.add(a, C[t - 2][r * t + i]));
if (r < nRoundsF / 2 || r >= nRoundsF / 2 + nRoundsP) {
state = state.map(a => pow5(a));
} else {
state[0] = pow5(state[0]);
}
// no matrix multiplication in the last round
if (r < nRoundsF + nRoundsP - 1) {
state = state.map((_, i) =>
state.reduce((acc, a, j) => F.add(acc, F.mul(M[t - 2][j][i], a)), F.zero)
);
}
}
return true;
return F.normalize(state[0]);
}
exports.getMatrix = (t, seed, nRounds) => {
if (typeof seed === "undefined") seed = SEED;
if (typeof nRounds === "undefined") nRounds = NROUNDSF + NROUNDSP;
if (typeof t === "undefined") t = T;
assert(t<=6); // Force the same matrix for all.
t=6;
let nonce = "0000";
let cmatrix = getPseudoRandom(seed+"_matrix_"+nonce, t*2);
while (!allDifferent(cmatrix)) {
nonce = (Number(nonce)+1)+"";
while(nonce.length<4) nonce = "0"+nonce;
cmatrix = getPseudoRandom(seed+"_matrix_"+nonce, t*2);
}
const M = new Array(t);
for (let i=0; i<t; i++) {
M[i] = new Array(t);
for (let j=0; j<t; j++) {
M[i][j] = F.normalize(F.inv(F.sub(cmatrix[i], cmatrix[t+j])));
}
}
return M;
};
exports.getConstants = (t, seed, nRounds) => {
if (typeof seed === "undefined") seed = SEED;
if (typeof nRounds === "undefined") nRounds = NROUNDSF + NROUNDSP;
if (typeof t === "undefined") t = T;
const cts = getPseudoRandom(seed+"_constants", nRounds);
return cts;
};
function ark(state, c) {
for (let j=0; j<state.length; j++ ) {
state[j] = F.add(state[j], c);
}
}
function sigma(a) {
return F.mul(a, F.square(F.square(a,a)));
}
function mix(state, M) {
const newState = new Array(state.length);
for (let i=0; i<state.length; i++) {
newState[i] = F.zero;
for (let j=0; j<state.length; j++) {
newState[i] = F.add(newState[i], F.mul(M[i][j], state[j]) );
}
}
for (let i=0; i<state.length; i++) state[i] = newState[i];
}
exports.createHash = (t, nRoundsF, nRoundsP, seed) => {
if (typeof seed === "undefined") seed = SEED;
if (typeof nRoundsF === "undefined") nRoundsF = NROUNDSF;
if (typeof nRoundsP === "undefined") nRoundsP = NROUNDSP;
if (typeof t === "undefined") t = T;
assert(nRoundsF % 2 == 0);
const C = exports.getConstants(t, seed, nRoundsF + nRoundsP);
const M = exports.getMatrix(t, seed, nRoundsF + nRoundsP);
return function(inputs) {
let state = [];
assert(inputs.length <= t);
assert(inputs.length > 0);
for (let i=0; i<inputs.length; i++) state[i] = bigInt(inputs[i]);
for (let i=inputs.length; i<t; i++) state[i] = F.zero;
for (let i=0; i< nRoundsF + nRoundsP; i++) {
ark(state, C[i]);
if ((i<nRoundsF/2) || (i >= nRoundsF/2 + nRoundsP)) {
for (let j=0; j<t; j++) state[j] = sigma(state[j]);
} else {
state[0] = sigma(state[0]);
}
mix(state, M);
}
return F.normalize(state[0]);
};
};
module.exports = poseidon;

3449
src/poseidon_constants.json Normal file
View File

File diff suppressed because it is too large Load Diff

54
src/poseidon_gencontract.js
View File

@@ -2,14 +2,13 @@
// License: LGPL-3.0+
//
const Poseidon = require("./poseidon.js");
const Contract = require("./evmasm");
const { unstringifyBigInts } = require("ffjavascript").utils;
const SEED = "poseidon";
const NROUNDSF = 8;
const NROUNDSP = 57;
const T = 6;
const { C:K, M } = unstringifyBigInts(require("./poseidon_constants.json"));
const N_ROUNDS_F = 8;
const N_ROUNDS_P = [56, 57, 56, 60, 60, 63, 64, 63];
function toHex256(a) {
let S = a.toString(16);
@@ -17,38 +16,34 @@ function toHex256(a) {
return "0x" + S;
}
function createCode(t, nRoundsF, nRoundsP, seed) {
if (typeof seed === "undefined") seed = SEED;
if (typeof nRoundsF === "undefined") nRoundsF = NROUNDSF;
if (typeof nRoundsP === "undefined") nRoundsP = NROUNDSP;
if (typeof t === "undefined") t = T;
function createCode(nInputs) {
const K = Poseidon.getConstants(t, seed, nRoundsP + nRoundsF);
const M = Poseidon.getMatrix(t, seed, nRoundsP + nRoundsF);
if (( nInputs<1) || (nInputs>8)) throw new Error("Invalid number of inputs. Must be 1<=nInputs<=8");
const t = nInputs + 1;
const nRoundsF = N_ROUNDS_F;
const nRoundsP = N_ROUNDS_P[t - 2];
const C = new Contract();
function saveM() {
for (let i=0; i<t; i++) {
for (let j=0; j<t; j++) {
C.push(toHex256(M[i][j]));
C.push(toHex256(M[t-2][j][i]));
C.push((1+i*t+j)*32);
C.mstore();
}
}
}
function ark(r) {
C.push(toHex256(K[r])); // K, st, q
function ark(r) { // st, q
for (let i=0; i<t; i++) {
C.dup(1+t); // q, K, st, q
C.dup(1); // K, q, K, st, q
C.dup(3+i); // st[i], K, q, K, st, q
C.addmod(); // newSt[i], K, st, q
C.swap(2 + i); // xx, K, st, q
C.dup(t); // q, st, q
C.push(toHex256(K[t-2][r*t+i])); // K, q, st, q
C.dup(2+i); // st[i], K, q, st, q
C.addmod(); // newSt[i], st, q
C.swap(1 + i); // xx, st, q
C.pop();
}
C.pop();
}
function sigma(p) {
@@ -115,17 +110,17 @@ function createCode(t, nRoundsF, nRoundsP, seed) {
C.push("0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001"); // q
// Load 6 values from the call data.
// Load t values from the call data.
// The function has a single array param param
// [Selector (4)] [Pointer (32)][Length (32)] [data1 (32)] ....
// We ignore the pointer and the length and just load 6 values to the state
// (Stack positions 0-5) If the array is shorter, we just set zeros.
// We ignore the pointer and the length and just load t values to the state
// (Stack positions 0-{t-1}) If the array is shorter, we just set zeros.
for (let i=0; i<t; i++) {
C.push(0x44+(0x20*(t-1-i)));
C.calldataload();
}
for (let i=0; i<nRoundsF+nRoundsP; i++) {
for (let i=0; i<nRoundsF+nRoundsP-1; i++) {
ark(i);
if ((i<nRoundsF/2) || (i>=nRoundsP+nRoundsF/2)) {
for (let j=0; j<t; j++) {
@@ -142,6 +137,13 @@ function createCode(t, nRoundsF, nRoundsP, seed) {
C.label(strLabel);
}
C.push(toHex256(K[t-2][(nRoundsF+nRoundsP-1)*t])); // K, st, q
C.dup(t+1); // q, K, st, q
C.swap(2); // st[0], K, q, st\st[0]
C.addmod(); // st q
sigma(0);
C.push("0x00");
C.mstore(); // Save it to pos 0;
C.push("0x20");

16
src/poseidon_printconstants.js
View File

@@ -1,16 +0,0 @@
const Poseidon = require("./poseidon.js");
const C = Poseidon.getConstants();
let S = "[\n";
for (let i=0; i<C.length; i++) {
S = S + " " + C[i].toString();
if (i<C.length-1) S = S + ",";
S = S + "\n";
}
S=S+ "]\n";
console.log(S);

10
src/poseidon_printcontract.js
View File

@@ -1,5 +1,13 @@
const poseidonGenContract = require("./poseidon_gencontract");
if (process.argv.length != 3) {
console.log("Usage: node poseidon_gencontract.js [numberOfInputs]");
process.exit(1);
}
console.log(poseidonGenContract.createCode(6, 8, 57));
const nInputs = Number(process.argv[2]);
console.log(nInputs);
console.log(poseidonGenContract.createCode(nInputs));

60
src/smt.js
View File

@@ -1,7 +1,6 @@
const bigInt = require("big-integer");
const Scalar = require("ffjavascript").Scalar;
const SMTMemDB = require("./smt_memdb");
const {hash0, hash1} = require("./smt_hashes_poseidon");
const {hash0, hash1, F} = require("./smt_hashes_poseidon");
class SMT {
@@ -11,18 +10,7 @@ class SMT {
}
_splitBits(_key) {
let k = bigInt(_key);
const res = [];
while (!k.isZero()) {
if (k.isOdd()) {
res.push(true);
} else {
res.push(false);
}
k = k.shiftRight(1);
}
const res = Scalar.bits(_key);
while (res.length<256) res.push(false);
@@ -30,8 +18,8 @@ class SMT {
}
async update(_key, _newValue) {
const key = bigInt(_key);
const newValue = bigInt(_newValue);
const key = Scalar.e(_key);
const newValue = F.e(_newValue);
const resFind = await this.find(key);
@@ -70,16 +58,16 @@ class SMT {
res.newRoot = rtNew;
await this.db.multiDel(dels);
await this.db.multiIns(ins);
await this.db.setRoot(rtNew);
this.root = rtNew;
await this.db.multiDel(dels);
return res;
}
async delete(_key) {
const key = bigInt(_key);
const key = Scalar.e(_key);
const resFind = await this.find(key);
if (!resFind.found) throw new Error("Key does not exists");
@@ -99,7 +87,7 @@ class SMT {
let mixed;
if (resFind.siblings.length > 0) {
const record = await this.db.get(resFind.siblings[resFind.siblings.length - 1]);
if ((record.length == 3)&&(record[0].equals(bigInt.one))) {
if ((record.length == 3)&&(F.eq(record[0], F.one))) {
mixed = false;
res.oldKey = record[1];
res.oldValue = record[2];
@@ -108,16 +96,16 @@ class SMT {
} else if (record.length == 2) {
mixed = true;
res.oldKey = key;
res.oldValue = bigInt(0);
res.oldValue = F.zero;
res.isOld0 = true;
rtNew = bigInt.zero;
rtNew = F.zero;
} else {
throw new Error("Invalid node. Database corrupted");
}
} else {
rtNew = bigInt.zero;
rtNew = F.zero;
res.oldKey = key;
res.oldValue = bigInt(0);
res.oldValue = F.zero;
res.isOld0 = true;
}
@@ -126,7 +114,7 @@ class SMT {
for (let level = resFind.siblings.length-1; level >=0; level--) {
let newSibling = resFind.siblings[level];
if ((level == resFind.siblings.length-1)&&(!res.isOld0)) {
newSibling = bigInt.zero;
newSibling = F.zero;
}
const oldSibling = resFind.siblings[level];
if (keyBits[level]) {
@@ -135,7 +123,7 @@ class SMT {
rtOld = hash0(rtOld, oldSibling);
}
dels.push(rtOld);
if (!newSibling.isZero()) {
if (!F.isZero(newSibling)) {
mixed = true;
}
@@ -164,8 +152,8 @@ class SMT {
}
async insert(_key, _value) {
const key = bigInt(_key);
const value = bigInt(_value);
const key = Scalar.e(_key);
const value = F.e(_value);
let addedOne = false;
const res = {};
res.oldRoot = this.root;
@@ -183,7 +171,7 @@ class SMT {
if (!resFind.isOld0) {
const oldKeyits = this._splitBits(resFind.notFoundKey);
for (let i= res.siblings.length; oldKeyits[i] == newKeyBits[i]; i++) {
res.siblings.push(bigInt.zero);
res.siblings.push(F.zero);
}
rtOld = hash1(resFind.notFoundKey, resFind.notFoundValue);
res.siblings.push(rtOld);
@@ -191,7 +179,7 @@ class SMT {
mixed = false;
} else if (res.siblings.length >0) {
mixed = true;
rtOld = bigInt.zero;
rtOld = F.zero;
}
const inserts = [];
@@ -201,7 +189,7 @@ class SMT {
inserts.push([rt,[1, key, value]] );
for (let i=res.siblings.length-1; i>=0; i--) {
if ((i<res.siblings.length-1)&&(!res.siblings[i].isZero())) {
if ((i<res.siblings.length-1)&&(!F.isZero(res.siblings[i]))) {
mixed = true;
}
if (mixed) {
@@ -227,7 +215,7 @@ class SMT {
}
if (addedOne) res.siblings.pop();
while ((res.siblings.length>0) && (res.siblings[res.siblings.length-1].isZero())) {
while ((res.siblings.length>0) && (F.isZero(res.siblings[res.siblings.length-1]))) {
res.siblings.pop();
}
res.oldKey = resFind.notFoundKey;
@@ -253,12 +241,12 @@ class SMT {
if (typeof root === "undefined") root = this.root;
let res;
if (root.isZero()) {
if (F.isZero(root)) {
res = {
found: false,
siblings: [],
notFoundKey: key,
notFoundValue: bigInt.zero,
notFoundValue: F.zero,
isOld0: true
};
return res;
@@ -266,8 +254,8 @@ class SMT {
const record = await this.db.get(root);
if ((record.length==3)&&(record[0].equals(bigInt.one))) {
if (record[1].equals(key)) {
if ((record.length==3)&&(F.eq(record[0],F.one))) {
if (F.eq(record[1],key)) {
res = {
found: true,
siblings: [],

2
src/smt_hashes_mimc.js
View File

@@ -8,3 +8,5 @@ exports.hash0 = function (left, right) {
exports.hash1 = function(key, value) {
return mimc7.multiHash([key, value], bigInt.one);
};
exports.F = mimc7.F;

16
src/smt_hashes_poseidon.js
View File

@@ -1,12 +1,18 @@
const Poseidon = require("./poseidon");
const bigInt = require("big-integer");
const hash = Poseidon.createHash(6, 8, 57);
const ZqField = require("ffjavascript").ZqField;
const Scalar = require("ffjavascript").Scalar;
const poseidon = require("./poseidon");
const F = new ZqField(Scalar.fromString("21888242871839275222246405745257275088548364400416034343698204186575808495617"));
exports.hash0 = function (left, right) {
return hash([left, right]);
return poseidon([left, right]);
};
exports.hash1 = function(key, value) {
return hash([key, value, bigInt.one]);
return poseidon([key, value, F.one]);
};
exports.F = F;

13
src/smt_memdb.js
View File

@@ -1,9 +1,14 @@
const bigInt = require("big-integer");
const Scalar = require("ffjavascript").Scalar;
const ZqField = require("ffjavascript").ZqField;
// Prime 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
const F = new ZqField(Scalar.fromString("21888242871839275222246405745257275088548364400416034343698204186575808495617"));
class SMTMemDb {
constructor() {
this.nodes = {};
this.root = bigInt(0);
this.root = F.zero;
}
async getRoot() {
@@ -12,13 +17,13 @@ class SMTMemDb {
_key2str(k) {
// const keyS = bigInt(key).leInt2Buff(32).toString("hex");
const keyS = bigInt(k).toString();
const keyS = k.toString();
return keyS;
}
_normalize(n) {
for (let i=0; i<n.length; i++) {
n[i] = bigInt(n[i]);
n[i] = F.e(n[i]);
}
}

87
src/utils.js
View File

@@ -1,87 +0,0 @@
const bigInt = require("big-integer");
module.exports.leBuff2int = leBuff2int;
module.exports.leInt2Buff = leInt2Buff;
module.exports.beBuff2int = beBuff2int;
module.exports.beInt2Buff = beInt2Buff;
module.exports.stringifyBigInts = stringifyBigInts;
module.exports.unstringifyBigInts = unstringifyBigInts;
function leBuff2int (buff) {
let res = bigInt.zero;
for (let i=0; i<buff.length; i++) {
const n = bigInt(buff[i]);
res = res.add(n.shiftLeft(i*8));
}
return res;
}
function leInt2Buff(n, len) {
let r = n;
let o =0;
const buff = Buffer.alloc(len);
while ((r.gt(bigInt.zero))&&(o<buff.length)) {
let c = Number(r.and(bigInt(255)));
buff[o] = c;
o++;
r = r.shiftRight(8);
}
if (r.gt(bigInt.zero)) throw new Error("Number does not feed in buffer");
return buff;
}
function beBuff2int (buff) {
let res = bigInt.zero;
for (let i=0; i<buff.length; i++) {
const n = bigInt(buff[buff.length - i - 1]);
res = res.add(n.shiftLeft(i*8));
}
return res;
}
function beInt2Buff(n, len) {
let r = n;
let o =len-1;
const buff = Buffer.alloc(len);
while ((r.greater(bigInt.zero))&&(o>=0)) {
let c = Number(r.and(bigInt(255)));
buff[o] = c;
o--;
r = r.shiftRight(8);
}
if (r.gt(bigInt.zero)) throw new Error("Number does not feed in buffer");
return buff;
}
function stringifyBigInts(o) {
if ((typeof(o) == "bigint") || o.isZero !== undefined) {
return o.toString(10);
} else if (Array.isArray(o)) {
return o.map(stringifyBigInts);
} else if (typeof o == "object") {
const res = {};
for (let k in o) {
res[k] = stringifyBigInts(o[k]);
}
return res;
} else {
return o;
}
}
function unstringifyBigInts(o) {
if ((typeof(o) == "string") && (/^[0-9]+$/.test(o) )) {
return bigInt(o);
} else if (Array.isArray(o)) {
return o.map(unstringifyBigInts);
} else if (typeof o == "object") {
const res = {};
for (let k in o) {
res[k] = unstringifyBigInts(o[k]);
}
return res;
} else {
return o;
}
}

22
test/aliascheck.js
View File

@@ -3,7 +3,11 @@ const path = require("path");
const assert = chai.assert;
const bigInt = require("big-integer");
const Scalar = require("ffjavascript").Scalar;
const F1Field = require("ffjavascript").F1Field;
const utils = require("ffjavascript").utils;
const q = Scalar.fromString("21888242871839275222246405745257275088548364400416034343698204186575808495617");
const F = new F1Field(q);
const tester = require("circom").tester;
@@ -14,16 +18,15 @@ function print(circuit, w, s) {
function getBits(v, n) {
const res = [];
for (let i=0; i<n; i++) {
if (v.shiftRight(i).isOdd()) {
res.push(bigInt.one);
if (Scalar.isOdd(Scalar.shr(v,i))) {
res.push(F.one);
} else {
res.push(bigInt.zero);
res.push(F.zero);
}
}
return res;
}
const q = bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617");
describe("Aliascheck test", function () {
this.timeout(100000);
@@ -35,17 +38,18 @@ describe("Aliascheck test", function () {
});
it("Satisfy the aliastest 0", async () => {
const inp = getBits(bigInt.zero, 254);
const inp = getBits(0, 254);
await cir.calculateWitness({in: inp}, true);
});
it("Satisfy the aliastest 3", async () => {
const inp = getBits(bigInt(3), 254);
const inp = getBits(3, 254);
await cir.calculateWitness({in: inp}, true);
});
it("Satisfy the aliastest q-1", async () => {
const inp = getBits(q.minus(bigInt.one), 254);
const inp = getBits(F.minusone, 254);
// console.log(JSON.stringify(utils.stringifyBigInts(inp)));
await cir.calculateWitness({in: inp}, true);
});
@@ -61,7 +65,7 @@ describe("Aliascheck test", function () {
it("Should not satisfy all ones", async () => {
const inp = getBits(bigInt(1).shiftLeft(254).minus(bigInt.one), 254);
const inp = getBits(Scalar.sub(Scalar.shl(1, 254) , 1) , 254);
try {
await cir.calculateWitness({in: inp}, true);
assert(false);

41
test/babyjub.js
View File

@@ -3,12 +3,13 @@ const path = require("path");
const createBlakeHash = require("blake-hash");
const eddsa = require("../src/eddsa.js");
const F = require("../src/babyjub.js").F;
const assert = chai.assert;
const bigInt = require("big-integer");
const tester = require("circom").tester;
const utils = require("../src/utils.js");
const utils = require("ffjavascript").utils;
const Scalar = require("ffjavascript").Scalar;
describe("Baby Jub test", function () {
let circuitAdd;
@@ -28,31 +29,31 @@ describe("Baby Jub test", function () {
it("Should add point (0,1) and (0,1)", async () => {
const input={
x1: bigInt(0),
y1: bigInt(1),
x2: bigInt(0),
y2: bigInt(1)
x1: F.e(0),
y1: F.e(1),
x2: F.e(0),
y2: F.e(1)
};
const w = await circuitAdd.calculateWitness(input, true);
await circuitAdd.assertOut(w, {xout: bigInt(0), yout: bigInt(1)});
await circuitAdd.assertOut(w, {xout: F.e(0), yout: F.e(1)});
});
it("Should add 2 same numbers", async () => {
const input={
x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
y1: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
x2: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
y2: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")
x1: F.e("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
y1: F.e("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
x2: F.e("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
y2: F.e("2626589144620713026669568689430873010625803728049924121243784502389097019475")
};
const w = await circuitAdd.calculateWitness(input, true);
await circuitAdd.assertOut(w, {
xout: bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
yout: bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889")
xout: F.e("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
yout: F.e("4338620300185947561074059802482547481416142213883829469920100239455078257889")
});
});
@@ -60,17 +61,17 @@ describe("Baby Jub test", function () {
it("Should add 2 different numbers", async () => {
const input={
x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
y1: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
x2: bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
y2: bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311")
x1: F.e("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
y1: F.e("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
x2: F.e("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
y2: F.e("20819045374670962167435360035096875258406992893633759881276124905556507972311")
};
const w = await circuitAdd.calculateWitness(input, true);
await circuitAdd.assertOut(w, {
xout: bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937"),
yout: bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499")
xout: F.e("7916061937171219682591368294088513039687205273691143098332585753343424131937"),
yout: F.e("14035240266687799601661095864649209771790948434046947201833777492504781204499")
});
});
@@ -94,7 +95,7 @@ describe("Baby Jub test", function () {
const rawpvk = Buffer.from("0001020304050607080900010203040506070809000102030405060708090021", "hex");
const pvk = eddsa.pruneBuffer(createBlakeHash("blake512").update(rawpvk).digest().slice(0,32));
const S = utils.leBuff2int(pvk).shiftRight(3);
const S = Scalar.shr(utils.leBuff2int(pvk), 3);
const A = eddsa.prv2pub(rawpvk);

84
test/babyjub_js.js
View File

@@ -1,6 +1,6 @@
const chai = require("chai");
const bigInt = require("big-integer");
const babyjub = require("../src/babyjub.js");
const Scalar = require("ffjavascript").Scalar;
const assert = chai.assert;
@@ -14,16 +14,16 @@ describe("Baby Jub js test", function () {
it("Should add point (0,1) and (0,1)", () => {
const p1 = [
bigInt(0),
bigInt(1)];
babyjub.F.e(0),
babyjub.F.e(1)];
const p2 = [
bigInt(0),
bigInt(1)
babyjub.F.e(0),
babyjub.F.e(1)
];
const out = babyjub.addPoint(p1, p2);
assert(out[0].equals(0));
assert(out[1].equals(1));
assert(babyjub.F.eq(out[0], babyjub.F.zero));
assert(babyjub.F.eq(out[1], babyjub.F.one));
});
it("Should base be 8*generator", () => {
@@ -32,50 +32,50 @@ describe("Baby Jub js test", function () {
res = babyjub.addPoint(res, res);
res = babyjub.addPoint(res, res);
assert(res[0].equals(babyjub.Base8[0]));
assert(res[1].equals(babyjub.Base8[1]));
assert(babyjub.F.eq(res[0], babyjub.Base8[0]));
assert(babyjub.F.eq(res[1], babyjub.Base8[1]));
});
it("Should add 2 same numbers", () => {
const p1 = [
bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
babyjub.F.e("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
babyjub.F.e("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
];
const p2 = [
bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
babyjub.F.e("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
babyjub.F.e("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
];
const out = babyjub.addPoint(p1, p2);
assert(out[0].equals(bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365")));
assert(out[1].equals(bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889")));
assert(babyjub.F.eq(out[0], babyjub.F.e("6890855772600357754907169075114257697580319025794532037257385534741338397365")));
assert(babyjub.F.eq(out[1], babyjub.F.e("4338620300185947561074059802482547481416142213883829469920100239455078257889")));
});
it("Should add 2 different numbers", () => {
const p1 = [
bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
babyjub.F.e("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
babyjub.F.e("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
];
const p2 = [
bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311"),
babyjub.F.e("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
babyjub.F.e("20819045374670962167435360035096875258406992893633759881276124905556507972311"),
];
const out = babyjub.addPoint(p1, p2);
assert(babyjub.F.eq(out[0], babyjub.F.e("7916061937171219682591368294088513039687205273691143098332585753343424131937")));
assert(babyjub.F.eq(out[1], babyjub.F.e("14035240266687799601661095864649209771790948434046947201833777492504781204499")));
assert(out[0].equals(bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937")));
assert(out[1].equals(bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499")));
});
it("should mulPointEscalar 0", () => {
const p = [
bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
babyjub.F.e("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
babyjub.F.e("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
];
const r = babyjub.mulPointEscalar(p, bigInt("3"));
const r = babyjub.mulPointEscalar(p, 3);
let r2 = babyjub.addPoint(p, p);
r2 = babyjub.addPoint(r2, p);
assert.equal(r2[0].toString(), r[0].toString());
@@ -86,62 +86,62 @@ describe("Baby Jub js test", function () {
it("should mulPointEscalar 1", () => {
const p = [
bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
babyjub.F.e("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
babyjub.F.e("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
];
const r = babyjub.mulPointEscalar(p, bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499"));
const r = babyjub.mulPointEscalar(p, Scalar.fromString("14035240266687799601661095864649209771790948434046947201833777492504781204499"));
assert.equal(r[0].toString(), "17070357974431721403481313912716834497662307308519659060910483826664480189605");
assert.equal(r[1].toString(), "4014745322800118607127020275658861516666525056516280575712425373174125159339");
});
it("should mulPointEscalar 2", () => {
const p = [
bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
babyjub.F.e("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
babyjub.F.e("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
];
const r = babyjub.mulPointEscalar(p, bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311"));
const r = babyjub.mulPointEscalar(p, Scalar.fromString("20819045374670962167435360035096875258406992893633759881276124905556507972311"));
assert.equal(r[0].toString(), "13563888653650925984868671744672725781658357821216877865297235725727006259983");
assert.equal(r[1].toString(), "8442587202676550862664528699803615547505326611544120184665036919364004251662");
});
it("should inCurve 1", () => {
const p = [
bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
babyjub.F.e("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
babyjub.F.e("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
];
assert(babyjub.inCurve(p));
});
it("should inCurve 2", () => {
const p = [
bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
babyjub.F.e("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
babyjub.F.e("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
];
assert(babyjub.inCurve(p));
});
it("should inSubgroup 1", () => {
const p = [
bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
babyjub.F.e("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
babyjub.F.e("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
];
assert(babyjub.inSubgroup(p));
});
it("should inSubgroup 2", () => {
const p = [
bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
babyjub.F.e("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
babyjub.F.e("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
];
assert(babyjub.inSubgroup(p));
});
it("should packPoint - unpackPoint 1", () => {
const p = [
bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
babyjub.F.e("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
babyjub.F.e("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
];
const buf = babyjub.packPoint(p);
assert.equal(buf.toString("hex"), "53b81ed5bffe9545b54016234682e7b2f699bd42a5e9eae27ff4051bc698ce85");
@@ -152,8 +152,8 @@ describe("Baby Jub js test", function () {
it("should packPoint - unpackPoint 2", () => {
const p = [
bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
babyjub.F.e("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
babyjub.F.e("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
];
const buf = babyjub.packPoint(p);
assert.equal(buf.toString("hex"), "e114eb17eddf794f063a68fecac515e3620e131976108555735c8b0773929709");

18
test/binsub.js
View File

@@ -1,6 +1,7 @@
const path = require("path");
const bigInt = require("big-integer");
const Fr = require("ffjavascript").bn128.Fr;
const Scalar = require("ffjavascript").Scalar;
const tester = require("circom").tester;
function print(circuit, w, s) {
@@ -8,15 +9,16 @@ function print(circuit, w, s) {
}
async function checkSub(_a,_b, circuit) {
let a=bigInt(_a);
let b=bigInt(_b);
if (a.lesser(bigInt.zero)) a = a.add(bigInt.one.shiftLeft(16));
if (b.lesser(bigInt.zero)) b = b.add(bigInt.one.shiftLeft(16));
let a=Scalar.e(_a);
let b=Scalar.e(_b);
if (Scalar.lt(a, 0)) a = Scalar.add(a, Scalar.shl(1, 16));
if (Scalar.lt(b, 0)) b = Scalar.add(b, Scalar.shl(1, 16));
const w = await circuit.calculateWitness({a: a, b: b}, true);
let res = a.minus(b);
if (res.lesser(bigInt.zero)) res = res.add(bigInt.one.shiftLeft(16));
await circuit.assertOut(w, {out: bigInt(res)});
let res = Scalar.sub(a, b);
if (Scalar.lt(res, 0)) res = Scalar.add(res, Scalar.shl(1, 16));
await circuit.assertOut(w, {out: res});
}
describe("BinSub test", function () {

12
test/binsum.js
View File

@@ -3,7 +3,7 @@ const path = require("path");
const tester = require("circom").tester;
const bigInt = require("big-integer");
const Fr = require("ffjavascript").bn128.Fr;
const assert = chai.assert;
@@ -18,10 +18,10 @@ describe("Binary sum test", function () {
assert.equal(circuit.nVars, 2);
assert.equal(circuit.constraints.length, 1);
const witness = await circuit.calculateWitness({ "in": bigInt("d807aa98", 16)}, true);
const witness = await circuit.calculateWitness({ "in": Fr.e("d807aa98", 16)}, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt("d807aa98", 16)));
assert(Fr.eq(witness[0],Fr.e(1)));
assert(Fr.eq(witness[1],Fr.e("d807aa98", 16)));
});
it("Should create a sum circuit", async () => {
const circuit = await tester(path.join(__dirname, "circuits", "sum_test.circom"));
@@ -31,7 +31,7 @@ describe("Binary sum test", function () {
const witness = await circuit.calculateWitness({ "a": "111", "b": "222" }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt("333")));
assert(Fr.eq(witness[0],Fr.e(1)));
assert(Fr.eq(witness[1],Fr.e("333")));
});
});

258
test/circuits/in.json
View File

@@ -1,258 +0,0 @@
{
"in": [
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1",
"1"
]
}

2
test/circuits/poseidon3_test.circom
View File

@@ -1,3 +1,3 @@
include "../../circuits/poseidon.circom"
component main = Poseidon(2, 3, 8, 57);
component main = Poseidon(2);

2
test/circuits/poseidon6_test.circom
View File

@@ -1,3 +1,3 @@
include "../../circuits/poseidon.circom"
component main = Poseidon(2, 6, 8, 57);
component main = Poseidon(5);

147
test/comparators.js
View File

@@ -3,7 +3,7 @@ const path = require("path");
const tester = require("circom").tester;
const bigInt = require("big-integer");
const Fr = require("ffjavascript").bn128.Fr;
const assert = chai.assert;
@@ -16,60 +16,61 @@ describe("Comparators test", function () {
let witness;
witness = await circuit.calculateWitness({ "in": 111}, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": 0 }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
});
it("Should create a isequal circuit", async() => {
const circuit = await tester(path.join(__dirname, "circuits", "isequal.circom"));
let witness;
witness = await circuit.calculateWitness({ "in": [111,222] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": [444,444] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
});
it("Should create a comparison lessthan", async() => {
const circuit = await tester(path.join(__dirname, "circuits", "lessthan.circom"));
let witness;
witness = await circuit.calculateWitness({ "in": [333,444] }), true;
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in":[1,1] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
});
it("Should create a comparison lesseqthan", async() => {
@@ -77,36 +78,36 @@ describe("Comparators test", function () {
let witness;
witness = await circuit.calculateWitness({ "in": [333,444] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in":[1,1] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
});
it("Should create a comparison greaterthan", async() => {
@@ -114,71 +115,71 @@ describe("Comparators test", function () {
let witness;
witness = await circuit.calculateWitness({ "in": [333,444] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in":[1,1] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
});
it("Should create a comparison greatereqthan", async() => {
const circuit = await tester(path.join(__dirname, "circuits", "greatereqthan.circom"));
let witness;
witness = await circuit.calculateWitness({ "in": [333,444] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in":[1,1] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(0)));
witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(1)));
assert(Fr.eq(witness[0], Fr.e(1)));
assert(Fr.eq(witness[1], Fr.e(1)));
});
});

6
test/eddsa.js
View File

@@ -2,7 +2,7 @@ const chai = require("chai");
const path = require("path");
const tester = require("circom").tester;
const bigInt = require("big-integer");
const Fr = require("ffjavascript").bn128.Fr;
const eddsa = require("../src/eddsa.js");
const babyJub = require("../src/babyjub.js");
@@ -18,9 +18,9 @@ function buffer2bits(buff) {
for (let i=0; i<buff.length; i++) {
for (let j=0; j<8; j++) {
if ((buff[i]>>j)&1) {
res.push(bigInt.one);
res.push(Fr.one);
} else {
res.push(bigInt.zero);
res.push(Fr.zero);
}
}
}

7
test/eddsa_js.js
View File

@@ -5,8 +5,7 @@ const babyJub = require("../src/babyjub.js");
const assert = chai.assert;
const bigInt = require("big-integer");
const utils = require("../src/utils.js");
const utils = require("ffjavascript").utils;
describe("EdDSA js test", function () {
@@ -68,12 +67,12 @@ describe("EdDSA js test", function () {
assert.equal(signature.R8[1].toString(),
"15383486972088797283337779941324724402501462225528836549661220478783371668959");
assert.equal(signature.S.toString(),
"248298168863866362217836334079793350221620631973732197668910946177382043688");
"1398758333392199195742243841591064350253744445503462896781493968760929513778");
const pSignature = eddsa.packSignature(signature);
assert.equal(pSignature.toString("hex"), ""+
"dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
"28506bce274aa1b3f7e7c2fd7e4fe09bff8f9aa37a42def7994e98f322888c00");
"32f16b0f2f4c4e1169aa59685637e1429b6581a9531d058d65f4ab224eab1703");
const uSignature = eddsa.unpackSignature(pSignature);
assert(eddsa.verifyPoseidon(msg, uSignature, pubKey));

13
test/eddsamimc.js
View File

@@ -1,7 +1,8 @@
const chai = require("chai");
const path = require("path");
const tester = require("circom").tester;
const bigInt = require("big-integer");
const Fr = require("ffjavascript").bn128.Fr;
const eddsa = require("../src/eddsa.js");
@@ -18,7 +19,7 @@ describe("EdDSA MiMC test", function () {
});
it("Sign a single number", async () => {
const msg = bigInt(1234);
const msg = Fr.e(1234);
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
@@ -43,7 +44,7 @@ describe("EdDSA MiMC test", function () {
});
it("Detect Invalid signature", async () => {
const msg = bigInt(1234);
const msg = Fr.e(1234);
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
@@ -58,7 +59,7 @@ describe("EdDSA MiMC test", function () {
enabled: 1,
Ax: pubKey[0],
Ay: pubKey[1],
R8x: signature.R8[0].add(bigInt(1)),
R8x: Fr.add(signature.R8[0], Fr.e(1)),
R8y: signature.R8[1],
S: signature.S,
M: msg}, true);
@@ -70,7 +71,7 @@ describe("EdDSA MiMC test", function () {
it("Test a dissabled circuit with a bad signature", async () => {
const msg = bigInt(1234);
const msg = Fr.e(1234);
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
@@ -85,7 +86,7 @@ describe("EdDSA MiMC test", function () {
enabled: 0,
Ax: pubKey[0],
Ay: pubKey[1],
R8x: signature.R8[0].add(bigInt(1)),
R8x: Fr.add(signature.R8[0], Fr.e(1)),
R8y: signature.R8[1],
S: signature.S,
M: msg}, true);

12
test/eddsaposeidon.js
View File

@@ -1,7 +1,7 @@
const chai = require("chai");
const path = require("path");
const bigInt = require("big-integer");
const tester = require("circom").tester;
const Fr = require("ffjavascript").bn128.Fr;
const eddsa = require("../src/eddsa.js");
@@ -19,7 +19,7 @@ describe("EdDSA Poseidon test", function () {
});
it("Sign a single number", async () => {
const msg = bigInt(1234);
const msg = Fr.e(1234);
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
@@ -47,7 +47,7 @@ describe("EdDSA Poseidon test", function () {
});
it("Detect Invalid signature", async () => {
const msg = bigInt(1234);
const msg = Fr.e(1234);
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
@@ -62,7 +62,7 @@ describe("EdDSA Poseidon test", function () {
enabled: 1,
Ax: pubKey[0],
Ay: pubKey[1],
R8x: signature.R8[0].add(bigInt(1)),
R8x: Fr.add(signature.R8[0], Fr.e(1)),
R8y: signature.R8[1],
S: signature.S,
M: msg}, true);
@@ -74,7 +74,7 @@ describe("EdDSA Poseidon test", function () {
it("Test a dissabled circuit with a bad signature", async () => {
const msg = bigInt(1234);
const msg = Fr.e(1234);
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
@@ -89,7 +89,7 @@ describe("EdDSA Poseidon test", function () {
enabled: 0,
Ax: pubKey[0],
Ay: pubKey[1],
R8x: signature.R8[0].add(bigInt(1)),
R8x: Fr.add(signature.R8[0], Fr.e(1)),
R8y: signature.R8[1],
S: signature.S,
M: msg}, true);

23
test/escalarmul.js
View File

@@ -1,8 +1,9 @@
const chai = require("chai");
const path = require("path");
const bigInt = require("big-integer");
const tester = require("circom").tester;
const babyJub = require("../src/babyjub.js");
const Fr = require("ffjavascript").bn128.Fr;
const assert = chai.assert;
@@ -23,11 +24,11 @@ describe("Exponentioation test", function () {
await circuit.checkConstraints(w);
let g = [
bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
];
let dbl= [bigInt("0"), bigInt("1")];
let dbl= [Fr.e("0"), Fr.e("1")];
const expectedOut = [];
@@ -50,15 +51,15 @@ describe("Exponentioation test", function () {
await circuit.checkConstraints(w);
let g = [
bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
];
for (let i=0; i<12;i++) {
g = babyJub.addPoint(g,g);
}
let dbl= [bigInt("0"), bigInt("1")];
let dbl= [Fr.e("0"), Fr.e("1")];
const expectedOut = [];
@@ -81,11 +82,11 @@ describe("Exponentioation test", function () {
await circuit.checkConstraints(w);
let g = [
bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
];
let c = [bigInt(0), bigInt(1)];
let c = [Fr.e(0), Fr.e(1)];
for (let i=0; i<31;i++) {
c = babyJub.addPoint(c,g);
@@ -93,7 +94,7 @@ describe("Exponentioation test", function () {
await circuit.assertOut(w, {out: c});
const w2 = await circuit.calculateWitness({"in": bigInt(1).shiftLeft(252).add(bigInt.one)});
const w2 = await circuit.calculateWitness({"in": Fr.add(Fr.shl(Fr.e(1), Fr.e(252)),Fr.one)});
c = [g[0], g[1]];
for (let i=0; i<252;i++) {

9
test/escalarmulany.js
View File

@@ -1,7 +1,8 @@
const chai = require("chai");
const path = require("path");
const bigInt = require("big-integer");
const tester = require("circom").tester;
const Fr = require("ffjavascript").bn128.Fr;
function print(circuit, w, s) {
console.log(s + ": " + w[circuit.getSignalIdx(s)]);
@@ -13,8 +14,8 @@ describe("Escalarmul test", function () {
this.timeout(100000);
let g = [
bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
];
before( async() => {
@@ -33,7 +34,7 @@ describe("Escalarmul test", function () {
it("If multiply by order should return 0", async () => {
const r = bigInt("2736030358979909402780800718157159386076813972158567259200215660948447373041");
const r = Fr.e("2736030358979909402780800718157159386076813972158567259200215660948447373041");
const w = await circuitEMulAny.calculateWitness({"e": r, "p": g});
await circuitEMulAny.checkConstraints(w);

14
test/escalarmulfix.js
View File

@@ -1,8 +1,8 @@
const chai = require("chai");
const path = require("path");
const bigInt = require("big-integer");
const tester = require("circom").tester;
const babyjub = require("../src/babyjub");
const Fr = require("ffjavascript").bn128.Fr;
const assert = chai.assert;
@@ -41,10 +41,10 @@ describe("Escalarmul test", function () {
it("Should generate scalar mul of a specific constant", async () => {
const s = bigInt("2351960337287830298912035165133676222414898052661454064215017316447594616519");
const s = Fr.e("2351960337287830298912035165133676222414898052661454064215017316447594616519");
const base8 = [
bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
];
const w = await circuit.calculateWitness({"e": s}, true);
@@ -60,12 +60,12 @@ describe("Escalarmul test", function () {
it("Should generate scalar mul of the firsts 50 elements", async () => {
const base8 = [
bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
];
for (let i=0; i<50; i++) {
const s = bigInt(i);
const s = Fr.e(i);
const w = await circuit.calculateWitness({"e": s}, true);

19
test/montgomery.js
View File

@@ -1,8 +1,8 @@
const chai = require("chai");
const path = require("path");
const bigInt = require("big-integer");
const tester = require("circom").tester;
const babyJub = require("../src/babyjub.js");
const Fr = require("ffjavascript").bn128.Fr;
const assert = chai.assert;
@@ -13,8 +13,8 @@ describe("Montgomery test", function () {
let circuitMDouble;
let g = [
bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
];
let mg, mg2, g2, g3, mg3;
@@ -45,8 +45,8 @@ describe("Montgomery test", function () {
xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
assert(xout.equals(g[0]));
assert(yout.equals(g[1]));
assert(Fr.eq(xout, g[0]));
assert(Fr.eq(yout, g[1]));
});
it("Should double a point", async () => {
let w, xout, yout;
@@ -65,8 +65,9 @@ describe("Montgomery test", function () {
xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
assert(xout.equals(g2[0]));
assert(yout.equals(g2[1]));
assert(Fr.eq(xout, g2[0]));
assert(Fr.eq(yout, g2[1]));
});
it("Should add a point", async () => {
let w, xout, yout;
@@ -85,7 +86,7 @@ describe("Montgomery test", function () {
xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
assert(xout.equals(g3[0]));
assert(yout.equals(g3[1]));
assert(Fr.eq(xout, g3[0]));
assert(Fr.eq(yout, g3[1]));
});
});

62
test/multiplexer.js
View File

@@ -1,6 +1,6 @@
const path = require("path");
const bigInt = require("big-integer");
const tester = require("circom").tester;
const Fr = require("ffjavascript").bn128.Fr;
describe("Mux4 test", function() {
this.timeout(100000);
@@ -9,22 +9,22 @@ describe("Mux4 test", function() {
const circuit = await tester(path.join(__dirname, "circuits", "mux4_1.circom"));
const ct16 = [
bigInt("123"),
bigInt("456"),
bigInt("789"),
bigInt("012"),
bigInt("111"),
bigInt("222"),
bigInt("333"),
bigInt("4546"),
bigInt("134523"),
bigInt("44356"),
bigInt("15623"),
bigInt("4566"),
bigInt("1223"),
bigInt("4546"),
bigInt("4256"),
bigInt("4456")
Fr.e("123"),
Fr.e("456"),
Fr.e("789"),
Fr.e("012"),
Fr.e("111"),
Fr.e("222"),
Fr.e("333"),
Fr.e("4546"),
Fr.e("134523"),
Fr.e("44356"),
Fr.e("15623"),
Fr.e("4566"),
Fr.e("1223"),
Fr.e("4546"),
Fr.e("4256"),
Fr.e("4456")
];
for (let i=0; i<16; i++) {
@@ -41,14 +41,14 @@ describe("Mux4 test", function() {
const circuit = await tester(path.join(__dirname, "circuits", "mux3_1.circom"));
const ct8 = [
bigInt("37"),
bigInt("47"),
bigInt("53"),
bigInt("71"),
bigInt("89"),
bigInt("107"),
bigInt("163"),
bigInt("191")
Fr.e("37"),
Fr.e("47"),
Fr.e("53"),
Fr.e("71"),
Fr.e("89"),
Fr.e("107"),
Fr.e("163"),
Fr.e("191")
];
for (let i=0; i<8; i++) {
@@ -64,10 +64,10 @@ describe("Mux4 test", function() {
const circuit = await tester(path.join(__dirname, "circuits", "mux2_1.circom"));
const ct4 = [
bigInt("37"),
bigInt("47"),
bigInt("53"),
bigInt("71"),
Fr.e("37"),
Fr.e("47"),
Fr.e("53"),
Fr.e("71"),
];
for (let i=0; i<4; i++) {
@@ -83,8 +83,8 @@ describe("Mux4 test", function() {
const circuit = await tester(path.join(__dirname, "circuits", "mux1_1.circom"));
const ct2 = [
bigInt("37"),
bigInt("47"),
Fr.e("37"),
Fr.e("47"),
];
for (let i=0; i<2; i++) {

14
test/pedersen.js
View File

@@ -1,18 +1,18 @@
const chai = require("chai");
const path = require("path");
const bigInt = require("big-integer");
const Fr = require("ffjavascript").bn128.Fr;
const tester = require("circom").tester;
const babyJub = require("../src/babyjub.js");
const PBASE =
[
[bigInt("10457101036533406547632367118273992217979173478358440826365724437999023779287"),bigInt("19824078218392094440610104313265183977899662750282163392862422243483260492317")],
[bigInt("2671756056509184035029146175565761955751135805354291559563293617232983272177"),bigInt("2663205510731142763556352975002641716101654201788071096152948830924149045094")],
[bigInt("5802099305472655231388284418920769829666717045250560929368476121199858275951"),bigInt("5980429700218124965372158798884772646841287887664001482443826541541529227896")],
[bigInt("7107336197374528537877327281242680114152313102022415488494307685842428166594"),bigInt("2857869773864086953506483169737724679646433914307247183624878062391496185654")],
[bigInt("20265828622013100949498132415626198973119240347465898028410217039057588424236"),bigInt("1160461593266035632937973507065134938065359936056410650153315956301179689506")]
[Fr.e("10457101036533406547632367118273992217979173478358440826365724437999023779287"),Fr.e("19824078218392094440610104313265183977899662750282163392862422243483260492317")],
[Fr.e("2671756056509184035029146175565761955751135805354291559563293617232983272177"),Fr.e("2663205510731142763556352975002641716101654201788071096152948830924149045094")],
[Fr.e("5802099305472655231388284418920769829666717045250560929368476121199858275951"),Fr.e("5980429700218124965372158798884772646841287887664001482443826541541529227896")],
[Fr.e("7107336197374528537877327281242680114152313102022415488494307685842428166594"),Fr.e("2857869773864086953506483169737724679646433914307247183624878062391496185654")],
[Fr.e("20265828622013100949498132415626198973119240347465898028410217039057588424236"),Fr.e("1160461593266035632937973507065134938065359936056410650153315956301179689506")]
];
describe("Double Pedersen test", function() {
@@ -63,7 +63,7 @@ describe("Double Pedersen test", function() {
it("Should pedersen all ones", async () => {
let w;
const allOnes = bigInt("1").shiftLeft(250).minus(bigInt("1"));
const allOnes = Fr.sub(Fr.shl(Fr.e("1"), Fr.e(250)), Fr.e("1"));
w = await circuit.calculateWitness({ in: [allOnes, allOnes]}, true);

4
test/pedersen2.js
View File

@@ -1,6 +1,6 @@
const path = require("path");
const bigInt = require("big-integer");
const Fr = require("ffjavascript").bn128.Fr;
const tester = require("circom").tester;
const babyJub = require("../src/babyjub.js");
@@ -32,7 +32,7 @@ describe("Pedersen test", function() {
let w;
const n = bigInt.one.shiftLeft(253).minus(bigInt.one);
const n = Fr.sub(Fr.shl(Fr.one, Fr.e(253)), Fr.one);
w = await circuit.calculateWitness({ in: n}, true);

39
test/poseidoncircuit.js
View File

@@ -1,22 +1,11 @@
const chai = require("chai");
const path = require("path");
var blake2b = require("blake2b");
const bigInt = require("big-integer");
const tester = require("circom").tester;
const poseidon = require("../src/poseidon.js");
const assert = chai.assert;
describe("Blake2b version test", function() {
it("Should give the expected output for blake2b version", async () => {
var output = new Uint8Array(32);
var input = Buffer.from("poseidon_constants");
const h = blake2b(output.length).update(input).digest("hex");
assert.equal("e57ba154fb2c47811dc1a2369b27e25a44915b4e4ece4eb8ec74850cb78e01b1", h);
});
});
describe("Poseidon Circuit test", function () {
let circuit6;
let circuit3;
@@ -29,24 +18,20 @@ describe("Poseidon Circuit test", function () {
});
it("Should check constrain of hash([1, 2]) t=6", async () => {
const w = await circuit6.calculateWitness({inputs: [1, 2]}, true);
const w = await circuit6.calculateWitness({inputs: [1, 2, 0,0,0]}, true);
const hash = poseidon.createHash(6, 8, 57);
const res2 = hash([1,2]);
assert.equal("12242166908188651009877250812424843524687801523336557272219921456462821518061", res2.toString());
const res2 = poseidon([1,2,0,0,0]);
assert.equal("3975478831357328722254985704342968745327876719981393787143845259590563829094", res2.toString());
await circuit6.assertOut(w, {out : res2});
await circuit6.checkConstraints(w);
});
it("Should check constrain of hash([3, 4]) t=6", async () => {
const w = await circuit6.calculateWitness({inputs: [3, 4]});
const w = await circuit6.calculateWitness({inputs: [3, 4,5,10,23]});
const hash = poseidon.createHash(6, 8, 57);
const res2 = poseidon([3, 4,5,10,23]);
const res2 = hash([3, 4]);
assert.equal("17185195740979599334254027721507328033796809509313949281114643312710535000993", res2.toString());
assert.equal("18540626624821144952552691894137986276337186174352554475896834101336254024067", res2.toString());
await circuit6.assertOut(w, {out : res2});
await circuit6.checkConstraints(w);
});
@@ -55,10 +40,8 @@ describe("Poseidon Circuit test", function () {
it("Should check constrain of hash([1, 2]) t=3", async () => {
const w = await circuit3.calculateWitness({inputs: [1, 2]});
const hash = poseidon.createHash(3, 8, 57);
const res2 = hash([1,2]);
assert.equal("2104035019328376391822106787753454168168617545136592089411833517434990977743", res2.toString());
const res2 = poseidon([1,2]);
assert.equal("17117985411748610629288516079940078114952304104811071254131751175361957805920", res2.toString());
await circuit3.assertOut(w, {out : res2});
await circuit3.checkConstraints(w);
});
@@ -66,10 +49,8 @@ describe("Poseidon Circuit test", function () {
it("Should check constrain of hash([3, 4]) t=3", async () => {
const w = await circuit3.calculateWitness({inputs: [3, 4]});
const hash = poseidon.createHash(3, 8, 57);
const res2 = hash([3, 4]);
assert.equal("12456141564250880945411182508630957604732712316993112736876413121277158512223", res2.toString());
const res2 = poseidon([3, 4]);
assert.equal("21867347236198497199818917118739170715216974132230970409806500217655788551452", res2.toString());
await circuit3.assertOut(w, {out : res2});
await circuit3.checkConstraints(w);
});

21
test/poseidoncontract.js
View File

@@ -2,8 +2,7 @@ const ganache = require("ganache-cli");
const Web3 = require("web3");
const chai = require("chai");
const poseidonGenContract = require("../src/poseidon_gencontract.js");
const Poseidon = require("../src/poseidon.js");
const bigInt = require("snarkjs").bigInt;
const poseidon = require("../src/poseidon.js");
const assert = chai.assert;
const log = (msg) => { if (process.env.MOCHA_VERBOSE) console.log(msg); };
@@ -25,28 +24,26 @@ describe("Poseidon Smart contract test", function () {
const C = new web3.eth.Contract(poseidonGenContract.abi);
poseidon6 = await C.deploy({
data: poseidonGenContract.createCode(6)
data: poseidonGenContract.createCode(5)
}).send({
gas: 2500000,
gas: 5000000,
from: accounts[0]
});
poseidon3 = await C.deploy({
data: poseidonGenContract.createCode(3)
data: poseidonGenContract.createCode(2)
}).send({
gas: 2500000,
gas: 5000000,
from: accounts[0]
});
});
it("Shold calculate the poseidon correctly t=6", async () => {
const res = await poseidon6.methods.poseidon([1,2]).call();
const res = await poseidon6.methods.poseidon([1,2, 0, 0, 0]).call();
// console.log("Cir: " + bigInt(res.toString(16)).toString(16));
const hash = Poseidon.createHash(6, 8, 57);
const res2 = hash([1,2]);
const res2 = poseidon([1,2, 0, 0, 0]);
// console.log("Ref: " + bigInt(res2).toString(16));
assert.equal(res.toString(), res2.toString());
@@ -57,9 +54,7 @@ describe("Poseidon Smart contract test", function () {
// console.log("Cir: " + bigInt(res.toString(16)).toString(16));
const hash = Poseidon.createHash(3, 8, 57);
const res2 = hash([1,2]);
const res2 = poseidon([1,2]);
// console.log("Ref: " + bigInt(res2).toString(16));
assert.equal(res.toString(), res2.toString());

4
test/sha256.js
View File

@@ -1,7 +1,7 @@
const chai = require("chai");
const path = require("path");
const snarkjs = require("snarkjs");
const crypto = require("crypto");
const Fr = require("ffjavascript").bn128.Fr;
const assert = chai.assert;
@@ -67,7 +67,7 @@ describe("SHA256 test", function () {
assert.equal(hash, hash2);
assert(witness[1].equals(snarkjs.bigInt(r)));
assert(Fr.eq(witness[1], Fr.e(r)));
}).timeout(1000000);
it("Should calculate a hash of 2 compressor", async () => {

23
test/sign.js
View File

@@ -1,5 +1,6 @@
const path = require("path");
const bigInt = require("big-integer");
const Fr = require("ffjavascript").bn128.Fr;
const Scalar = require("ffjavascript").Scalar;
const tester = require("circom").tester;
function print(circuit, w, s) {
@@ -9,16 +10,16 @@ function print(circuit, w, s) {
function getBits(v, n) {
const res = [];
for (let i=0; i<n; i++) {
if (v.shiftRight(i).isOdd()) {
res.push(bigInt.one);
if (Scalar.isOdd(Scalar.shr(v, i))) {
res.push(Fr.one);
} else {
res.push(bigInt.zero);
res.push(Fr.zero);
}
}
return res;
}
const q = bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617");
const q = Scalar.fromString("21888242871839275222246405745257275088548364400416034343698204186575808495617");
describe("Sign test", function() {
let circuit;
@@ -29,35 +30,35 @@ describe("Sign test", function() {
});
it("Sign of 0", async () => {
const inp = getBits(bigInt.zero, 254);
const inp = getBits(Scalar.e(0), 254);
const w = await circuit.calculateWitness({in: inp}, true);
await circuit.assertOut(w, {sign: 0});
});
it("Sign of 3", async () => {
const inp = getBits(bigInt(3), 254);
const inp = getBits(Scalar.e(3), 254);
const w = await circuit.calculateWitness({in: inp}, true);
await circuit.assertOut(w, {sign: 0});
});
it("Sign of q/2", async () => {
const inp = getBits(q.shiftRight(bigInt.one), 254);
const inp = getBits(Scalar.shr(q, 1), 254);
const w = await circuit.calculateWitness({in: inp}, true);
await circuit.assertOut(w, {sign: 0});
});
it("Sign of q/2+1", async () => {
const inp = getBits(q.shiftRight(bigInt.one).add(bigInt.one), 254);
const inp = getBits(Scalar.add(Scalar.shr(q, 1), 1) , 254);
const w = await circuit.calculateWitness({in: inp}, true);
await circuit.assertOut(w, {sign: 1});
});
it("Sign of q-1", async () => {
const inp = getBits(q.minus(bigInt.one), 254);
const inp = getBits(Scalar.sub(q, 1), 254);
const w = await circuit.calculateWitness({in: inp}, true);
await circuit.assertOut(w, {sign: 1});
@@ -71,7 +72,7 @@ describe("Sign test", function() {
});
it("Sign of all ones", async () => {
const inp = getBits(bigInt(1).shiftLeft(254).minus(bigInt(1)), 254);
const inp = getBits(Scalar.sub(Scalar.shl(1,254),1), 254);
const w = await circuit.calculateWitness({in: inp}, true);
await circuit.assertOut(w, {sign: 1});

76
test/smtjs.js
View File

@@ -1,28 +1,11 @@
const chai = require("chai");
const bigInt = require("big-integer");
const Fr = require("ffjavascript").bn128.Fr;
const smt = require("../src/smt.js");
const assert = chai.assert;
function stringifyBigInts(o) {
if ((typeof(o) == "bigint") || (o instanceof bigInt)) {
return o.toString(10);
} else if (Array.isArray(o)) {
return o.map(stringifyBigInts);
} else if (typeof o == "object") {
const res = {};
for (let k in o) {
res[k] = stringifyBigInts(o[k]);
}
return res;
} else {
return o;
}
}
describe("SMT Javascript test", function () {
this.timeout(100000);
before( async () => {
@@ -30,22 +13,22 @@ describe("SMT Javascript test", function () {
it("Should insert 2 elements and empty them", async () => {
const tree = await smt.newMemEmptyTrie();
const key1 = bigInt(111);
const value1 = bigInt(222);
const key2 = bigInt(333);
const value2 = bigInt(444);
const key1 = Fr.e(111);
const value1 = Fr.e(222);
const key2 = Fr.e(333);
const value2 = Fr.e(444);
await tree.insert(key1,value1);
await tree.insert(key2,value2);
await tree.delete(key2);
await tree.delete(key1);
assert(tree.root.isZero());
assert(Fr.isZero(tree.root));
});
it("Should insert 3 elements in dferent order and should be the same", async () => {
const keys = [bigInt(8), bigInt(9), bigInt(32)];
const values = [bigInt(88), bigInt(99), bigInt(3232)];
const keys = [Fr.e(8), Fr.e(9), Fr.e(32)];
const values = [Fr.e(88), Fr.e(99), Fr.e(3232)];
const tree1 = await smt.newMemEmptyTrie();
const tree2 = await smt.newMemEmptyTrie();
const tree3 = await smt.newMemEmptyTrie();
@@ -77,11 +60,11 @@ describe("SMT Javascript test", function () {
await tree6.insert(keys[1],values[1]);
await tree6.insert(keys[0],values[0]);
assert(tree1.root.equals(tree2.root));
assert(tree2.root.equals(tree3.root));
assert(tree3.root.equals(tree4.root));
assert(tree4.root.equals(tree5.root));
assert(tree5.root.equals(tree6.root));
assert(Fr.eq(tree1.root, tree2.root));
assert(Fr.eq(tree2.root, tree3.root));
assert(Fr.eq(tree3.root, tree4.root));
assert(Fr.eq(tree4.root, tree5.root));
assert(Fr.eq(tree5.root, tree6.root));
assert.equal(Object.keys(tree1.db.nodes).length, Object.keys(tree2.db.nodes).length);
assert.equal(Object.keys(tree2.db.nodes).length, Object.keys(tree3.db.nodes).length);
@@ -93,19 +76,19 @@ describe("SMT Javascript test", function () {
await tree1.delete(keys[1]);
await tree2.delete(keys[1]);
await tree2.delete(keys[0]);
assert(tree1.root.equals(tree2.root));
assert(Fr.eq(tree1.root, tree2.root));
await tree3.delete(keys[0]);
await tree3.delete(keys[2]);
await tree4.delete(keys[2]);
await tree4.delete(keys[0]);
assert(tree3.root.equals(tree4.root));
assert(Fr.eq(tree3.root, tree4.root));
await tree5.delete(keys[1]);
await tree5.delete(keys[2]);
await tree6.delete(keys[2]);
await tree6.delete(keys[1]);
assert(tree5.root.equals(tree6.root));
assert(Fr.eq(tree5.root, tree6.root));
await tree1.delete(keys[2]);
await tree2.delete(keys[2]);
@@ -114,12 +97,12 @@ describe("SMT Javascript test", function () {
await tree5.delete(keys[0]);
await tree6.delete(keys[0]);
assert(tree1.root.isZero());
assert(tree2.root.isZero());
assert(tree3.root.isZero());
assert(tree4.root.isZero());
assert(tree5.root.isZero());
assert(tree6.root.isZero());
assert(Fr.isZero(tree1.root));
assert(Fr.isZero(tree2.root));
assert(Fr.isZero(tree3.root));
assert(Fr.isZero(tree4.root));
assert(Fr.isZero(tree5.root));
assert(Fr.isZero(tree6.root));
assert.equal(Object.keys(tree1.db.nodes).length, 0);
assert.equal(Object.keys(tree2.db.nodes).length, 0);
@@ -144,7 +127,7 @@ describe("SMT Javascript test", function () {
const arr = [];
const N = 100;
for (let i=0; i<N; i++) {
arr.push(bigInt(i));
arr.push(Fr.e(i));
}
const insArr = perm(arr);
for (let i=0; i<N; i++) {
@@ -155,7 +138,7 @@ describe("SMT Javascript test", function () {
await tree.delete(delArr[i]);
}
assert(tree.root.isZero());
assert(Fr.isZero(tree.root));
assert.equal(Object.keys(tree.db.nodes).length, 0);
});
@@ -175,7 +158,16 @@ describe("SMT Javascript test", function () {
await tree1.update(9, 999);
await tree1.update(32, 323232);
assert(tree1.root.equals(tree2.root));
assert(Fr.eq(tree1.root, tree2.root));
});
it("Should test update with same key-value", async () => {
const tree1 = await smt.newMemEmptyTrie();
await tree1.insert(8,88);
await tree1.update(8,88);
const res = await tree1.db.get(tree1.root);
assert.notEqual(res, undefined);
});
});

24
test/smtprocessor.js
View File

@@ -1,7 +1,7 @@
const chai = require("chai");
const path = require("path");
const bigInt = require("big-integer");
const tester = require("circom").tester;
const Fr = require("ffjavascript").bn128.Fr;
const smt = require("../src/smt.js");
@@ -15,7 +15,7 @@ async function testInsert(tree, key, value, circuit ) {
const res = await tree.insert(key,value);
let siblings = res.siblings;
while (siblings.length<10) siblings.push(bigInt(0));
while (siblings.length<10) siblings.push(Fr.e(0));
const w = await circuit.calculateWitness({
fnc: [1,0],
@@ -37,7 +37,7 @@ async function testInsert(tree, key, value, circuit ) {
async function testDelete(tree, key, circuit) {
const res = await tree.delete(key);
let siblings = res.siblings;
while (siblings.length<10) siblings.push(bigInt(0));
while (siblings.length<10) siblings.push(Fr.e(0));
const w = await circuit.calculateWitness({
fnc: [1,1],
@@ -58,7 +58,7 @@ async function testDelete(tree, key, circuit) {
async function testUpdate(tree, key, newValue, circuit) {
const res = await tree.update(key, newValue);
let siblings = res.siblings;
while (siblings.length<10) siblings.push(bigInt(0));
while (siblings.length<10) siblings.push(Fr.e(0));
const w = await circuit.calculateWitness({
fnc: [0,1],
@@ -91,15 +91,15 @@ describe("SMT Processor test", function () {
});
it("Should verify an insert to an empty tree", async () => {
const key = bigInt(111);
const value = bigInt(222);
const key = Fr.e(111);
const value = Fr.e(222);
await testInsert(tree, key, value, circuit);
});
it("It should add another element", async () => {
const key = bigInt(333);
const value = bigInt(444);
const key = Fr.e(333);
const value = Fr.e(444);
await testInsert(tree, key, value, circuit);
});
@@ -110,8 +110,8 @@ describe("SMT Processor test", function () {
});
it("Should test convination of adding and removing 3 elements", async () => {
const keys = [bigInt(8), bigInt(9), bigInt(32)];
const values = [bigInt(88), bigInt(99), bigInt(3232)];
const keys = [Fr.e(8), Fr.e(9), Fr.e(32)];
const values = [Fr.e(88), Fr.e(99), Fr.e(3232)];
const tree1 = await smt.newMemEmptyTrie();
const tree2 = await smt.newMemEmptyTrie();
const tree3 = await smt.newMemEmptyTrie();
@@ -170,7 +170,7 @@ describe("SMT Processor test", function () {
it("Should match a NOp with random vals", async () => {
let siblings = [];
while (siblings.length<10) siblings.push(bigInt(88));
while (siblings.length<10) siblings.push(Fr.e(88));
const w = await circuit.calculateWitness({
fnc: [0,0],
oldRoot: 11,
@@ -187,7 +187,7 @@ describe("SMT Processor test", function () {
await circuit.checkConstraints(w);
assert(root1.equals(root2));
assert(Fr.eq(root1, root2));
});
it("Should update an element", async () => {
const tree1 = await smt.newMemEmptyTrie();

18
test/smtverifier.js
View File

@@ -1,6 +1,6 @@
const chai = require("chai");
const path = require("path");
const bigInt = require("big-integer");
const Fr = require("ffjavascript").bn128.Fr;
const tester = require("circom").tester;
const smt = require("../src/smt.js");
@@ -17,7 +17,7 @@ async function testInclusion(tree, key, circuit) {
assert(res.found);
let siblings = res.siblings;
while (siblings.length<10) siblings.push(bigInt(0));
while (siblings.length<10) siblings.push(Fr.e(0));
const w = await circuit.calculateWitness({
enabled: 1,
@@ -40,7 +40,7 @@ async function testExclusion(tree, key, circuit) {
assert(!res.found);
let siblings = res.siblings;
while (siblings.length<10) siblings.push(bigInt(0));
while (siblings.length<10) siblings.push(Fr.e(0));
const w = await circuit.calculateWitness({
enabled: 1,
@@ -110,14 +110,14 @@ describe("SMT Verifier test", function () {
});
it("Check inclussion Adria case", async () => {
const e1_hi= bigInt("17124152697573569611556136390143205198134245887034837071647643529178599000839");
const e1_hv= bigInt("19650379996168153643111744440707177573540245771926102415571667548153444658179");
const e1_hi= Fr.e("17124152697573569611556136390143205198134245887034837071647643529178599000839");
const e1_hv= Fr.e("19650379996168153643111744440707177573540245771926102415571667548153444658179");
const e2ok_hi= bigInt("16498254692537945203721083102154618658340563351558973077349594629411025251262");
const e2ok_hv= bigInt("19650379996168153643111744440707177573540245771926102415571667548153444658179");
const e2ok_hi= Fr.e("16498254692537945203721083102154618658340563351558973077349594629411025251262");
const e2ok_hv= Fr.e("19650379996168153643111744440707177573540245771926102415571667548153444658179");
const e2fail_hi= bigInt("17195092312975762537892237130737365903429674363577646686847513978084990105579");
const e2fail_hv= bigInt("19650379996168153643111744440707177573540245771926102415571667548153444658179");
const e2fail_hi= Fr.e("17195092312975762537892237130737365903429674363577646686847513978084990105579");
const e2fail_hv= Fr.e("19650379996168153643111744440707177573540245771926102415571667548153444658179");
const tree1 = await smt.newMemEmptyTrie();
await tree1.insert(e1_hi,e1_hv);