AtHeartEngineer/circuits
1
0
Fork 0
mirror of https://github.com/tlsnotary/circuits.git synced 2026-01-08 22:37:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
themighty1
2021-11-08 17:11:39 +03:00
commit fe4d7591ea
25 changed files with 310604 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
README Normal file
View File

@@ -0,0 +1,21 @@
This repo contains macros to be assembled into circuits for use in TLSNotary's 2PC.
The main entrypoints are 6 circuits c1.casm ... c6.casm.
Each macro contains a description about what it does.
To assemble the macros into Bristol Fashion circuits, run:
node assemble.js
SOURCES:
casmbundle.js was created from:
git clone https://github.com/wyatt-howe/macro-circuit-assembler
cd macro-circuit-assembler/
git pull origin pull/3/head
# (this PR hasn't been merged at the time of writing)
# then comment out line 4 in casm.js --> //const fs = require('fs');
browserify --ignore fs --standalone CASM casm.js > casmbundle.js
adder64.txt --> https://homes.esat.kuleuven.be/~nsmart/MPC/adder64.txt
aes-128-reverse.txt --> https://github.com/multiparty/jigg/blob/master/circuits/bristol/aes-128-reverse.txt
sha256.txt --> https://homes.esat.kuleuven.be/~nsmart/MPC/sha256.txt

380
adder64.txt Normal file
View File

@@ -0,0 +1,380 @@
376 504
2 64 64
1 64
2 1 63 127 376 XOR
2 1 62 126 375 XOR
2 1 61 125 374 XOR
2 1 60 124 373 XOR
2 1 59 123 372 XOR
2 1 58 122 371 XOR
2 1 57 121 370 XOR
2 1 56 120 369 XOR
2 1 55 119 368 XOR
2 1 54 118 367 XOR
2 1 53 117 366 XOR
2 1 52 116 365 XOR
2 1 51 115 364 XOR
2 1 50 114 363 XOR
2 1 49 113 362 XOR
2 1 48 112 361 XOR
2 1 47 111 360 XOR
2 1 46 110 359 XOR
2 1 45 109 358 XOR
2 1 44 108 357 XOR
2 1 43 107 356 XOR
2 1 42 106 355 XOR
2 1 41 105 354 XOR
2 1 40 104 353 XOR
2 1 39 103 352 XOR
2 1 38 102 351 XOR
2 1 37 101 350 XOR
2 1 36 100 349 XOR
2 1 35 99 348 XOR
2 1 34 98 347 XOR
2 1 33 97 346 XOR
2 1 32 96 345 XOR
2 1 31 95 344 XOR
2 1 30 94 343 XOR
2 1 29 93 342 XOR
2 1 28 92 341 XOR
2 1 27 91 340 XOR
2 1 26 90 339 XOR
2 1 25 89 338 XOR
2 1 24 88 337 XOR
2 1 23 87 336 XOR
2 1 22 86 335 XOR
2 1 21 85 334 XOR
2 1 20 84 333 XOR
2 1 19 83 332 XOR
2 1 18 82 331 XOR
2 1 17 81 330 XOR
2 1 16 80 329 XOR
2 1 15 79 328 XOR
2 1 14 78 327 XOR
2 1 13 77 326 XOR
2 1 12 76 325 XOR
2 1 11 75 324 XOR
2 1 10 74 323 XOR
2 1 9 73 322 XOR
2 1 8 72 321 XOR
2 1 7 71 320 XOR
2 1 6 70 319 XOR
2 1 5 69 318 XOR
2 1 4 68 317 XOR
2 1 3 67 316 XOR
2 1 2 66 315 XOR
2 1 1 65 314 XOR
2 1 0 64 440 XOR
2 1 0 64 377 AND
2 1 65 377 129 XOR
2 1 1 377 128 XOR
2 1 128 129 130 AND
2 1 130 377 378 XOR
2 1 66 378 132 XOR
2 1 2 378 131 XOR
2 1 131 132 133 AND
2 1 133 378 379 XOR
2 1 67 379 135 XOR
2 1 3 379 134 XOR
2 1 134 135 136 AND
2 1 136 379 380 XOR
2 1 68 380 138 XOR
2 1 4 380 137 XOR
2 1 137 138 139 AND
2 1 139 380 381 XOR
2 1 69 381 141 XOR
2 1 5 381 140 XOR
2 1 140 141 142 AND
2 1 142 381 382 XOR
2 1 70 382 144 XOR
2 1 6 382 143 XOR
2 1 143 144 145 AND
2 1 145 382 383 XOR
2 1 71 383 147 XOR
2 1 7 383 146 XOR
2 1 146 147 148 AND
2 1 148 383 384 XOR
2 1 72 384 150 XOR
2 1 8 384 149 XOR
2 1 149 150 151 AND
2 1 151 384 385 XOR
2 1 73 385 153 XOR
2 1 9 385 152 XOR
2 1 152 153 154 AND
2 1 154 385 386 XOR
2 1 74 386 156 XOR
2 1 10 386 155 XOR
2 1 155 156 157 AND
2 1 157 386 387 XOR
2 1 75 387 159 XOR
2 1 11 387 158 XOR
2 1 158 159 160 AND
2 1 160 387 388 XOR
2 1 76 388 162 XOR
2 1 12 388 161 XOR
2 1 161 162 163 AND
2 1 163 388 389 XOR
2 1 77 389 165 XOR
2 1 13 389 164 XOR
2 1 164 165 166 AND
2 1 166 389 390 XOR
2 1 78 390 168 XOR
2 1 14 390 167 XOR
2 1 167 168 169 AND
2 1 169 390 391 XOR
2 1 79 391 171 XOR
2 1 15 391 170 XOR
2 1 170 171 172 AND
2 1 172 391 392 XOR
2 1 80 392 174 XOR
2 1 16 392 173 XOR
2 1 173 174 175 AND
2 1 175 392 393 XOR
2 1 81 393 177 XOR
2 1 17 393 176 XOR
2 1 176 177 178 AND
2 1 178 393 394 XOR
2 1 82 394 180 XOR
2 1 18 394 179 XOR
2 1 179 180 181 AND
2 1 181 394 395 XOR
2 1 83 395 183 XOR
2 1 19 395 182 XOR
2 1 182 183 184 AND
2 1 184 395 396 XOR
2 1 84 396 186 XOR
2 1 20 396 185 XOR
2 1 185 186 187 AND
2 1 187 396 397 XOR
2 1 85 397 189 XOR
2 1 21 397 188 XOR
2 1 188 189 190 AND
2 1 190 397 398 XOR
2 1 86 398 192 XOR
2 1 22 398 191 XOR
2 1 191 192 193 AND
2 1 193 398 399 XOR
2 1 87 399 195 XOR
2 1 23 399 194 XOR
2 1 194 195 196 AND
2 1 196 399 400 XOR
2 1 88 400 198 XOR
2 1 24 400 197 XOR
2 1 197 198 199 AND
2 1 199 400 401 XOR
2 1 89 401 201 XOR
2 1 25 401 200 XOR
2 1 200 201 202 AND
2 1 202 401 402 XOR
2 1 90 402 204 XOR
2 1 26 402 203 XOR
2 1 203 204 205 AND
2 1 205 402 403 XOR
2 1 91 403 207 XOR
2 1 27 403 206 XOR
2 1 206 207 208 AND
2 1 208 403 404 XOR
2 1 341 404 468 XOR
2 1 92 404 210 XOR
2 1 28 404 209 XOR
2 1 209 210 211 AND
2 1 211 404 405 XOR
2 1 342 405 469 XOR
2 1 340 403 467 XOR
2 1 93 405 213 XOR
2 1 29 405 212 XOR
2 1 212 213 214 AND
2 1 214 405 406 XOR
2 1 343 406 470 XOR
2 1 339 402 466 XOR
2 1 94 406 216 XOR
2 1 30 406 215 XOR
2 1 215 216 217 AND
2 1 217 406 407 XOR
2 1 338 401 465 XOR
2 1 31 407 218 XOR
2 1 344 407 471 XOR
2 1 337 400 464 XOR
2 1 95 407 219 XOR
2 1 218 219 220 AND
2 1 220 407 408 XOR
2 1 345 408 472 XOR
2 1 336 399 463 XOR
2 1 96 408 222 XOR
2 1 32 408 221 XOR
2 1 221 222 223 AND
2 1 223 408 409 XOR
2 1 346 409 473 XOR
2 1 335 398 462 XOR
2 1 97 409 225 XOR
2 1 33 409 224 XOR
2 1 224 225 226 AND
2 1 226 409 410 XOR
2 1 347 410 474 XOR
2 1 334 397 461 XOR
2 1 98 410 228 XOR
2 1 34 410 227 XOR
2 1 227 228 229 AND
2 1 229 410 411 XOR
2 1 333 396 460 XOR
2 1 35 411 230 XOR
2 1 348 411 475 XOR
2 1 332 395 459 XOR
2 1 99 411 231 XOR
2 1 230 231 232 AND
2 1 232 411 412 XOR
2 1 349 412 476 XOR
2 1 331 394 458 XOR
2 1 100 412 234 XOR
2 1 36 412 233 XOR
2 1 233 234 235 AND
2 1 235 412 413 XOR
2 1 350 413 477 XOR
2 1 330 393 457 XOR
2 1 101 413 237 XOR
2 1 37 413 236 XOR
2 1 236 237 238 AND
2 1 238 413 414 XOR
2 1 351 414 478 XOR
2 1 329 392 456 XOR
2 1 102 414 240 XOR
2 1 38 414 239 XOR
2 1 239 240 241 AND
2 1 241 414 415 XOR
2 1 328 391 455 XOR
2 1 39 415 242 XOR
2 1 352 415 479 XOR
2 1 327 390 454 XOR
2 1 103 415 243 XOR
2 1 242 243 244 AND
2 1 244 415 416 XOR
2 1 353 416 480 XOR
2 1 326 389 453 XOR
2 1 104 416 246 XOR
2 1 40 416 245 XOR
2 1 245 246 247 AND
2 1 247 416 417 XOR
2 1 354 417 481 XOR
2 1 325 388 452 XOR
2 1 105 417 249 XOR
2 1 41 417 248 XOR
2 1 248 249 250 AND
2 1 250 417 418 XOR
2 1 355 418 482 XOR
2 1 324 387 451 XOR
2 1 106 418 252 XOR
2 1 42 418 251 XOR
2 1 251 252 253 AND
2 1 253 418 419 XOR
2 1 323 386 450 XOR
2 1 43 419 254 XOR
2 1 356 419 483 XOR
2 1 322 385 449 XOR
2 1 107 419 255 XOR
2 1 254 255 256 AND
2 1 256 419 420 XOR
2 1 357 420 484 XOR
2 1 321 384 448 XOR
2 1 108 420 258 XOR
2 1 44 420 257 XOR
2 1 257 258 259 AND
2 1 259 420 421 XOR
2 1 358 421 485 XOR
2 1 320 383 447 XOR
2 1 109 421 261 XOR
2 1 45 421 260 XOR
2 1 260 261 262 AND
2 1 262 421 422 XOR
2 1 359 422 486 XOR
2 1 319 382 446 XOR
2 1 110 422 264 XOR
2 1 46 422 263 XOR
2 1 263 264 265 AND
2 1 265 422 423 XOR
2 1 318 381 445 XOR
2 1 47 423 266 XOR
2 1 360 423 487 XOR
2 1 317 380 444 XOR
2 1 111 423 267 XOR
2 1 266 267 268 AND
2 1 268 423 424 XOR
2 1 361 424 488 XOR
2 1 316 379 443 XOR
2 1 112 424 270 XOR
2 1 48 424 269 XOR
2 1 269 270 271 AND
2 1 271 424 425 XOR
2 1 362 425 489 XOR
2 1 315 378 442 XOR
2 1 113 425 273 XOR
2 1 49 425 272 XOR
2 1 272 273 274 AND
2 1 274 425 426 XOR
2 1 363 426 490 XOR
2 1 314 377 441 XOR
2 1 114 426 276 XOR
2 1 50 426 275 XOR
2 1 275 276 277 AND
2 1 277 426 427 XOR
2 1 115 427 279 XOR
2 1 51 427 278 XOR
2 1 278 279 280 AND
2 1 280 427 428 XOR
2 1 116 428 282 XOR
2 1 52 428 281 XOR
2 1 281 282 283 AND
2 1 283 428 429 XOR
2 1 117 429 285 XOR
2 1 53 429 284 XOR
2 1 284 285 286 AND
2 1 286 429 430 XOR
2 1 118 430 288 XOR
2 1 54 430 287 XOR
2 1 287 288 289 AND
2 1 289 430 431 XOR
2 1 119 431 291 XOR
2 1 55 431 290 XOR
2 1 290 291 292 AND
2 1 292 431 432 XOR
2 1 120 432 294 XOR
2 1 56 432 293 XOR
2 1 293 294 295 AND
2 1 295 432 433 XOR
2 1 370 433 497 XOR
2 1 121 433 297 XOR
2 1 57 433 296 XOR
2 1 296 297 298 AND
2 1 298 433 434 XOR
2 1 371 434 498 XOR
2 1 369 432 496 XOR
2 1 122 434 300 XOR
2 1 58 434 299 XOR
2 1 299 300 301 AND
2 1 301 434 435 XOR
2 1 372 435 499 XOR
2 1 368 431 495 XOR
2 1 123 435 303 XOR
2 1 59 435 302 XOR
2 1 302 303 304 AND
2 1 304 435 436 XOR
2 1 367 430 494 XOR
2 1 60 436 305 XOR
2 1 373 436 500 XOR
2 1 366 429 493 XOR
2 1 124 436 306 XOR
2 1 305 306 307 AND
2 1 307 436 437 XOR
2 1 374 437 501 XOR
2 1 365 428 492 XOR
2 1 125 437 309 XOR
2 1 61 437 308 XOR
2 1 308 309 310 AND
2 1 310 437 438 XOR
2 1 375 438 502 XOR
2 1 364 427 491 XOR
2 1 126 438 312 XOR
2 1 62 438 311 XOR
2 1 311 312 313 AND
2 1 313 438 439 XOR
2 1 376 439 503 XOR

36666
aes-128-reverse.txt Normal file
View File

File diff suppressed because it is too large Load Diff

6
assemble.js Normal file
View File

@@ -0,0 +1,6 @@
const casm = require('./casmbundle');
global.fs = require('fs');
for (let i=1; i<7; i++){
global.fs.writeFileSync('c'+i+'.out', casm.parseAndAssemble('c'+i+'.casm'));
}

30
c1.casm Normal file
View File

@@ -0,0 +1,30 @@
# TLS stage 1
# Parties input their additive shares of pre-master secret (PMS)
# Output sha256(PMS XOR ipad) and sha256(PMS XOR opad) for HMAC
# The value of fixed inputs is known in the offline phase
5 2560
2 512 512
# notary inputs
# 256: pms share
# fixed
# 256: output mask
# client inputs
# 256: pms share
# fixed
# 256: output mask
1 512
# all outputs go to the evaluator
# 256: outer hash state xor masked by notary
# 256: inner hash state xor masked by client
512 256 [0|>256] [512|>256] [1024|>256] combine_pms_shares.casm
2 256 0 1 [1280|>256] getSha256InitialState.casm
512 512 [1024|>256] [1280|>256] [1792|>256] [1536|>256] shaPmsXorPadding.casm
512 256 [1536|>256] [256|>256] [2048|>256] xor256bits.casm
512 256 [1792|>256] [768|>256] [2304|>256] xor256bits.casm

62
c2.casm Normal file
View File

@@ -0,0 +1,62 @@
# TLS stage 2
# Compute master secret MS
# Output sha256(MS XOR opad) and sha256(MS XOR ipad) for HMAC
# The value of fixed inputs is known in the offline phase
14 3730
2 512 640
# notary inputs
# 256: outer hash state
# fixed
# 256: output mask
# client inputs
# 256: inner hash state
# 128: p2 = hmac.new(secret, a2+seed, hashlib.sha256).digest()
# fixed
# 256: output mask
1 512
# all outputs go to the evaluator
# 256: outer hash state (for MS XOR padding) xor-masked by notary
# 256: inner hash state (for MS XOR padding) xor-masked by client
# pad inner hash digest as the last chunk for sha256
2 1 0 0 1152 XOR # 0
1 1 1152 1153 INV # 1
# total length of bits in outer sha256: L == 512+256 == 768 should be the last 64 bits
# 768 in binary is 0000 0011 0000 0000
# to be hashed: 256 bits inner hash digest + 1 + 191 bits of 0 + 48 bits of 0 + 0000 0011 0000 0000
# note that inputs start in lsb position
768 256 [1152*8] 1153 1153 [1152*245] 1153 [512|>256] [0|>256] [1154|>256] sha256.txt
# master secret == [1154|>256] + [768|>128] == p1+p2 (48 bytes)
1 8 0 [1410|>8] getIpadByte.casm
1 8 0 [1418|>8] getOpadByte.casm
# xor the remaining 16 bytes of MS () //TODO need xor128bits.casm
512 256 [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1152*128] [768|>128] [1426|>256] xor256bits.casm
# we repeat the padding byte 32 times
512 256 [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1410|>8] [1154|>256] [1682|>256] xor256bits.casm
# xor the remaining 16 bytes of MS () //TODO need xor128bits.casm
512 256 [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1152*128] [768|>128] [1938|>256] xor256bits.casm
#same for opad
# we repeat the padding byte 32 times
512 256 [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1418|>8] [1154|>256] [2194|>256] xor256bits.casm
2 256 0 1 [2450|>256] getSha256InitialState.casm
#-------10 gates at this point
768 256 [1938|>512] [2450|>256] [2706|>256] sha256.txt #outer
768 256 [1426|>512] [2450|>256] [2962|>256] sha256.txt
512 256 [2706|>256] [256|>256] [3218|>256] xor256bits.casm
512 256 [2962|>256] [896|>256] [3474|>256] xor256bits.casm

96
c3.casm Normal file
View File

@@ -0,0 +1,96 @@
# TLS stage 3.
# Compute expanded p1 which consists of client_write_key + server_write_key
# Compute expanded p2 which consists of client_IV + server_IV
# Compute verify_data, ghash H, gctr block, encrypted counter block - needed for Client Finished
# The value of fixed inputs is known in the offline phase
24 4930
2 832 1568
# notary inputs
# 256: outer hash state
# fixed
# 128: output mask1 (for swk)
# 128: output mask2 (for cwk)
# 32: output mask3 (for siv)
# 32: output mask4 (for civ)
# 128: output mask5 (for H)
# 128: output mask6 (for gctr block)
# client inputs
# 256: inner hash state for p1_expanded_keys
# 256: inner hash state for p2_expanded_keys
# 256: inner hash state for verify_data
# fixed
# 128: output mask1 (for swk)
# 128: output mask2 (for cwk)
# 32: output mask3 (for siv)
# 32: output mask4 (for civ)
# 128: output mask5 (for H)
# 128: output mask6 (for gctr block)
# 128: output mask7 (for encrypted counter)
# 96 : output mask8 (for verify_data)
1 800
# all outputs go to the evaluator
# 128: server_write_key xor-masked twice (by mask1)
# 128: client_write_key xor-masked twice (by mask2)
# 32 : server IV xor-masked twice (by mask3)
# 32 : client IV xor-masked twice (by mask4)
# 128: H xor-masked twice (by mask5)
# 128: gctr block for client_finished xor-masked twice (by mask6)
# 128: encrypted counter block for cf xor-masked by client's mask7
# 96 : verify_data xor-masked by client's mask8
2 1 0 0 2400 XOR # 0
1 1 2400 2401 INV # 1
# pad outer hash digest as the last chunk of sha256
# total length of bits in outer sha256: L == 512+256 ==768 should be the last 64 bits
# 768 in binary is 0000 0011 0000 0000
# to be hashed: 256 bits inner hash digest + 1 + 191 bits of 0 + 48 bits of 0 + 0000 0011 0000 0000
# the result is p1:
768 256 [2400*8] 2401 2401 [2400*245] 2401 [832|>256] [0|>256] [2402|>256] sha256.txt
# the result is p2 (client IV is the top-most 32 bits):
768 256 [2400*8] 2401 2401 [2400*245] 2401 [1088|>256] [0|>256] [2658|>256] sha256.txt
# the result is p1 for client_finished (verify_data is the topmost 96 bits):
768 256 [2400*8] 2401 2401 [2400*245] 2401 [1344|>256] [0|>256] [2914|>256] sha256.txt
# get encrypted zero - gcm H
256 128 [2530|>128] [2400*128] [3170|>128] aes-128-reverse.txt
# gctr block for client_finished
# to be encrypted: 4-byte client_write_IV + 8-byte nonce == 1 + 4-byte block counter value == 1
256 128 [2530|>128] 2401 [2400*31] 2401 [2400*63] [2882|>32] [3298|>128] aes-128-reverse.txt
# encrypted counter block
# to be encrypted: 4-byte client_write_IV + 8-byte nonce == 1 + 4-byte block counter value == 2
# note that lsb goes first
256 128 [2530|>128] 2400 2401 [2400*30] 2401 [2400*63] [2882|>32] [3426|>128] aes-128-reverse.txt
#prepare all outputs
# xor swk/cwk/siv/civ/H/gctr with notary's masks
256 128 [2402|>128] [256|>128] [3554|>128] xor128bits.casm
256 128 [2530|>128] [384|>128] [3682|>128] xor128bits.casm
64 32 [2850|>32] [512|>32] [3810|>32] xor32bits.casm
64 32 [2882|>32] [544|>32] [3842|>32] xor32bits.casm
256 128 [3170|>128] [576|>128] [3874|>128] xor128bits.casm
256 128 [3298|>128] [704|>128] [4002|>128] xor128bits.casm
# xor the result with client's masks
256 128 [3554|>128] [1600|>128] [4130|>128] xor128bits.casm
256 128 [3682|>128] [1728|>128] [4258|>128] xor128bits.casm
64 32 [3810|>32] [1856|>32] [4386|>32] xor32bits.casm
64 32 [3842|>32] [1888|>32] [4418|>32] xor32bits.casm
256 128 [3874|>128] [1920|>128] [4450|>128] xor128bits.casm
256 128 [4002|>128] [2048|>128] [4578|>128] xor128bits.casm
256 128 [3426|>128] [2176|>128] [4706|>128] xor128bits.casm
64 32 [3074|>32] [2304|>32] [4834|>32] xor32bits.casm
64 32 [3106|>32] [2336|>32] [4866|>32] xor32bits.casm
64 32 [3138|>32] [2368|>32] [4898|>32] xor32bits.casm

72
c4.casm Normal file
View File

@@ -0,0 +1,72 @@
# TLS stage 4
# Compute ghash H, gctr block, encrypted counter block, verify_data - needed for Server Finished
# The value of fixed inputs is known in the offline phase
16 3170
2 672 960
# notary inputs
# 256: outer hash state for p1
# fixed
# 128: mask to unmask swk
# 32 : mask to unmask swiv
# 128: mask1 for H^1
# 128: mask2 for gctr block
# client inputs
# 256: inner hash state for p1
# 128: swk masked by notary
# 32: siv masked by notary
# 64: server_finished nonce
# fixed
# 128: mask1 for H^1
# 128: mask2 for gctr block
# 128: mask3 for enc counter
# 96 : mask4 for verify_data
1 480
# all outputs go to the evaluator
# 128: H^1 masked twice (by mask1)
# 128: gctr block masked twice (by mask2)
# 128: enc counter masked by client
# 96 : server_verify masked by client
2 1 0 0 1632 XOR # 0
1 1 1632 1633 INV # 1
# pad outer hash digest as the last chunk of sha256
# total length of bits in outer sha256: L == 512+256 ==768 should be the last 64 bits
# 768 in binary is 0000 0011 0000 0000
# to be hashed: 256 bits inner hash digest + 1 + 191 bits of 0 + 48 bits of 0 + 0000 0011 0000 0000
# the 96 upperremost bits of the result is verify_data
768 256 [1632*8] 1633 1633 [1632*245] 1633 [672|>256] [0|>256] [1634|>256] sha256.txt
#unmask swk
256 128 [256|>128] [928|>128] [1890|>128] xor128bits.casm
#unmask siv
64 32 [384|>32] [1056|>32] [2018|>32] xor32bits.casm
# get encrypted zero - gcm H
256 128 [1890|>128] [1632*128] [2050|>128] aes-128-reverse.txt
# gctr block = server_write_IV + server_finished nonce + [0*31] + 1
256 128 [1890|>128] 1633 [1632*31] [1088|>64] [2018|>32] [2178|>128] aes-128-reverse.txt
# encrypt counter = server_write_IV + server_finished nonce + 2 (4 bytes)
256 128 [1890|>128] 1632 1633 [1632*30] [1088|>64] [2018|>32] [2306|>128] aes-128-reverse.txt
# apply notary's mask on outputs
256 128 [2050|>128] [416|>128] [2434|>128] xor128bits.casm
256 128 [2178|>128] [544|>128] [2562|>128] xor128bits.casm
# apply clients mask on outputs
256 128 [2434|>128] [1152|>128] [2690|>128] xor128bits.casm
256 128 [2562|>128] [1280|>128] [2818|>128] xor128bits.casm
256 128 [2306|>128] [1408|>128] [2946|>128] xor128bits.casm
64 32 [1794|>32] [1536|>32] [3074|>32] xor32bits.casm
64 32 [1826|>32] [1568|>32] [3106|>32] xor32bits.casm
64 32 [1858|>32] [1600|>32] [3138|>32] xor32bits.casm

37
c5.casm Normal file
View File

@@ -0,0 +1,37 @@
# AES-ECB-encrypt one block
# (AES-GCM first AES-ECB-encrypts a counter block and then xors the result with the plaintext
# to get the ciphertext)
# The value of fixed inputs is known in the offline phase
5 885
2 160 308
# notary inputs
# fixed
# 128: mask to unmask client write key
# 32 : mask to unmask client write IV
# client inputs
# 128: client write key masked by notary
# 32 : client write IV masked by notary
# fixed
# 128: output mask
# 10: nonce
# 10: counter (max block counter is 1023)
1 128
# all outputs go to the evaluator
# 128: encrypted counter block xor-masked by client
2 1 0 0 468 XOR # 0
# unmask client_write_key
256 128 [0|>128] [160|>128] [469|>128] xor128bits.casm
# unmask client_write_IV
64 32 [128|>32] [288|>32] [597|>32] xor32bits.casm
# encrypt client_write_IV + nonce (8 bytes) + counter (4 bytes)
256 128 [469|>128] [458|>10] [468*22] [448|>10] [468*54] [597|>32] [629|>128] aes-128-reverse.txt
256 128 [629|>128] [320|>128] [757|>128] xor128bits.casm

42
c6.casm Normal file
View File

@@ -0,0 +1,42 @@
# AES-ECB encrypt one block to produce gctr block
# exactly the same as c5.casm except here the counter is fixed at 1
# The value of fixed inputs is known in the offline phase
7 1138
2 288 304
# notary inputs
# fixed
# 128: mask to unmask client write key
# 32 : mask to unmask client write IV
# 128: output mask
# client inputs
# 128: client write key masked by notary
# 32 : client write IV masked by notary
# fixed
# 128: output mask
# 16 : nonce
1 128
# all outputs go to the evaluator:
# 128: gctr block masked twice
2 1 0 0 592 XOR # 0
1 1 592 593 INV # 1
# unmask client_write_key
256 128 [0|>128] [288|>128] [594|>128] xor128bits.casm
# unmask client_write_IV
64 32 [128|>32] [416|>32] [722|>32] xor32bits.casm
# encrypt client_write_IV + nonce (8 bytes) + counter (4 bytes) == 1
# (counter is fixed at 1 for gctr blocks)
256 128 [594|>128] 593 [592*31] [576|>16] [592*48] [722|>32] [754|>128] aes-128-reverse.txt
# mask by notary
256 128 [754|>128] [160|>128] [882|>128] xor128bits.casm
# mask by client
256 128 [882|>128] [448|>128] [1010|>128] xor128bits.casm

1012
casmbundle.js Normal file
View File

File diff suppressed because it is too large Load Diff

107
combine_pms_shares.casm Normal file
View File

@@ -0,0 +1,107 @@
# This circuit sums 2 256-bit values and (if needed) reduces the sum mod P-256 prime
# ideally, we would need a proper circuit for 256-bit addition
# since we only have a 64-bit circuit, we work around by summing chunks
# (and waste ~500 AND gates in the process :( )
24 1348
2 256 256
1 256
# the map of wires
# 0|>512 inputs
# 512: zero bit
# 513: carry bit
# 514|>257 sum of pms shares
# 771|>64 temp storage for chunk additions
# 835 "is less than" bit
# 836|>256 prime's "one's complement"
# 1092|>256 outputs
2 1 0 0 512 XOR
# add 1st batch of 63-bit summands
128 64 [0|>63] 512 [256|>63] 512 [514|>63] 513 adder64.txt
# add the carry bit to one of the 2nd summands (pad the carry to 64 bits)
128 64 [63|>63] 512 513 [512*63] [771|>64] adder64.txt
# add 2nd batch of summands
128 64 [771|>64] [319|>63] 512 [577|>63] 513 adder64.txt
# carry bit + 3rd batch summand
128 64 [126|>63] 512 513 [512*63] [771|>64] adder64.txt
# add 3rd batch of summands
128 64 [771|>64] [382|>63] 512 [640|>63] 513 adder64.txt
# carry bit + 4th batch summand
128 64 [189|>63] 512 513 [512*63] [771|>64] adder64.txt
# add 4th batch of summands
128 64 [771|>64] [445|>63] 512 [703|>63] 513 adder64.txt
# one last batch of only 4 bits left
#carry bit + 5th batch summand
128 64 [252|>4] [512*60] 513 [512*63] [771|>64] adder64.txt
# add 5th batch of summands
# only 5 bits of output go to the sum, the rest is discarded by assigning to some unused wires
128 64 [771|>64] [508|>4] [512*60] [766|>5] [836|>59] adder64.txt
# --------------- 10 gates at this point
# temporarily store the value in outputs section
2 256 0 1 [1092|>256] getP256prime.casm
# check if prime is less than sum of shares
# we only compare 32 msb (ideally we'd need a 256-bit comparing circuit)
# we are comparing 256bits vs 257bits, so adding a 0 bit to prime's msb
64 1 [1317|>31] 512 [739|>32] 835 compare-lt-32-bit-unsigned-old.txt
# temporarily store the value in outputs section
2 256 0 1 [1092|>256] getP256primeOnesComplement.casm
# if sum of shares < prime, then we subtract 0, otherwise subtract prime
257 256 [1092|>256] 835 [836|>256] mult256by1.casm
# we subtract using the "one's complement" method:
# we add chunks of 63 bits like earlier to arrive at a 257-bit sum
# (since we already know that minuend > subtrahend, the leading bit of the sum will always be one)
# then drop the leading 1 of the sum and add 1 to the sum
# add 1 from "one's complement" method to lsb of one of the batch1 summands
# note that if sum of shares < prime, we add 0 instead of 1
128 64 [514|>63] 512 835 [512*63] [771|>64] adder64.txt
# batch 1 add
128 64 [771|>64] [836|>63] 512 [1092|>63] 513 adder64.txt
# add the carry bit to one of the 2nd summands (pad the carry to 64 bits)
128 64 [577|>63] 512 513 [512*63] [771|>64] adder64.txt
# add the 2nd batch of summands
128 64 [771|>64] [899|>63] 512 [1155|>63] 513 adder64.txt
# carry bit + 3rd batch summand
128 64 [640|>63] 512 513 [512*63] [771|>64] adder64.txt
# add 3rd batch of summands
128 64 [771|>64] [962|>63] 512 [1218|>63] 513 adder64.txt
# -------------------20 gates at this point
# carry bit + 4th batch summand
128 64 [703|>63] 512 513 [512*63] [771|>64] adder64.txt
# add 4th batch of summands
128 64 [771|>64] [1025|>63] 512 [1281|>63] 513 adder64.txt
# one last batch of only 4 bits left
# carry bit + 5th batch summand
128 64 [766|>5] [512*59] 513 [512*63] [771|>64] adder64.txt
# add 5th batch of summands
# only 4 bits of output go to the sum
# (the 5th bit is discarded because of the "one's complement" method),
# the rest is discarded by assigning it to some unused wires
128 64 [771|>64] [1088|>4] [512*60] [1344|>4] [836|>60] adder64.txt

303
compare-lt-32-bit-unsigned-old.txt Normal file
View File

@@ -0,0 +1,303 @@
300 364
2 32 32
1 1
1 1 59 341 INV
1 1 17 359 INV
1 1 28 349 INV
1 1 16 321 INV
1 1 49 360 INV
1 1 51 355 INV
1 1 14 362 INV
1 1 23 330 INV
1 1 1 358 INV
1 1 25 356 INV
1 1 46 226 INV
1 1 29 346 INV
1 1 40 261 INV
1 1 31 347 INV
1 1 34 342 INV
1 1 11 343 INV
1 1 30 333 INV
1 1 63 326 INV
1 1 2 334 INV
1 1 42 241 INV
1 1 58 246 INV
1 1 36 202 INV
1 1 15 323 INV
1 1 33 322 INV
1 1 7 357 INV
1 1 9 354 INV
1 1 12 340 INV
1 1 22 328 INV
1 1 55 345 INV
1 1 13 324 INV
1 1 52 238 INV
1 1 48 250 INV
1 1 44 167 INV
1 1 10 350 INV
1 1 5 337 INV
1 1 54 253 INV
1 1 43 352 INV
1 1 19 351 INV
1 1 37 200 INV
1 1 18 325 INV
1 1 38 248 INV
1 1 62 222 INV
1 1 61 339 INV
1 1 57 204 INV
1 1 60 224 INV
1 1 6 353 INV
1 1 21 338 INV
1 1 20 344 INV
1 1 56 198 INV
1 1 45 206 INV
1 1 26 336 INV
1 1 3 332 INV
1 1 27 361 INV
1 1 47 335 INV
1 1 50 243 INV
1 1 41 348 INV
1 1 0 275 INV
1 1 35 329 INV
1 1 53 331 INV
1 1 39 327 INV
2 1 321 48 280 AND
2 1 322 1 281 AND
2 1 323 47 283 AND
2 1 324 45 285 AND
2 1 325 50 307 AND
2 1 326 31 316 AND
2 1 327 7 308 AND
2 1 328 54 282 AND
2 1 329 3 314 AND
2 1 330 55 320 AND
2 1 331 21 284 AND
2 1 332 35 319 AND
2 1 333 62 287 AND
2 1 334 34 318 AND
2 1 335 15 288 AND
2 1 336 58 289 AND
2 1 337 37 290 AND
2 1 338 53 291 AND
2 1 339 29 292 AND
2 1 340 44 293 AND
2 1 341 27 294 AND
2 1 342 2 295 AND
2 1 343 43 296 AND
2 1 344 52 297 AND
2 1 345 23 313 AND
2 1 346 61 298 AND
2 1 347 63 302 AND
2 1 348 9 230 AND
2 1 349 60 299 AND
2 1 350 42 300 AND
2 1 351 51 301 AND
2 1 352 11 303 AND
2 1 353 38 312 AND
2 1 354 41 304 AND
2 1 355 19 305 AND
2 1 356 57 306 AND
2 1 357 39 309 AND
2 1 358 33 310 AND
2 1 359 49 311 AND
2 1 360 17 315 AND
2 1 361 59 317 AND
2 1 362 46 286 AND
1 1 280 78 INV
1 1 281 274 INV
1 1 282 277 INV
1 1 283 278 INV
1 1 284 188 INV
1 1 285 239 INV
1 1 286 279 INV
1 1 287 269 INV
1 1 288 139 INV
1 1 289 255 INV
1 1 290 251 INV
1 1 291 256 INV
1 1 292 186 INV
1 1 293 86 INV
1 1 294 141 INV
1 1 295 271 INV
1 1 296 258 INV
1 1 297 257 INV
1 1 298 262 INV
1 1 299 263 INV
1 1 300 259 INV
1 1 301 264 INV
1 1 302 268 INV
1 1 303 157 INV
1 1 304 260 INV
1 1 305 128 INV
1 1 306 244 INV
1 1 307 265 INV
1 1 308 180 INV
1 1 309 266 INV
1 1 310 272 INV
1 1 311 74 INV
1 1 312 267 INV
1 1 313 184 INV
1 1 314 270 INV
1 1 315 182 INV
1 1 316 130 INV
1 1 317 254 INV
1 1 318 273 INV
1 1 319 132 INV
1 1 320 276 INV
2 1 254 255 235 AND
2 1 256 257 227 AND
2 1 258 259 229 AND
2 1 260 261 231 AND
2 1 262 263 228 AND
2 1 264 265 76 AND
2 1 266 267 233 AND
2 1 268 269 148 AND
2 1 270 271 146 AND
2 1 272 273 191 AND
2 1 274 275 234 AND
2 1 276 277 150 AND
2 1 278 279 236 AND
2 1 256 20 237 AND
2 1 258 10 240 AND
2 1 264 18 242 AND
2 1 260 8 232 AND
2 1 266 6 247 AND
2 1 74 16 249 AND
2 1 268 30 221 AND
2 1 262 28 223 AND
2 1 276 22 252 AND
2 1 254 26 245 AND
2 1 278 14 225 AND
2 1 221 222 208 AND
2 1 223 224 209 AND
2 1 225 226 210 AND
2 1 150 227 72 AND
2 1 148 228 113 AND
2 1 229 230 211 AND
2 1 229 231 207 AND
2 1 229 232 212 AND
2 1 233 5 199 AND
2 1 234 32 213 AND
2 1 235 25 203 AND
2 1 236 13 205 AND
2 1 237 238 214 AND
2 1 236 239 84 AND
2 1 240 241 215 AND
2 1 242 243 216 AND
2 1 235 244 197 AND
2 1 245 246 217 AND
2 1 247 248 218 AND
2 1 249 250 219 AND
2 1 233 251 201 AND
2 1 252 253 220 AND
2 1 197 198 168 AND
2 1 199 200 189 AND
2 1 201 202 169 AND
2 1 203 204 192 AND
2 1 205 206 193 AND
2 1 84 12 166 AND
2 1 207 8 194 AND
2 1 197 24 195 AND
2 1 201 4 196 AND
1 1 208 119 INV
1 1 209 185 INV
1 1 210 165 INV
1 1 211 175 INV
1 1 207 177 INV
1 1 212 178 INV
1 1 213 190 INV
1 1 214 187 INV
1 1 215 176 INV
1 1 216 116 INV
1 1 217 159 INV
1 1 218 179 INV
1 1 219 181 INV
1 1 220 183 INV
2 1 166 167 153 AND
2 1 168 24 154 AND
2 1 169 4 155 AND
2 1 175 176 143 AND
2 1 177 178 170 AND
2 1 179 180 102 AND
2 1 181 182 171 AND
2 1 183 184 99 AND
2 1 185 186 172 AND
2 1 187 188 173 AND
1 1 168 160 INV
1 1 189 107 INV
1 1 169 162 INV
2 1 190 191 174 AND
1 1 192 158 INV
1 1 193 164 INV
1 1 194 156 INV
1 1 195 161 INV
1 1 196 163 INV
1 1 153 138 INV
1 1 154 140 INV
1 1 155 111 INV
2 1 156 157 142 AND
2 1 158 159 124 AND
2 1 160 161 151 AND
2 1 162 163 152 AND
2 1 164 165 126 AND
1 1 170 96 INV
1 1 171 144 INV
1 1 172 147 INV
1 1 173 149 INV
1 1 174 145 INV
2 1 138 139 125 AND
2 1 140 141 123 AND
2 1 142 143 91 AND
2 1 144 76 134 AND
2 1 145 146 135 AND
2 1 147 148 136 AND
2 1 149 150 137 AND
1 1 151 133 INV
1 1 152 131 INV
2 1 123 124 122 AND
2 1 125 126 81 AND
2 1 131 132 120 AND
2 1 133 113 70 AND
1 1 134 127 INV
1 1 135 121 INV
1 1 136 129 INV
1 1 137 104 INV
2 1 120 121 117 AND
1 1 122 112 INV
2 1 127 128 115 AND
2 1 129 130 118 AND
2 1 112 113 109 AND
2 1 115 116 114 AND
1 1 117 110 INV
2 1 118 119 67 AND
1 1 109 88 INV
2 1 110 111 106 AND
1 1 114 108 INV
2 1 106 107 101 AND
2 1 108 72 105 AND
2 1 101 102 100 AND
1 1 105 103 INV
1 1 100 95 INV
2 1 103 104 98 AND
2 1 95 96 94 AND
2 1 98 99 97 AND
1 1 94 90 INV
1 1 97 93 INV
2 1 90 91 89 AND
2 1 93 70 92 AND
1 1 89 85 INV
1 1 92 87 INV
2 1 85 86 83 AND
2 1 87 88 65 AND
2 1 83 84 82 AND
1 1 82 80 INV
2 1 80 81 79 AND
1 1 79 77 INV
2 1 77 78 75 AND
2 1 75 76 73 AND
2 1 73 74 71 AND
2 1 71 72 69 AND
2 1 69 70 68 AND
1 1 68 66 INV
2 1 66 67 64 AND
2 1 64 65 363 AND

20
getIpadByte.casm Normal file
View File

@@ -0,0 +1,20 @@
#return 0x36 == 0011 0110
10 11
1 1 #input can be any random bit
1 8
2 1 0 0 1 XOR # 0
1 1 1 2 INV # 1
# We use INV to set bits
# output's first wire is lsb
1 1 2 3 INV
1 1 1 4 INV
1 1 1 5 INV
1 1 2 6 INV
1 1 1 7 INV
1 1 1 8 INV
1 1 2 9 INV
1 1 2 10 INV

20
getOpadByte.casm Normal file
View File

@@ -0,0 +1,20 @@
#return 0x5c == 0101 1100
10 11
1 1 #input can be any random bit
1 8
2 1 0 0 1 XOR # 0
1 1 1 2 INV # 1
# we use INV to set bits
# output's first wire is lsb
1 1 2 3 INV
1 1 2 4 INV
1 1 1 5 INV
1 1 1 6 INV
1 1 1 7 INV
1 1 2 8 INV
1 1 1 9 INV
1 1 2 10 INV

282
getP256prime.casm Normal file
View File

@@ -0,0 +1,282 @@
# return NIST P-256 prime (2**256 - 2**224 + 2**192 + 2**96 - 1)
# prime's bits broken down for readability:
# 11111111111111111111111111111111
# 0000000000000000000000000000000
# 1
# 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
# 111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
260 262
2 1 1 #inputs can be any random bits
1 256
2 1 0 1 2 XOR
2 1 0 1 3 XOR
2 1 2 3 4 XOR # XORing 2 equal bits gives us a zero
1 1 4 5 INV # wire 5 is 1
# jigg doesnt support EQ operator, that's why we use INV to set bits
# outputs first wire is lsb
1 1 4 6 INV
1 1 4 7 INV
1 1 4 8 INV
1 1 4 9 INV
1 1 4 10 INV
1 1 4 11 INV
1 1 4 12 INV
1 1 4 13 INV
1 1 4 14 INV
1 1 4 15 INV
1 1 4 16 INV
1 1 4 17 INV
1 1 4 18 INV
1 1 4 19 INV
1 1 4 20 INV
1 1 4 21 INV
1 1 4 22 INV
1 1 4 23 INV
1 1 4 24 INV
1 1 4 25 INV
1 1 4 26 INV
1 1 4 27 INV
1 1 4 28 INV
1 1 4 29 INV
1 1 4 30 INV
1 1 4 31 INV
1 1 4 32 INV
1 1 4 33 INV
1 1 4 34 INV
1 1 4 35 INV
1 1 4 36 INV
1 1 4 37 INV
1 1 4 38 INV
1 1 4 39 INV
1 1 4 40 INV
1 1 4 41 INV
1 1 4 42 INV
1 1 4 43 INV
1 1 4 44 INV
1 1 4 45 INV
1 1 4 46 INV
1 1 4 47 INV
1 1 4 48 INV
1 1 4 49 INV
1 1 4 50 INV
1 1 4 51 INV
1 1 4 52 INV
1 1 4 53 INV
1 1 4 54 INV
1 1 4 55 INV
1 1 4 56 INV
1 1 4 57 INV
1 1 4 58 INV
1 1 4 59 INV
1 1 4 60 INV
1 1 4 61 INV
1 1 4 62 INV
1 1 4 63 INV
1 1 4 64 INV
1 1 4 65 INV
1 1 4 66 INV
1 1 4 67 INV
1 1 4 68 INV
1 1 4 69 INV
1 1 4 70 INV
1 1 4 71 INV
1 1 4 72 INV
1 1 4 73 INV
1 1 4 74 INV
1 1 4 75 INV
1 1 4 76 INV
1 1 4 77 INV
1 1 4 78 INV
1 1 4 79 INV
1 1 4 80 INV
1 1 4 81 INV
1 1 4 82 INV
1 1 4 83 INV
1 1 4 84 INV
1 1 4 85 INV
1 1 4 86 INV
1 1 4 87 INV
1 1 4 88 INV
1 1 4 89 INV
1 1 4 90 INV
1 1 4 91 INV
1 1 4 92 INV
1 1 4 93 INV
1 1 4 94 INV
1 1 4 95 INV
1 1 4 96 INV
1 1 4 97 INV
1 1 4 98 INV
1 1 4 99 INV
1 1 4 100 INV
1 1 4 101 INV
1 1 5 102 INV
1 1 5 103 INV
1 1 5 104 INV
1 1 5 105 INV
1 1 5 106 INV
1 1 5 107 INV
1 1 5 108 INV
1 1 5 109 INV
1 1 5 110 INV
1 1 5 111 INV
1 1 5 112 INV
1 1 5 113 INV
1 1 5 114 INV
1 1 5 115 INV
1 1 5 116 INV
1 1 5 117 INV
1 1 5 118 INV
1 1 5 119 INV
1 1 5 120 INV
1 1 5 121 INV
1 1 5 122 INV
1 1 5 123 INV
1 1 5 124 INV
1 1 5 125 INV
1 1 5 126 INV
1 1 5 127 INV
1 1 5 128 INV
1 1 5 129 INV
1 1 5 130 INV
1 1 5 131 INV
1 1 5 132 INV
1 1 5 133 INV
1 1 5 134 INV
1 1 5 135 INV
1 1 5 136 INV
1 1 5 137 INV
1 1 5 138 INV
1 1 5 139 INV
1 1 5 140 INV
1 1 5 141 INV
1 1 5 142 INV
1 1 5 143 INV
1 1 5 144 INV
1 1 5 145 INV
1 1 5 146 INV
1 1 5 147 INV
1 1 5 148 INV
1 1 5 149 INV
1 1 5 150 INV
1 1 5 151 INV
1 1 5 152 INV
1 1 5 153 INV
1 1 5 154 INV
1 1 5 155 INV
1 1 5 156 INV
1 1 5 157 INV
1 1 5 158 INV
1 1 5 159 INV
1 1 5 160 INV
1 1 5 161 INV
1 1 5 162 INV
1 1 5 163 INV
1 1 5 164 INV
1 1 5 165 INV
1 1 5 166 INV
1 1 5 167 INV
1 1 5 168 INV
1 1 5 169 INV
1 1 5 170 INV
1 1 5 171 INV
1 1 5 172 INV
1 1 5 173 INV
1 1 5 174 INV
1 1 5 175 INV
1 1 5 176 INV
1 1 5 177 INV
1 1 5 178 INV
1 1 5 179 INV
1 1 5 180 INV
1 1 5 181 INV
1 1 5 182 INV
1 1 5 183 INV
1 1 5 184 INV
1 1 5 185 INV
1 1 5 186 INV
1 1 5 187 INV
1 1 5 188 INV
1 1 5 189 INV
1 1 5 190 INV
1 1 5 191 INV
1 1 5 192 INV
1 1 5 193 INV
1 1 5 194 INV
1 1 5 195 INV
1 1 5 196 INV
1 1 5 197 INV
1 1 4 198 INV
1 1 5 199 INV
1 1 5 200 INV
1 1 5 201 INV
1 1 5 202 INV
1 1 5 203 INV
1 1 5 204 INV
1 1 5 205 INV
1 1 5 206 INV
1 1 5 207 INV
1 1 5 208 INV
1 1 5 209 INV
1 1 5 210 INV
1 1 5 211 INV
1 1 5 212 INV
1 1 5 213 INV
1 1 5 214 INV
1 1 5 215 INV
1 1 5 216 INV
1 1 5 217 INV
1 1 5 218 INV
1 1 5 219 INV
1 1 5 220 INV
1 1 5 221 INV
1 1 5 222 INV
1 1 5 223 INV
1 1 5 224 INV
1 1 5 225 INV
1 1 5 226 INV
1 1 5 227 INV
1 1 5 228 INV
1 1 5 229 INV
1 1 4 230 INV
1 1 4 231 INV
1 1 4 232 INV
1 1 4 233 INV
1 1 4 234 INV
1 1 4 235 INV
1 1 4 236 INV
1 1 4 237 INV
1 1 4 238 INV
1 1 4 239 INV
1 1 4 240 INV
1 1 4 241 INV
1 1 4 242 INV
1 1 4 243 INV
1 1 4 244 INV
1 1 4 245 INV
1 1 4 246 INV
1 1 4 247 INV
1 1 4 248 INV
1 1 4 249 INV
1 1 4 250 INV
1 1 4 251 INV
1 1 4 252 INV
1 1 4 253 INV
1 1 4 254 INV
1 1 4 255 INV
1 1 4 256 INV
1 1 4 257 INV
1 1 4 258 INV
1 1 4 259 INV
1 1 4 260 INV
1 1 4 261 INV

283
getP256primeOnesComplement.casm Normal file
View File

@@ -0,0 +1,283 @@
# return "one's complement" of NIST P-256 prime (2**256 - 2**224 + 2**192 + 2**96 - 1)
# prime's bits broken down for readability:
# 11111111111111111111111111111111
# 0000000000000000000000000000000
# 1
# 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
# 111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
# we invert each bit - this is "one's complement"
260 262
2 1 1 #inputs can be any random bits
1 256
2 1 0 1 2 XOR
2 1 0 1 3 XOR
2 1 2 3 5 XOR # XORing 2 equal bits gives us a zero
1 1 5 4 INV # wire 4 is 1
# We use INV to set bits
# outputs first wire is lsb
1 1 4 6 INV
1 1 4 7 INV
1 1 4 8 INV
1 1 4 9 INV
1 1 4 10 INV
1 1 4 11 INV
1 1 4 12 INV
1 1 4 13 INV
1 1 4 14 INV
1 1 4 15 INV
1 1 4 16 INV
1 1 4 17 INV
1 1 4 18 INV
1 1 4 19 INV
1 1 4 20 INV
1 1 4 21 INV
1 1 4 22 INV
1 1 4 23 INV
1 1 4 24 INV
1 1 4 25 INV
1 1 4 26 INV
1 1 4 27 INV
1 1 4 28 INV
1 1 4 29 INV
1 1 4 30 INV
1 1 4 31 INV
1 1 4 32 INV
1 1 4 33 INV
1 1 4 34 INV
1 1 4 35 INV
1 1 4 36 INV
1 1 4 37 INV
1 1 4 38 INV
1 1 4 39 INV
1 1 4 40 INV
1 1 4 41 INV
1 1 4 42 INV
1 1 4 43 INV
1 1 4 44 INV
1 1 4 45 INV
1 1 4 46 INV
1 1 4 47 INV
1 1 4 48 INV
1 1 4 49 INV
1 1 4 50 INV
1 1 4 51 INV
1 1 4 52 INV
1 1 4 53 INV
1 1 4 54 INV
1 1 4 55 INV
1 1 4 56 INV
1 1 4 57 INV
1 1 4 58 INV
1 1 4 59 INV
1 1 4 60 INV
1 1 4 61 INV
1 1 4 62 INV
1 1 4 63 INV
1 1 4 64 INV
1 1 4 65 INV
1 1 4 66 INV
1 1 4 67 INV
1 1 4 68 INV
1 1 4 69 INV
1 1 4 70 INV
1 1 4 71 INV
1 1 4 72 INV
1 1 4 73 INV
1 1 4 74 INV
1 1 4 75 INV
1 1 4 76 INV
1 1 4 77 INV
1 1 4 78 INV
1 1 4 79 INV
1 1 4 80 INV
1 1 4 81 INV
1 1 4 82 INV
1 1 4 83 INV
1 1 4 84 INV
1 1 4 85 INV
1 1 4 86 INV
1 1 4 87 INV
1 1 4 88 INV
1 1 4 89 INV
1 1 4 90 INV
1 1 4 91 INV
1 1 4 92 INV
1 1 4 93 INV
1 1 4 94 INV
1 1 4 95 INV
1 1 4 96 INV
1 1 4 97 INV
1 1 4 98 INV
1 1 4 99 INV
1 1 4 100 INV
1 1 4 101 INV
1 1 5 102 INV
1 1 5 103 INV
1 1 5 104 INV
1 1 5 105 INV
1 1 5 106 INV
1 1 5 107 INV
1 1 5 108 INV
1 1 5 109 INV
1 1 5 110 INV
1 1 5 111 INV
1 1 5 112 INV
1 1 5 113 INV
1 1 5 114 INV
1 1 5 115 INV
1 1 5 116 INV
1 1 5 117 INV
1 1 5 118 INV
1 1 5 119 INV
1 1 5 120 INV
1 1 5 121 INV
1 1 5 122 INV
1 1 5 123 INV
1 1 5 124 INV
1 1 5 125 INV
1 1 5 126 INV
1 1 5 127 INV
1 1 5 128 INV
1 1 5 129 INV
1 1 5 130 INV
1 1 5 131 INV
1 1 5 132 INV
1 1 5 133 INV
1 1 5 134 INV
1 1 5 135 INV
1 1 5 136 INV
1 1 5 137 INV
1 1 5 138 INV
1 1 5 139 INV
1 1 5 140 INV
1 1 5 141 INV
1 1 5 142 INV
1 1 5 143 INV
1 1 5 144 INV
1 1 5 145 INV
1 1 5 146 INV
1 1 5 147 INV
1 1 5 148 INV
1 1 5 149 INV
1 1 5 150 INV
1 1 5 151 INV
1 1 5 152 INV
1 1 5 153 INV
1 1 5 154 INV
1 1 5 155 INV
1 1 5 156 INV
1 1 5 157 INV
1 1 5 158 INV
1 1 5 159 INV
1 1 5 160 INV
1 1 5 161 INV
1 1 5 162 INV
1 1 5 163 INV
1 1 5 164 INV
1 1 5 165 INV
1 1 5 166 INV
1 1 5 167 INV
1 1 5 168 INV
1 1 5 169 INV
1 1 5 170 INV
1 1 5 171 INV
1 1 5 172 INV
1 1 5 173 INV
1 1 5 174 INV
1 1 5 175 INV
1 1 5 176 INV
1 1 5 177 INV
1 1 5 178 INV
1 1 5 179 INV
1 1 5 180 INV
1 1 5 181 INV
1 1 5 182 INV
1 1 5 183 INV
1 1 5 184 INV
1 1 5 185 INV
1 1 5 186 INV
1 1 5 187 INV
1 1 5 188 INV
1 1 5 189 INV
1 1 5 190 INV
1 1 5 191 INV
1 1 5 192 INV
1 1 5 193 INV
1 1 5 194 INV
1 1 5 195 INV
1 1 5 196 INV
1 1 5 197 INV
1 1 4 198 INV
1 1 5 199 INV
1 1 5 200 INV
1 1 5 201 INV
1 1 5 202 INV
1 1 5 203 INV
1 1 5 204 INV
1 1 5 205 INV
1 1 5 206 INV
1 1 5 207 INV
1 1 5 208 INV
1 1 5 209 INV
1 1 5 210 INV
1 1 5 211 INV
1 1 5 212 INV
1 1 5 213 INV
1 1 5 214 INV
1 1 5 215 INV
1 1 5 216 INV
1 1 5 217 INV
1 1 5 218 INV
1 1 5 219 INV
1 1 5 220 INV
1 1 5 221 INV
1 1 5 222 INV
1 1 5 223 INV
1 1 5 224 INV
1 1 5 225 INV
1 1 5 226 INV
1 1 5 227 INV
1 1 5 228 INV
1 1 5 229 INV
1 1 4 230 INV
1 1 4 231 INV
1 1 4 232 INV
1 1 4 233 INV
1 1 4 234 INV
1 1 4 235 INV
1 1 4 236 INV
1 1 4 237 INV
1 1 4 238 INV
1 1 4 239 INV
1 1 4 240 INV
1 1 4 241 INV
1 1 4 242 INV
1 1 4 243 INV
1 1 4 244 INV
1 1 4 245 INV
1 1 4 246 INV
1 1 4 247 INV
1 1 4 248 INV
1 1 4 249 INV
1 1 4 250 INV
1 1 4 251 INV
1 1 4 252 INV
1 1 4 253 INV
1 1 4 254 INV
1 1 4 255 INV
1 1 4 256 INV
1 1 4 257 INV
1 1 4 258 INV
1 1 4 259 INV
1 1 4 260 INV
1 1 4 261 INV

289
getSha256InitialState.casm Normal file
View File

@@ -0,0 +1,289 @@
# return the initial state of sha256 which is:
# '6a09e667'+'bb67ae85'+'3c6ef372'+'a54ff53a'+'510e527f'+'9b05688c'+'1f83d9ab'+'5be0cd19'
# or in bits:
# 01101010000010011110011001100111
# 10111011011001111010111010000101
# 00111100011011101111001101110010
# 10100101010011111111010100111010
# 01010001000011100101001001111111
# 10011011000001010110100010001100
# 00011111100000111101100110101011
# 01011011111000001100110100011001
260 262
2 1 1 #inputs can be any random bits
1 256
2 1 0 1 2 XOR
2 1 0 1 3 XOR
2 1 2 3 4 XOR # XORing 2 equal bits gives us a zero
1 1 4 5 INV # wire 5 is 1
#jigg doesnt support EQ operator, that's why we use INV to set bits
# note that the first output wire should contain lsb
# that's why for readability we set bits beginning from msb working our way to lsb
# generated with python3 :
# st = '0' + bin(int('6a09e667'+'bb67ae85'+'3c6ef372'+'a54ff53a'+'510e527f'+'9b05688c'+'1f83d9ab'+'5be0cd19', 16))[2:]
# out = ''
# for x in range(256):
# out += '1 1 ' + ('4 ' if int(st[x]) else '5 ') + str(261-x) + ' INV\r\n'
# print(out)
1 1 5 261 INV
1 1 4 260 INV
1 1 4 259 INV
1 1 5 258 INV
1 1 4 257 INV
1 1 5 256 INV
1 1 4 255 INV
1 1 5 254 INV
1 1 5 253 INV
1 1 5 252 INV
1 1 5 251 INV
1 1 5 250 INV
1 1 4 249 INV
1 1 5 248 INV
1 1 5 247 INV
1 1 4 246 INV
1 1 4 245 INV
1 1 4 244 INV
1 1 4 243 INV
1 1 5 242 INV
1 1 5 241 INV
1 1 4 240 INV
1 1 4 239 INV
1 1 5 238 INV
1 1 5 237 INV
1 1 4 236 INV
1 1 4 235 INV
1 1 5 234 INV
1 1 5 233 INV
1 1 4 232 INV
1 1 4 231 INV
1 1 4 230 INV
1 1 4 229 INV
1 1 5 228 INV
1 1 4 227 INV
1 1 4 226 INV
1 1 4 225 INV
1 1 5 224 INV
1 1 4 223 INV
1 1 4 222 INV
1 1 5 221 INV
1 1 4 220 INV
1 1 4 219 INV
1 1 5 218 INV
1 1 5 217 INV
1 1 4 216 INV
1 1 4 215 INV
1 1 4 214 INV
1 1 4 213 INV
1 1 5 212 INV
1 1 4 211 INV
1 1 5 210 INV
1 1 4 209 INV
1 1 4 208 INV
1 1 4 207 INV
1 1 5 206 INV
1 1 4 205 INV
1 1 5 204 INV
1 1 5 203 INV
1 1 5 202 INV
1 1 5 201 INV
1 1 4 200 INV
1 1 5 199 INV
1 1 4 198 INV
1 1 5 197 INV
1 1 5 196 INV
1 1 4 195 INV
1 1 4 194 INV
1 1 4 193 INV
1 1 4 192 INV
1 1 5 191 INV
1 1 5 190 INV
1 1 5 189 INV
1 1 4 188 INV
1 1 4 187 INV
1 1 5 186 INV
1 1 4 185 INV
1 1 4 184 INV
1 1 4 183 INV
1 1 5 182 INV
1 1 4 181 INV
1 1 4 180 INV
1 1 4 179 INV
1 1 4 178 INV
1 1 5 177 INV
1 1 5 176 INV
1 1 4 175 INV
1 1 4 174 INV
1 1 5 173 INV
1 1 4 172 INV
1 1 4 171 INV
1 1 4 170 INV
1 1 5 169 INV
1 1 5 168 INV
1 1 4 167 INV
1 1 5 166 INV
1 1 4 165 INV
1 1 5 164 INV
1 1 4 163 INV
1 1 5 162 INV
1 1 5 161 INV
1 1 4 160 INV
1 1 5 159 INV
1 1 4 158 INV
1 1 5 157 INV
1 1 4 156 INV
1 1 5 155 INV
1 1 5 154 INV
1 1 4 153 INV
1 1 4 152 INV
1 1 4 151 INV
1 1 4 150 INV
1 1 4 149 INV
1 1 4 148 INV
1 1 4 147 INV
1 1 4 146 INV
1 1 5 145 INV
1 1 4 144 INV
1 1 5 143 INV
1 1 4 142 INV
1 1 5 141 INV
1 1 5 140 INV
1 1 4 139 INV
1 1 4 138 INV
1 1 4 137 INV
1 1 5 136 INV
1 1 4 135 INV
1 1 5 134 INV
1 1 5 133 INV
1 1 4 132 INV
1 1 5 131 INV
1 1 4 130 INV
1 1 5 129 INV
1 1 5 128 INV
1 1 5 127 INV
1 1 4 126 INV
1 1 5 125 INV
1 1 5 124 INV
1 1 5 123 INV
1 1 5 122 INV
1 1 4 121 INV
1 1 4 120 INV
1 1 4 119 INV
1 1 5 118 INV
1 1 5 117 INV
1 1 4 116 INV
1 1 5 115 INV
1 1 4 114 INV
1 1 5 113 INV
1 1 5 112 INV
1 1 4 111 INV
1 1 5 110 INV
1 1 5 109 INV
1 1 4 108 INV
1 1 4 107 INV
1 1 4 106 INV
1 1 4 105 INV
1 1 4 104 INV
1 1 4 103 INV
1 1 4 102 INV
1 1 4 101 INV
1 1 5 100 INV
1 1 5 99 INV
1 1 4 98 INV
1 1 4 97 INV
1 1 5 96 INV
1 1 4 95 INV
1 1 4 94 INV
1 1 5 93 INV
1 1 5 92 INV
1 1 5 91 INV
1 1 5 90 INV
1 1 5 89 INV
1 1 4 88 INV
1 1 5 87 INV
1 1 4 86 INV
1 1 5 85 INV
1 1 4 84 INV
1 1 4 83 INV
1 1 5 82 INV
1 1 4 81 INV
1 1 5 80 INV
1 1 5 79 INV
1 1 5 78 INV
1 1 4 77 INV
1 1 5 76 INV
1 1 5 75 INV
1 1 5 74 INV
1 1 4 73 INV
1 1 4 72 INV
1 1 5 71 INV
1 1 5 70 INV
1 1 5 69 INV
1 1 5 68 INV
1 1 5 67 INV
1 1 4 66 INV
1 1 4 65 INV
1 1 4 64 INV
1 1 4 63 INV
1 1 4 62 INV
1 1 4 61 INV
1 1 5 60 INV
1 1 5 59 INV
1 1 5 58 INV
1 1 5 57 INV
1 1 5 56 INV
1 1 4 55 INV
1 1 4 54 INV
1 1 4 53 INV
1 1 4 52 INV
1 1 5 51 INV
1 1 4 50 INV
1 1 4 49 INV
1 1 5 48 INV
1 1 5 47 INV
1 1 4 46 INV
1 1 4 45 INV
1 1 5 44 INV
1 1 4 43 INV
1 1 5 42 INV
1 1 4 41 INV
1 1 5 40 INV
1 1 4 39 INV
1 1 4 38 INV
1 1 5 37 INV
1 1 4 36 INV
1 1 5 35 INV
1 1 4 34 INV
1 1 4 33 INV
1 1 5 32 INV
1 1 4 31 INV
1 1 4 30 INV
1 1 4 29 INV
1 1 4 28 INV
1 1 4 27 INV
1 1 5 26 INV
1 1 5 25 INV
1 1 5 24 INV
1 1 5 23 INV
1 1 5 22 INV
1 1 4 21 INV
1 1 4 20 INV
1 1 5 19 INV
1 1 5 18 INV
1 1 4 17 INV
1 1 4 16 INV
1 1 5 15 INV
1 1 4 14 INV
1 1 5 13 INV
1 1 5 12 INV
1 1 5 11 INV
1 1 4 10 INV
1 1 4 9 INV
1 1 5 8 INV
1 1 5 7 INV
1 1 4 6 INV

262
mult256by1.casm Normal file
View File

@@ -0,0 +1,262 @@
#multiply 256 bits by one bit
256 513
2 1 256
1 256
2 1 0 256 257 AND
2 1 1 256 258 AND
2 1 2 256 259 AND
2 1 3 256 260 AND
2 1 4 256 261 AND
2 1 5 256 262 AND
2 1 6 256 263 AND
2 1 7 256 264 AND
2 1 8 256 265 AND
2 1 9 256 266 AND
2 1 10 256 267 AND
2 1 11 256 268 AND
2 1 12 256 269 AND
2 1 13 256 270 AND
2 1 14 256 271 AND
2 1 15 256 272 AND
2 1 16 256 273 AND
2 1 17 256 274 AND
2 1 18 256 275 AND
2 1 19 256 276 AND
2 1 20 256 277 AND
2 1 21 256 278 AND
2 1 22 256 279 AND
2 1 23 256 280 AND
2 1 24 256 281 AND
2 1 25 256 282 AND
2 1 26 256 283 AND
2 1 27 256 284 AND
2 1 28 256 285 AND
2 1 29 256 286 AND
2 1 30 256 287 AND
2 1 31 256 288 AND
2 1 32 256 289 AND
2 1 33 256 290 AND
2 1 34 256 291 AND
2 1 35 256 292 AND
2 1 36 256 293 AND
2 1 37 256 294 AND
2 1 38 256 295 AND
2 1 39 256 296 AND
2 1 40 256 297 AND
2 1 41 256 298 AND
2 1 42 256 299 AND
2 1 43 256 300 AND
2 1 44 256 301 AND
2 1 45 256 302 AND
2 1 46 256 303 AND
2 1 47 256 304 AND
2 1 48 256 305 AND
2 1 49 256 306 AND
2 1 50 256 307 AND
2 1 51 256 308 AND
2 1 52 256 309 AND
2 1 53 256 310 AND
2 1 54 256 311 AND
2 1 55 256 312 AND
2 1 56 256 313 AND
2 1 57 256 314 AND
2 1 58 256 315 AND
2 1 59 256 316 AND
2 1 60 256 317 AND
2 1 61 256 318 AND
2 1 62 256 319 AND
2 1 63 256 320 AND
2 1 64 256 321 AND
2 1 65 256 322 AND
2 1 66 256 323 AND
2 1 67 256 324 AND
2 1 68 256 325 AND
2 1 69 256 326 AND
2 1 70 256 327 AND
2 1 71 256 328 AND
2 1 72 256 329 AND
2 1 73 256 330 AND
2 1 74 256 331 AND
2 1 75 256 332 AND
2 1 76 256 333 AND
2 1 77 256 334 AND
2 1 78 256 335 AND
2 1 79 256 336 AND
2 1 80 256 337 AND
2 1 81 256 338 AND
2 1 82 256 339 AND
2 1 83 256 340 AND
2 1 84 256 341 AND
2 1 85 256 342 AND
2 1 86 256 343 AND
2 1 87 256 344 AND
2 1 88 256 345 AND
2 1 89 256 346 AND
2 1 90 256 347 AND
2 1 91 256 348 AND
2 1 92 256 349 AND
2 1 93 256 350 AND
2 1 94 256 351 AND
2 1 95 256 352 AND
2 1 96 256 353 AND
2 1 97 256 354 AND
2 1 98 256 355 AND
2 1 99 256 356 AND
2 1 100 256 357 AND
2 1 101 256 358 AND
2 1 102 256 359 AND
2 1 103 256 360 AND
2 1 104 256 361 AND
2 1 105 256 362 AND
2 1 106 256 363 AND
2 1 107 256 364 AND
2 1 108 256 365 AND
2 1 109 256 366 AND
2 1 110 256 367 AND
2 1 111 256 368 AND
2 1 112 256 369 AND
2 1 113 256 370 AND
2 1 114 256 371 AND
2 1 115 256 372 AND
2 1 116 256 373 AND
2 1 117 256 374 AND
2 1 118 256 375 AND
2 1 119 256 376 AND
2 1 120 256 377 AND
2 1 121 256 378 AND
2 1 122 256 379 AND
2 1 123 256 380 AND
2 1 124 256 381 AND
2 1 125 256 382 AND
2 1 126 256 383 AND
2 1 127 256 384 AND
2 1 128 256 385 AND
2 1 129 256 386 AND
2 1 130 256 387 AND
2 1 131 256 388 AND
2 1 132 256 389 AND
2 1 133 256 390 AND
2 1 134 256 391 AND
2 1 135 256 392 AND
2 1 136 256 393 AND
2 1 137 256 394 AND
2 1 138 256 395 AND
2 1 139 256 396 AND
2 1 140 256 397 AND
2 1 141 256 398 AND
2 1 142 256 399 AND
2 1 143 256 400 AND
2 1 144 256 401 AND
2 1 145 256 402 AND
2 1 146 256 403 AND
2 1 147 256 404 AND
2 1 148 256 405 AND
2 1 149 256 406 AND
2 1 150 256 407 AND
2 1 151 256 408 AND
2 1 152 256 409 AND
2 1 153 256 410 AND
2 1 154 256 411 AND
2 1 155 256 412 AND
2 1 156 256 413 AND
2 1 157 256 414 AND
2 1 158 256 415 AND
2 1 159 256 416 AND
2 1 160 256 417 AND
2 1 161 256 418 AND
2 1 162 256 419 AND
2 1 163 256 420 AND
2 1 164 256 421 AND
2 1 165 256 422 AND
2 1 166 256 423 AND
2 1 167 256 424 AND
2 1 168 256 425 AND
2 1 169 256 426 AND
2 1 170 256 427 AND
2 1 171 256 428 AND
2 1 172 256 429 AND
2 1 173 256 430 AND
2 1 174 256 431 AND
2 1 175 256 432 AND
2 1 176 256 433 AND
2 1 177 256 434 AND
2 1 178 256 435 AND
2 1 179 256 436 AND
2 1 180 256 437 AND
2 1 181 256 438 AND
2 1 182 256 439 AND
2 1 183 256 440 AND
2 1 184 256 441 AND
2 1 185 256 442 AND
2 1 186 256 443 AND
2 1 187 256 444 AND
2 1 188 256 445 AND
2 1 189 256 446 AND
2 1 190 256 447 AND
2 1 191 256 448 AND
2 1 192 256 449 AND
2 1 193 256 450 AND
2 1 194 256 451 AND
2 1 195 256 452 AND
2 1 196 256 453 AND
2 1 197 256 454 AND
2 1 198 256 455 AND
2 1 199 256 456 AND
2 1 200 256 457 AND
2 1 201 256 458 AND
2 1 202 256 459 AND
2 1 203 256 460 AND
2 1 204 256 461 AND
2 1 205 256 462 AND
2 1 206 256 463 AND
2 1 207 256 464 AND
2 1 208 256 465 AND
2 1 209 256 466 AND
2 1 210 256 467 AND
2 1 211 256 468 AND
2 1 212 256 469 AND
2 1 213 256 470 AND
2 1 214 256 471 AND
2 1 215 256 472 AND
2 1 216 256 473 AND
2 1 217 256 474 AND
2 1 218 256 475 AND
2 1 219 256 476 AND
2 1 220 256 477 AND
2 1 221 256 478 AND
2 1 222 256 479 AND
2 1 223 256 480 AND
2 1 224 256 481 AND
2 1 225 256 482 AND
2 1 226 256 483 AND
2 1 227 256 484 AND
2 1 228 256 485 AND
2 1 229 256 486 AND
2 1 230 256 487 AND
2 1 231 256 488 AND
2 1 232 256 489 AND
2 1 233 256 490 AND
2 1 234 256 491 AND
2 1 235 256 492 AND
2 1 236 256 493 AND
2 1 237 256 494 AND
2 1 238 256 495 AND
2 1 239 256 496 AND
2 1 240 256 497 AND
2 1 241 256 498 AND
2 1 242 256 499 AND
2 1 243 256 500 AND
2 1 244 256 501 AND
2 1 245 256 502 AND
2 1 246 256 503 AND
2 1 247 256 504 AND
2 1 248 256 505 AND
2 1 249 256 506 AND
2 1 250 256 507 AND
2 1 251 256 508 AND
2 1 252 256 509 AND
2 1 253 256 510 AND
2 1 254 256 511 AND
2 1 255 256 512 AND

135078
sha256.txt Normal file
View File

File diff suppressed because it is too large Load Diff

135076
sha256_state.txt Normal file
View File

File diff suppressed because it is too large Load Diff

26
shaPmsXorPadding.casm Normal file
View File

@@ -0,0 +1,26 @@
# pad 256 inputs with zeroes on the RIGHT from the input, then XOR with the padding byte and sha256 the result
# return sha256 state
6 1296
2 256 256
# inputs:
# msg to hash
# sha256 state from which to resume hashing
1 512
# 256 bits: sha state for inner hash
# 256 bits: sha state for outer hash
1 8 0 [512|>8] getIpadByte.casm
1 8 0 [520|>8] getOpadByte.casm
# we repeat the padding byte 32 times
512 256 [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [0|>256] [528|>256] xor256bits.casm
# the padding (xored with ipad byte) is on the RIGHT from the input. i.e. padding is LSB
# we repeat the padding byte 32 times
768 256 [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [512|>8] [528|>256] [256|>256] [784|>256] sha256.txt
# same for opad
512 256 [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [0|>256] [528|>256] xor256bits.casm
768 256 [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [520|>8] [528|>256] [256|>256] [1040|>256] sha256.txt

134
xor128bits.casm Normal file
View File

@@ -0,0 +1,134 @@
# xor two 128-bit values
128 384
2 128 128
1 128
2 1 0 128 256 XOR
2 1 1 129 257 XOR
2 1 2 130 258 XOR
2 1 3 131 259 XOR
2 1 4 132 260 XOR
2 1 5 133 261 XOR
2 1 6 134 262 XOR
2 1 7 135 263 XOR
2 1 8 136 264 XOR
2 1 9 137 265 XOR
2 1 10 138 266 XOR
2 1 11 139 267 XOR
2 1 12 140 268 XOR
2 1 13 141 269 XOR
2 1 14 142 270 XOR
2 1 15 143 271 XOR
2 1 16 144 272 XOR
2 1 17 145 273 XOR
2 1 18 146 274 XOR
2 1 19 147 275 XOR
2 1 20 148 276 XOR
2 1 21 149 277 XOR
2 1 22 150 278 XOR
2 1 23 151 279 XOR
2 1 24 152 280 XOR
2 1 25 153 281 XOR
2 1 26 154 282 XOR
2 1 27 155 283 XOR
2 1 28 156 284 XOR
2 1 29 157 285 XOR
2 1 30 158 286 XOR
2 1 31 159 287 XOR
2 1 32 160 288 XOR
2 1 33 161 289 XOR
2 1 34 162 290 XOR
2 1 35 163 291 XOR
2 1 36 164 292 XOR
2 1 37 165 293 XOR
2 1 38 166 294 XOR
2 1 39 167 295 XOR
2 1 40 168 296 XOR
2 1 41 169 297 XOR
2 1 42 170 298 XOR
2 1 43 171 299 XOR
2 1 44 172 300 XOR
2 1 45 173 301 XOR
2 1 46 174 302 XOR
2 1 47 175 303 XOR
2 1 48 176 304 XOR
2 1 49 177 305 XOR
2 1 50 178 306 XOR
2 1 51 179 307 XOR
2 1 52 180 308 XOR
2 1 53 181 309 XOR
2 1 54 182 310 XOR
2 1 55 183 311 XOR
2 1 56 184 312 XOR
2 1 57 185 313 XOR
2 1 58 186 314 XOR
2 1 59 187 315 XOR
2 1 60 188 316 XOR
2 1 61 189 317 XOR
2 1 62 190 318 XOR
2 1 63 191 319 XOR
2 1 64 192 320 XOR
2 1 65 193 321 XOR
2 1 66 194 322 XOR
2 1 67 195 323 XOR
2 1 68 196 324 XOR
2 1 69 197 325 XOR
2 1 70 198 326 XOR
2 1 71 199 327 XOR
2 1 72 200 328 XOR
2 1 73 201 329 XOR
2 1 74 202 330 XOR
2 1 75 203 331 XOR
2 1 76 204 332 XOR
2 1 77 205 333 XOR
2 1 78 206 334 XOR
2 1 79 207 335 XOR
2 1 80 208 336 XOR
2 1 81 209 337 XOR
2 1 82 210 338 XOR
2 1 83 211 339 XOR
2 1 84 212 340 XOR
2 1 85 213 341 XOR
2 1 86 214 342 XOR
2 1 87 215 343 XOR
2 1 88 216 344 XOR
2 1 89 217 345 XOR
2 1 90 218 346 XOR
2 1 91 219 347 XOR
2 1 92 220 348 XOR
2 1 93 221 349 XOR
2 1 94 222 350 XOR
2 1 95 223 351 XOR
2 1 96 224 352 XOR
2 1 97 225 353 XOR
2 1 98 226 354 XOR
2 1 99 227 355 XOR
2 1 100 228 356 XOR
2 1 101 229 357 XOR
2 1 102 230 358 XOR
2 1 103 231 359 XOR
2 1 104 232 360 XOR
2 1 105 233 361 XOR
2 1 106 234 362 XOR
2 1 107 235 363 XOR
2 1 108 236 364 XOR
2 1 109 237 365 XOR
2 1 110 238 366 XOR
2 1 111 239 367 XOR
2 1 112 240 368 XOR
2 1 113 241 369 XOR
2 1 114 242 370 XOR
2 1 115 243 371 XOR
2 1 116 244 372 XOR
2 1 117 245 373 XOR
2 1 118 246 374 XOR
2 1 119 247 375 XOR
2 1 120 248 376 XOR
2 1 121 249 377 XOR
2 1 122 250 378 XOR
2 1 123 251 379 XOR
2 1 124 252 380 XOR
2 1 125 253 381 XOR
2 1 126 254 382 XOR
2 1 127 255 383 XOR

262
xor256bits.casm Normal file
View File

@@ -0,0 +1,262 @@
# xor two 256-bit values
256 768
2 256 256
1 256
2 1 0 256 512 XOR
2 1 1 257 513 XOR
2 1 2 258 514 XOR
2 1 3 259 515 XOR
2 1 4 260 516 XOR
2 1 5 261 517 XOR
2 1 6 262 518 XOR
2 1 7 263 519 XOR
2 1 8 264 520 XOR
2 1 9 265 521 XOR
2 1 10 266 522 XOR
2 1 11 267 523 XOR
2 1 12 268 524 XOR
2 1 13 269 525 XOR
2 1 14 270 526 XOR
2 1 15 271 527 XOR
2 1 16 272 528 XOR
2 1 17 273 529 XOR
2 1 18 274 530 XOR
2 1 19 275 531 XOR
2 1 20 276 532 XOR
2 1 21 277 533 XOR
2 1 22 278 534 XOR
2 1 23 279 535 XOR
2 1 24 280 536 XOR
2 1 25 281 537 XOR
2 1 26 282 538 XOR
2 1 27 283 539 XOR
2 1 28 284 540 XOR
2 1 29 285 541 XOR
2 1 30 286 542 XOR
2 1 31 287 543 XOR
2 1 32 288 544 XOR
2 1 33 289 545 XOR
2 1 34 290 546 XOR
2 1 35 291 547 XOR
2 1 36 292 548 XOR
2 1 37 293 549 XOR
2 1 38 294 550 XOR
2 1 39 295 551 XOR
2 1 40 296 552 XOR
2 1 41 297 553 XOR
2 1 42 298 554 XOR
2 1 43 299 555 XOR
2 1 44 300 556 XOR
2 1 45 301 557 XOR
2 1 46 302 558 XOR
2 1 47 303 559 XOR
2 1 48 304 560 XOR
2 1 49 305 561 XOR
2 1 50 306 562 XOR
2 1 51 307 563 XOR
2 1 52 308 564 XOR
2 1 53 309 565 XOR
2 1 54 310 566 XOR
2 1 55 311 567 XOR
2 1 56 312 568 XOR
2 1 57 313 569 XOR
2 1 58 314 570 XOR
2 1 59 315 571 XOR
2 1 60 316 572 XOR
2 1 61 317 573 XOR
2 1 62 318 574 XOR
2 1 63 319 575 XOR
2 1 64 320 576 XOR
2 1 65 321 577 XOR
2 1 66 322 578 XOR
2 1 67 323 579 XOR
2 1 68 324 580 XOR
2 1 69 325 581 XOR
2 1 70 326 582 XOR
2 1 71 327 583 XOR
2 1 72 328 584 XOR
2 1 73 329 585 XOR
2 1 74 330 586 XOR
2 1 75 331 587 XOR
2 1 76 332 588 XOR
2 1 77 333 589 XOR
2 1 78 334 590 XOR
2 1 79 335 591 XOR
2 1 80 336 592 XOR
2 1 81 337 593 XOR
2 1 82 338 594 XOR
2 1 83 339 595 XOR
2 1 84 340 596 XOR
2 1 85 341 597 XOR
2 1 86 342 598 XOR
2 1 87 343 599 XOR
2 1 88 344 600 XOR
2 1 89 345 601 XOR
2 1 90 346 602 XOR
2 1 91 347 603 XOR
2 1 92 348 604 XOR
2 1 93 349 605 XOR
2 1 94 350 606 XOR
2 1 95 351 607 XOR
2 1 96 352 608 XOR
2 1 97 353 609 XOR
2 1 98 354 610 XOR
2 1 99 355 611 XOR
2 1 100 356 612 XOR
2 1 101 357 613 XOR
2 1 102 358 614 XOR
2 1 103 359 615 XOR
2 1 104 360 616 XOR
2 1 105 361 617 XOR
2 1 106 362 618 XOR
2 1 107 363 619 XOR
2 1 108 364 620 XOR
2 1 109 365 621 XOR
2 1 110 366 622 XOR
2 1 111 367 623 XOR
2 1 112 368 624 XOR
2 1 113 369 625 XOR
2 1 114 370 626 XOR
2 1 115 371 627 XOR
2 1 116 372 628 XOR
2 1 117 373 629 XOR
2 1 118 374 630 XOR
2 1 119 375 631 XOR
2 1 120 376 632 XOR
2 1 121 377 633 XOR
2 1 122 378 634 XOR
2 1 123 379 635 XOR
2 1 124 380 636 XOR
2 1 125 381 637 XOR
2 1 126 382 638 XOR
2 1 127 383 639 XOR
2 1 128 384 640 XOR
2 1 129 385 641 XOR
2 1 130 386 642 XOR
2 1 131 387 643 XOR
2 1 132 388 644 XOR
2 1 133 389 645 XOR
2 1 134 390 646 XOR
2 1 135 391 647 XOR
2 1 136 392 648 XOR
2 1 137 393 649 XOR
2 1 138 394 650 XOR
2 1 139 395 651 XOR
2 1 140 396 652 XOR
2 1 141 397 653 XOR
2 1 142 398 654 XOR
2 1 143 399 655 XOR
2 1 144 400 656 XOR
2 1 145 401 657 XOR
2 1 146 402 658 XOR
2 1 147 403 659 XOR
2 1 148 404 660 XOR
2 1 149 405 661 XOR
2 1 150 406 662 XOR
2 1 151 407 663 XOR
2 1 152 408 664 XOR
2 1 153 409 665 XOR
2 1 154 410 666 XOR
2 1 155 411 667 XOR
2 1 156 412 668 XOR
2 1 157 413 669 XOR
2 1 158 414 670 XOR
2 1 159 415 671 XOR
2 1 160 416 672 XOR
2 1 161 417 673 XOR
2 1 162 418 674 XOR
2 1 163 419 675 XOR
2 1 164 420 676 XOR
2 1 165 421 677 XOR
2 1 166 422 678 XOR
2 1 167 423 679 XOR
2 1 168 424 680 XOR
2 1 169 425 681 XOR
2 1 170 426 682 XOR
2 1 171 427 683 XOR
2 1 172 428 684 XOR
2 1 173 429 685 XOR
2 1 174 430 686 XOR
2 1 175 431 687 XOR
2 1 176 432 688 XOR
2 1 177 433 689 XOR
2 1 178 434 690 XOR
2 1 179 435 691 XOR
2 1 180 436 692 XOR
2 1 181 437 693 XOR
2 1 182 438 694 XOR
2 1 183 439 695 XOR
2 1 184 440 696 XOR
2 1 185 441 697 XOR
2 1 186 442 698 XOR
2 1 187 443 699 XOR
2 1 188 444 700 XOR
2 1 189 445 701 XOR
2 1 190 446 702 XOR
2 1 191 447 703 XOR
2 1 192 448 704 XOR
2 1 193 449 705 XOR
2 1 194 450 706 XOR
2 1 195 451 707 XOR
2 1 196 452 708 XOR
2 1 197 453 709 XOR
2 1 198 454 710 XOR
2 1 199 455 711 XOR
2 1 200 456 712 XOR
2 1 201 457 713 XOR
2 1 202 458 714 XOR
2 1 203 459 715 XOR
2 1 204 460 716 XOR
2 1 205 461 717 XOR
2 1 206 462 718 XOR
2 1 207 463 719 XOR
2 1 208 464 720 XOR
2 1 209 465 721 XOR
2 1 210 466 722 XOR
2 1 211 467 723 XOR
2 1 212 468 724 XOR
2 1 213 469 725 XOR
2 1 214 470 726 XOR
2 1 215 471 727 XOR
2 1 216 472 728 XOR
2 1 217 473 729 XOR
2 1 218 474 730 XOR
2 1 219 475 731 XOR
2 1 220 476 732 XOR
2 1 221 477 733 XOR
2 1 222 478 734 XOR
2 1 223 479 735 XOR
2 1 224 480 736 XOR
2 1 225 481 737 XOR
2 1 226 482 738 XOR
2 1 227 483 739 XOR
2 1 228 484 740 XOR
2 1 229 485 741 XOR
2 1 230 486 742 XOR
2 1 231 487 743 XOR
2 1 232 488 744 XOR
2 1 233 489 745 XOR
2 1 234 490 746 XOR
2 1 235 491 747 XOR
2 1 236 492 748 XOR
2 1 237 493 749 XOR
2 1 238 494 750 XOR
2 1 239 495 751 XOR
2 1 240 496 752 XOR
2 1 241 497 753 XOR
2 1 242 498 754 XOR
2 1 243 499 755 XOR
2 1 244 500 756 XOR
2 1 245 501 757 XOR
2 1 246 502 758 XOR
2 1 247 503 759 XOR
2 1 248 504 760 XOR
2 1 249 505 761 XOR
2 1 250 506 762 XOR
2 1 251 507 763 XOR
2 1 252 508 764 XOR
2 1 253 509 765 XOR
2 1 254 510 766 XOR
2 1 255 511 767 XOR

38
xor32bits.casm Normal file
View File

@@ -0,0 +1,38 @@
# xor two 32-bit values
32 96
2 32 32
1 32
2 1 0 32 64 XOR
2 1 1 33 65 XOR
2 1 2 34 66 XOR
2 1 3 35 67 XOR
2 1 4 36 68 XOR
2 1 5 37 69 XOR
2 1 6 38 70 XOR
2 1 7 39 71 XOR
2 1 8 40 72 XOR
2 1 9 41 73 XOR
2 1 10 42 74 XOR
2 1 11 43 75 XOR
2 1 12 44 76 XOR
2 1 13 45 77 XOR
2 1 14 46 78 XOR
2 1 15 47 79 XOR
2 1 16 48 80 XOR
2 1 17 49 81 XOR
2 1 18 50 82 XOR
2 1 19 51 83 XOR
2 1 20 52 84 XOR
2 1 21 53 85 XOR
2 1 22 54 86 XOR
2 1 23 55 87 XOR
2 1 24 56 88 XOR
2 1 25 57 89 XOR
2 1 26 58 90 XOR
2 1 27 59 91 XOR
2 1 28 60 92 XOR
2 1 29 61 93 XOR
2 1 30 62 94 XOR
2 1 31 63 95 XOR