AtHeartEngineer/snarkjs
1
0
Fork 0
mirror of https://github.com/CryptKeeperZK/snarkjs.git synced 2026-01-07 22:44:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: Use WebCrypto if available (#364)

Browse Source 
chore: Increase eslint ecmaVersion to 2022
chore: Lint cleanup
This commit is contained in:
Blaine Bublitz
2023-05-18 04:53:45 +01:00
committed by GitHub
parent 2f9def43f7
commit e094f553c0
12 changed files with 176 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.eslintrc.cjs
View File

@@ -8,7 +8,7 @@ module.exports = {
"mocha": true
},
"parserOptions": {
"ecmaVersion": 2020,
"ecmaVersion": 2022,
"sourceType": "module"
},
"extends": "eslint:recommended",

61
build/cli.cjs
View File

@@ -279,26 +279,53 @@ function askEntropy() {
}
}
function getRandomBytes(n) {
let array = new Uint8Array(n);
if (typeof globalThis.crypto !== "undefined") { // Supported
globalThis.crypto.getRandomValues(array);
} else { // NodeJS
crypto__default["default"].randomFillSync(array);
}
return array;
}
async function sha256digest(data) {
if (typeof globalThis.crypto !== "undefined" && typeof globalThis.crypto.subtle !== "undefined") { // Supported
const buffer = await globalThis.crypto.subtle.digest("SHA-256", data.buffer);
return new Uint8Array(buffer);
} else { // NodeJS
return crypto__default["default"].createHash("sha256").update(data).digest();
}
}
/**
* @param {Uint8Array} data
* @param {number} offset
*/
function readUInt32BE(data, offset) {
return new DataView(data.buffer).getUint32(offset, false);
}
async function getRandomRng(entropy) {
// Generate a random Rng
while (!entropy) {
entropy = await askEntropy();
}
const hasher = Blake2b__default["default"](64);
hasher.update(crypto__default["default"].randomBytes(64));
hasher.update(getRandomBytes(64));
const enc = new TextEncoder(); // always utf-8
hasher.update(enc.encode(entropy));
const hash = Buffer.from(hasher.digest());
const hash = hasher.digest();
const seed = [];
for (let i=0;i<8;i++) {
seed[i] = hash.readUInt32BE(i*4);
seed[i] = readUInt32BE(hash, i*4);
}
const rng = new ffjavascript.ChaCha(seed);
return rng;
}
function rngFromBeaconParams(beaconHash, numIterationsExp) {
async function rngFromBeaconParams(beaconHash, numIterationsExp) {
let nIterationsInner;
let nIterationsOuter;
if (numIterationsExp<32) {
@@ -312,7 +339,7 @@ function rngFromBeaconParams(beaconHash, numIterationsExp) {
let curHash = beaconHash;
for (let i=0; i<nIterationsOuter; i++) {
for (let j=0; j<nIterationsInner; j++) {
curHash = crypto__default["default"].createHash("sha256").update(curHash).digest();
curHash = await sha256digest(curHash);
}
}
@@ -1139,9 +1166,9 @@ function calculateFirstChallengeHash(curve, power, logger) {
}
function keyFromBeacon(curve, challengeHash, beaconHash, numIterationsExp) {
async function keyFromBeacon(curve, challengeHash, beaconHash, numIterationsExp) {
const rng = rngFromBeaconParams(beaconHash, numIterationsExp);
const rng = await rngFromBeaconParams(beaconHash, numIterationsExp);
const key = createPTauKey(curve, challengeHash, rng);
@@ -1561,7 +1588,7 @@ const sameRatio$1 = sameRatio$2;
async function verifyContribution(curve, cur, prev, logger) {
let sr;
if (cur.type == 1) { // Verify the beacon.
const beaconKey = keyFromBeacon(curve, prev.nextChallenge, cur.beaconHash, cur.numIterationsExp);
const beaconKey = await keyFromBeacon(curve, prev.nextChallenge, cur.beaconHash, cur.numIterationsExp);
if (!curve.G1.eq(cur.key.tau.g1_s, beaconKey.tau.g1_s)) {
if (logger) logger.error(`BEACON key (tauG1_s) is not generated correctly in challenge #${cur.id} ${cur.name || ""}` );
@@ -1893,13 +1920,11 @@ async function verify(tauFilename, logger) {
const basesU = await G.batchLEMtoU(bases);
nextContributionHasher.update(basesU);
const scalars = new Uint8Array(4*(n-1));
crypto__default["default"].randomFillSync(scalars);
const scalars = getRandomBytes(4*(n-1));
if (i>0) {
const firstBase = G.fromRprLEM(bases, 0);
const r = crypto__default["default"].randomBytes(4).readUInt32BE(0, true);
const r = readUInt32BE(getRandomBytes(4), 0);
R1 = G.add(R1, G.timesScalar(lastBase, r));
R2 = G.add(R2, G.timesScalar(firstBase, r));
@@ -1940,7 +1965,7 @@ async function verify(tauFilename, logger) {
const seed= new Array(8);
for (let i=0; i<8; i++) {
seed[i] = crypto__default["default"].randomBytes(4).readUInt32BE(0, true);
seed[i] = readUInt32BE(getRandomBytes(4), 0);
}
for (let p=0; p<= power; p ++) {
@@ -2262,7 +2287,7 @@ async function beacon$1(oldPtauFilename, newPTauFilename, name, beaconHashStr,n
lastChallengeHash = calculateFirstChallengeHash(curve, power, logger);
}
curContribution.key = keyFromBeacon(curve, lastChallengeHash, beaconHash, numIterationsExp);
curContribution.key = await keyFromBeacon(curve, lastChallengeHash, beaconHash, numIterationsExp);
const responseHasher = new Blake2b__default["default"](64);
responseHasher.update(lastChallengeHash);
@@ -4564,7 +4589,7 @@ async function phase2verifyFromInit(initFileName, pTauFileName, zkeyFileName, lo
}
if (c.type == 1) {
const rng = rngFromBeaconParams(c.beaconHash, c.numIterationsExp);
const rng = await rngFromBeaconParams(c.beaconHash, c.numIterationsExp);
const expected_prvKey = curve.Fr.fromRng(rng);
const expected_g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
const expected_g1_sx = curve.G1.toAffine(curve.G1.timesFr(expected_g1_s, expected_prvKey));
@@ -4740,9 +4765,7 @@ async function phase2verifyFromInit(initFileName, pTauFileName, zkeyFileName, lo
const bases1 = await fd1.read(n*sG);
const bases2 = await fd2.read(n*sG);
const scalars = new Uint8Array(4*n);
crypto__default["default"].randomFillSync(scalars);
const scalars = getRandomBytes(4*n);
const r1 = await G.multiExpAffine(bases1, scalars);
const r2 = await G.multiExpAffine(bases2, scalars);
@@ -4773,7 +4796,7 @@ async function phase2verifyFromInit(initFileName, pTauFileName, zkeyFileName, lo
const seed= new Array(8);
for (let i=0; i<8; i++) {
seed[i] = crypto__default["default"].randomBytes(4).readUInt32BE(0, true);
seed[i] = readUInt32BE(getRandomBytes(4), 0);
}
const rng = new ffjavascript.ChaCha(seed);
for (let i=0; i<zkey.domainSize-1; i++) { // Note that last one is zero

61
build/main.cjs
View File

@@ -174,26 +174,53 @@ function askEntropy() {
}
}
function getRandomBytes(n) {
let array = new Uint8Array(n);
if (typeof globalThis.crypto !== "undefined") { // Supported
globalThis.crypto.getRandomValues(array);
} else { // NodeJS
crypto__default["default"].randomFillSync(array);
}
return array;
}
async function sha256digest(data) {
if (typeof globalThis.crypto !== "undefined" && typeof globalThis.crypto.subtle !== "undefined") { // Supported
const buffer = await globalThis.crypto.subtle.digest("SHA-256", data.buffer);
return new Uint8Array(buffer);
} else { // NodeJS
return crypto__default["default"].createHash("sha256").update(data).digest();
}
}
/**
* @param {Uint8Array} data
* @param {number} offset
*/
function readUInt32BE(data, offset) {
return new DataView(data.buffer).getUint32(offset, false);
}
async function getRandomRng(entropy) {
// Generate a random Rng
while (!entropy) {
entropy = await askEntropy();
}
const hasher = Blake2b__default["default"](64);
hasher.update(crypto__default["default"].randomBytes(64));
hasher.update(getRandomBytes(64));
const enc = new TextEncoder(); // always utf-8
hasher.update(enc.encode(entropy));
const hash = Buffer.from(hasher.digest());
const hash = hasher.digest();
const seed = [];
for (let i=0;i<8;i++) {
seed[i] = hash.readUInt32BE(i*4);
seed[i] = readUInt32BE(hash, i*4);
}
const rng = new ffjavascript.ChaCha(seed);
return rng;
}
function rngFromBeaconParams(beaconHash, numIterationsExp) {
async function rngFromBeaconParams(beaconHash, numIterationsExp) {
let nIterationsInner;
let nIterationsOuter;
if (numIterationsExp<32) {
@@ -207,7 +234,7 @@ function rngFromBeaconParams(beaconHash, numIterationsExp) {
let curHash = beaconHash;
for (let i=0; i<nIterationsOuter; i++) {
for (let j=0; j<nIterationsInner; j++) {
curHash = crypto__default["default"].createHash("sha256").update(curHash).digest();
curHash = await sha256digest(curHash);
}
}
@@ -1847,9 +1874,9 @@ function calculateFirstChallengeHash(curve, power, logger) {
}
function keyFromBeacon(curve, challengeHash, beaconHash, numIterationsExp) {
async function keyFromBeacon(curve, challengeHash, beaconHash, numIterationsExp) {
const rng = rngFromBeaconParams(beaconHash, numIterationsExp);
const rng = await rngFromBeaconParams(beaconHash, numIterationsExp);
const key = createPTauKey(curve, challengeHash, rng);
@@ -2269,7 +2296,7 @@ const sameRatio$1 = sameRatio$2;
async function verifyContribution(curve, cur, prev, logger) {
let sr;
if (cur.type == 1) { // Verify the beacon.
const beaconKey = keyFromBeacon(curve, prev.nextChallenge, cur.beaconHash, cur.numIterationsExp);
const beaconKey = await keyFromBeacon(curve, prev.nextChallenge, cur.beaconHash, cur.numIterationsExp);
if (!curve.G1.eq(cur.key.tau.g1_s, beaconKey.tau.g1_s)) {
if (logger) logger.error(`BEACON key (tauG1_s) is not generated correctly in challenge #${cur.id} ${cur.name || ""}` );
@@ -2601,13 +2628,11 @@ async function verify(tauFilename, logger) {
const basesU = await G.batchLEMtoU(bases);
nextContributionHasher.update(basesU);
const scalars = new Uint8Array(4*(n-1));
crypto__default["default"].randomFillSync(scalars);
const scalars = getRandomBytes(4*(n-1));
if (i>0) {
const firstBase = G.fromRprLEM(bases, 0);
const r = crypto__default["default"].randomBytes(4).readUInt32BE(0, true);
const r = readUInt32BE(getRandomBytes(4), 0);
R1 = G.add(R1, G.timesScalar(lastBase, r));
R2 = G.add(R2, G.timesScalar(firstBase, r));
@@ -2648,7 +2673,7 @@ async function verify(tauFilename, logger) {
const seed= new Array(8);
for (let i=0; i<8; i++) {
seed[i] = crypto__default["default"].randomBytes(4).readUInt32BE(0, true);
seed[i] = readUInt32BE(getRandomBytes(4), 0);
}
for (let p=0; p<= power; p ++) {
@@ -2970,7 +2995,7 @@ async function beacon$1(oldPtauFilename, newPTauFilename, name, beaconHashStr,n
lastChallengeHash = calculateFirstChallengeHash(curve, power, logger);
}
curContribution.key = keyFromBeacon(curve, lastChallengeHash, beaconHash, numIterationsExp);
curContribution.key = await keyFromBeacon(curve, lastChallengeHash, beaconHash, numIterationsExp);
const responseHasher = new Blake2b__default["default"](64);
responseHasher.update(lastChallengeHash);
@@ -5283,7 +5308,7 @@ async function phase2verifyFromInit(initFileName, pTauFileName, zkeyFileName, lo
}
if (c.type == 1) {
const rng = rngFromBeaconParams(c.beaconHash, c.numIterationsExp);
const rng = await rngFromBeaconParams(c.beaconHash, c.numIterationsExp);
const expected_prvKey = curve.Fr.fromRng(rng);
const expected_g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
const expected_g1_sx = curve.G1.toAffine(curve.G1.timesFr(expected_g1_s, expected_prvKey));
@@ -5459,9 +5484,7 @@ async function phase2verifyFromInit(initFileName, pTauFileName, zkeyFileName, lo
const bases1 = await fd1.read(n*sG);
const bases2 = await fd2.read(n*sG);
const scalars = new Uint8Array(4*n);
crypto__default["default"].randomFillSync(scalars);
const scalars = getRandomBytes(4*n);
const r1 = await G.multiExpAffine(bases1, scalars);
const r2 = await G.multiExpAffine(bases2, scalars);
@@ -5492,7 +5515,7 @@ async function phase2verifyFromInit(initFileName, pTauFileName, zkeyFileName, lo
const seed= new Array(8);
for (let i=0; i<8; i++) {
seed[i] = crypto__default["default"].randomBytes(4).readUInt32BE(0, true);
seed[i] = readUInt32BE(getRandomBytes(4), 0);
}
const rng = new ffjavascript.ChaCha(seed);
for (let i=0; i<zkey.domainSize-1; i++) { // Note that last one is zero

69
build/snarkjs.js
View File

File diff suppressed because one or more lines are too long

4
build/snarkjs.min.js vendored
View File

File diff suppressed because one or more lines are too long

37
src/misc.js
View File

@@ -114,26 +114,53 @@ export function askEntropy() {
}
}
export function getRandomBytes(n) {
let array = new Uint8Array(n);
if (typeof globalThis.crypto !== "undefined") { // Supported
globalThis.crypto.getRandomValues(array);
} else { // NodeJS
crypto.randomFillSync(array);
}
return array;
}
export async function sha256digest(data) {
if (typeof globalThis.crypto !== "undefined" && typeof globalThis.crypto.subtle !== "undefined") { // Supported
const buffer = await globalThis.crypto.subtle.digest("SHA-256", data.buffer);
return new Uint8Array(buffer);
} else { // NodeJS
return crypto.createHash("sha256").update(data).digest();
}
}
/**
* @param {Uint8Array} data
* @param {number} offset
*/
export function readUInt32BE(data, offset) {
return new DataView(data.buffer).getUint32(offset, false);
}
export async function getRandomRng(entropy) {
// Generate a random Rng
while (!entropy) {
entropy = await askEntropy();
}
const hasher = Blake2b(64);
hasher.update(crypto.randomBytes(64));
hasher.update(getRandomBytes(64));
const enc = new TextEncoder(); // always utf-8
hasher.update(enc.encode(entropy));
const hash = Buffer.from(hasher.digest());
const hash = hasher.digest();
const seed = [];
for (let i=0;i<8;i++) {
seed[i] = hash.readUInt32BE(i*4);
seed[i] = readUInt32BE(hash, i*4);
}
const rng = new ChaCha(seed);
return rng;
}
export function rngFromBeaconParams(beaconHash, numIterationsExp) {
export async function rngFromBeaconParams(beaconHash, numIterationsExp) {
let nIterationsInner;
let nIterationsOuter;
if (numIterationsExp<32) {
@@ -147,7 +174,7 @@ export function rngFromBeaconParams(beaconHash, numIterationsExp) {
let curHash = beaconHash;
for (let i=0; i<nIterationsOuter; i++) {
for (let j=0; j<nIterationsInner; j++) {
curHash = crypto.createHash("sha256").update(curHash).digest();
curHash = await sha256digest(curHash);
}
}

1
src/plonk_prove.js
View File

@@ -22,7 +22,6 @@
import * as binFileUtils from "@iden3/binfileutils";
import * as zkeyUtils from "./zkey_utils.js";
import * as wtnsUtils from "./wtns_utils.js";
import { getCurveFromQ as getCurve } from "./curves.js";
import { Scalar, utils, BigBuffer } from "ffjavascript";
const {stringifyBigInts} = utils;
import jsSha3 from "js-sha3";

2
src/powersoftau_beacon.js
View File

@@ -69,7 +69,7 @@ export default async function beacon(oldPtauFilename, newPTauFilename, name, be
lastChallengeHash = utils.calculateFirstChallengeHash(curve, power, logger);
}
curContribution.key = utils.keyFromBeacon(curve, lastChallengeHash, beaconHash, numIterationsExp);
curContribution.key = await utils.keyFromBeacon(curve, lastChallengeHash, beaconHash, numIterationsExp);
const responseHasher = new Blake2b(64);
responseHasher.update(lastChallengeHash);

4
src/powersoftau_utils.js
View File

@@ -359,9 +359,9 @@ export function calculateFirstChallengeHash(curve, power, logger) {
}
export function keyFromBeacon(curve, challengeHash, beaconHash, numIterationsExp) {
export async function keyFromBeacon(curve, challengeHash, beaconHash, numIterationsExp) {
const rng = misc.rngFromBeaconParams(beaconHash, numIterationsExp);
const rng = await misc.rngFromBeaconParams(beaconHash, numIterationsExp);
const key = keyPair.createPTauKey(curve, challengeHash, rng);

11
src/powersoftau_verify.js
View File

@@ -20,7 +20,6 @@
import Blake2b from "blake2b-wasm";
import * as utils from "./powersoftau_utils.js";
import * as keyPair from "./keypair.js";
import crypto from "crypto";
import * as binFileUtils from "@iden3/binfileutils";
import { ChaCha, BigBuffer } from "ffjavascript";
import * as misc from "./misc.js";
@@ -29,7 +28,7 @@ const sameRatio = misc.sameRatio;
async function verifyContribution(curve, cur, prev, logger) {
let sr;
if (cur.type == 1) { // Verify the beacon.
const beaconKey = utils.keyFromBeacon(curve, prev.nextChallenge, cur.beaconHash, cur.numIterationsExp);
const beaconKey = await utils.keyFromBeacon(curve, prev.nextChallenge, cur.beaconHash, cur.numIterationsExp);
if (!curve.G1.eq(cur.key.tau.g1_s, beaconKey.tau.g1_s)) {
if (logger) logger.error(`BEACON key (tauG1_s) is not generated correctly in challenge #${cur.id} ${cur.name || ""}` );
@@ -361,13 +360,11 @@ export default async function verify(tauFilename, logger) {
const basesU = await G.batchLEMtoU(bases);
nextContributionHasher.update(basesU);
const scalars = new Uint8Array(4*(n-1));
crypto.randomFillSync(scalars);
const scalars = misc.getRandomBytes(4*(n-1));
if (i>0) {
const firstBase = G.fromRprLEM(bases, 0);
const r = crypto.randomBytes(4).readUInt32BE(0, true);
const r = misc.readUInt32BE(misc.getRandomBytes(4), 0);
R1 = G.add(R1, G.timesScalar(lastBase, r));
R2 = G.add(R2, G.timesScalar(firstBase, r));
@@ -408,7 +405,7 @@ export default async function verify(tauFilename, logger) {
const seed= new Array(8);
for (let i=0; i<8; i++) {
seed[i] = crypto.randomBytes(4).readUInt32BE(0, true);
seed[i] = misc.readUInt32BE(misc.getRandomBytes(4), 0);
}
for (let p=0; p<= power; p ++) {

9
src/zkey_verify_frominit.js
View File

@@ -24,7 +24,6 @@ import Blake2b from "blake2b-wasm";
import * as misc from "./misc.js";
import { hashToG2 as hashToG2 } from "./keypair.js";
const sameRatio = misc.sameRatio;
import crypto from "crypto";
import {hashG1, hashPubKey} from "./zkey_utils.js";
import { Scalar, ChaCha, BigBuffer } from "ffjavascript";
@@ -76,7 +75,7 @@ export default async function phase2verifyFromInit(initFileName, pTauFileName, z
}
if (c.type == 1) {
const rng = misc.rngFromBeaconParams(c.beaconHash, c.numIterationsExp);
const rng = await misc.rngFromBeaconParams(c.beaconHash, c.numIterationsExp);
const expected_prvKey = curve.Fr.fromRng(rng);
const expected_g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
const expected_g1_sx = curve.G1.toAffine(curve.G1.timesFr(expected_g1_s, expected_prvKey));
@@ -252,9 +251,7 @@ export default async function phase2verifyFromInit(initFileName, pTauFileName, z
const bases1 = await fd1.read(n*sG);
const bases2 = await fd2.read(n*sG);
const scalars = new Uint8Array(4*n);
crypto.randomFillSync(scalars);
const scalars = misc.getRandomBytes(4*n);
const r1 = await G.multiExpAffine(bases1, scalars);
const r2 = await G.multiExpAffine(bases2, scalars);
@@ -285,7 +282,7 @@ export default async function phase2verifyFromInit(initFileName, pTauFileName, z
const seed= new Array(8);
for (let i=0; i<8; i++) {
seed[i] = crypto.randomBytes(4).readUInt32BE(0, true);
seed[i] = misc.readUInt32BE(misc.getRandomBytes(4), 0);
}
const rng = new ChaCha(seed);
for (let i=0; i<zkey.domainSize-1; i++) { // Note that last one is zero

3
test/fullprocess.js
View File

@@ -22,14 +22,13 @@ describe("Full process", function () {
const bellman_1 = {type: "mem"};
const bellman_2 = {type: "mem"};
let vKey;
let vKeyPlonk;
const wtns = {type: "mem"};
let proof;
let publicSignals;
before( async () => {
curve = await getCurveFromName("bn128");
// curve.Fr.s = 10;
// curve.Fr.s = 10;
});
after( async () => {
await curve.terminate();