107 lines
2.4 KiB
Plaintext
107 lines
2.4 KiB
Plaintext
/*
|
|
Copyright 2018 0KIMS association.
|
|
|
|
This file is part of circom (Zero Knowledge Circuit Compiler).
|
|
|
|
circom is a free software: you can redistribute it and/or modify it
|
|
under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
circom is distributed in the hope that it will be useful, but WITHOUT
|
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
|
|
License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with circom. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
include "bitify.circom";
|
|
include "escalarmulfix.circom";
|
|
|
|
template BabyAdd() {
|
|
signal input x1;
|
|
signal input y1;
|
|
signal input x2;
|
|
signal input y2;
|
|
signal output xout;
|
|
signal output yout;
|
|
|
|
signal beta;
|
|
signal gamma;
|
|
signal delta;
|
|
signal tau;
|
|
|
|
var a = 168700;
|
|
var d = 168696;
|
|
|
|
beta <== x1*y2;
|
|
gamma <== y1*x2;
|
|
delta <== (-a*x1+y1)*(x2 + y2);
|
|
tau <== beta * gamma;
|
|
|
|
xout <-- (beta + gamma) / (1+ d*tau);
|
|
(1+ d*tau) * xout === (beta + gamma);
|
|
|
|
yout <-- (delta + a*beta - gamma) / (1-d*tau);
|
|
(1-d*tau)*yout === (delta + a*beta - gamma);
|
|
}
|
|
|
|
template BabyDbl() {
|
|
signal input x;
|
|
signal input y;
|
|
signal output xout;
|
|
signal output yout;
|
|
|
|
component adder = BabyAdd();
|
|
adder.x1 <== x;
|
|
adder.y1 <== y;
|
|
adder.x2 <== x;
|
|
adder.y2 <== y;
|
|
|
|
adder.xout ==> xout;
|
|
adder.yout ==> yout;
|
|
}
|
|
|
|
|
|
template BabyCheck() {
|
|
signal input x;
|
|
signal input y;
|
|
|
|
signal x2;
|
|
signal y2;
|
|
|
|
var a = 168700;
|
|
var d = 168696;
|
|
|
|
x2 <== x*x;
|
|
y2 <== y*y;
|
|
|
|
a*x2 + y2 === 1 + d*x2*y2;
|
|
}
|
|
|
|
// Extracts the public key from private key, as mentioned in https://tools.ietf.org/html/rfc8032
|
|
template BabyPbk() {
|
|
signal private input in;
|
|
signal output Ax;
|
|
signal output Ay;
|
|
|
|
var BASE8 = [
|
|
5299619240641551281634865583518297030282874472190772894086521144482721001553,
|
|
16950150798460657717958625567821834550301663161624707787222815936182638968203
|
|
];
|
|
|
|
component pvkBits = Num2Bits(253);
|
|
pvkBits.in <== in;
|
|
|
|
component mulFix = EscalarMulFix(253, BASE8);
|
|
|
|
var i;
|
|
for (i=0; i<253; i++) {
|
|
mulFix.e[i] <== pvkBits.out[i];
|
|
}
|
|
Ax <== mulFix.out[0];
|
|
Ay <== mulFix.out[1];
|
|
}
|