github/self
1
1
Fork 0
mirror of https://github.com/selfxyz/self.git synced 2026-04-05 03:00:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

refactor mgf1 to one template

Browse Source
This commit is contained in:
seshanthS
2025-01-16 16:00:03 +05:30
parent 8adf0461dc
commit 263d616462
3 changed files with 62 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

201
circuits/circuits/utils/crypto/signature/rsapss/mgf1.circom
View File

@@ -14,193 +14,96 @@ include "circomlib/circuits/bitify.circom";
* 3. Incrementing counter and repeating until enough output bits are generated
*/
/// @title MGF1 with SHA-512
/// @notice Implements MGF1 using SHA-512 as the underlying hash function
/// @title MGF1 with configurable SHA hash function
/// @notice Implements MGF1 using SHA-512/384/256 as the underlying hash function
/// @param hashLenBits len of SHA hash in bits (512, 384, or 256)
/// @param seedLen Length of the input seed in bytes
/// @param maskLen Desired length of the output mask in bytes
/// @input seed Input seed value as array of bits
/// @output out Generated mask as array of bits
template Mgf1Sha512(seedLen, maskLen) { //in bytes
template Mgf1(hashLenBits, seedLen, maskLen) {
// Validate hash length
assert(hashLenBits == 512 || hashLenBits == 384 || hashLenBits == 256);
// Calculate hash-specific parameters
var hashLen = hashLenBits \ 8;
// var hashLenBits = hashLen * 8;
var seedLenBits = seedLen * 8;
var maskLenBits = maskLen * 8;
var hashLen = 64; //output len of sha function in bytes
var hashLenBits = hashLen * 8;//output len of sha function in bits
signal input seed[seedLenBits]; //each represents a bit
// Input/output signals
signal input seed[seedLenBits];
signal output out[maskLenBits];
// Verify mask length doesn't exceed maximum allowed
assert(maskLen <= 0xffffffff * hashLen );
assert(maskLen <= 0xffffffff * hashLen);
// Calculate number of iterations needed
// Calculate iterations needed
var iterations = (maskLen \ hashLen) + 1; //adding 1, in-case maskLen \ hashLen is 0
// Initialize components for SHA-512 hashing and counter conversion
component sha512[iterations];
// Initialize components
component shaHash[iterations];
component num2Bits[iterations];
// Configure hash components based on type
for (var i = 0; i < iterations; i++) {
//512 + 32 bits for counter
sha512[i] = ShaHashBits(544, 512);
if (hashLenBits == 512) {
shaHash[i] = ShaHashBits(544, 512);
} else if (hashLenBits == 384) {
shaHash[i] = ShaHashBits(416, 384);
} else {
// shaHash[i] = ShaHashChunks(1, 256);
shaHash[i] = ShaHashBits(288, 256);
}
num2Bits[i] = Num2Bits(32);
}
var concated[hashLenBits + 32]; //seed + 32 bits(4 Bytes) for counter
signal hashed[hashLenBits * (iterations)];
var concated[1024]; // Using max size needed
signal hashed[hashLenBits * iterations];
// Copy seed to concatenated array
for (var i = 0; i < seedLenBits; i++) {
concated[i] = seed[i];
}
// Main MGF1 logic
for (var i = 0; i < iterations; i++) {
num2Bits[i].in <== i; //convert counter to bits
num2Bits[i].in <== i;
// Concatenate counter
for (var j = 0; j < 32; j++) {
//concat seed and counter
concated[seedLenBits + j] = num2Bits[i].out[31-j];
}
//hashing value
sha512[i].in <== concated;
// Input to hash function
if (hashLenBits == 256) {
for (var k = 0; k < 288; k++) {
shaHash[i].in[k] <== concated[k];
}
}
if (hashLenBits == 384) {
for (var k = 0; k < 416; k++) {
shaHash[i].in[k] <== concated[k];
}
}
if (hashLenBits == 512) {
for (var k = 0; k < 544; k++) {
shaHash[i].in[k] <== concated[k];
}
}
// Store hash output
for (var j = 0; j < hashLenBits; j++) {
hashed[i * hashLenBits + j] <== sha512[i].out[j];
hashed[i * hashLenBits + j] <== shaHash[i].out[j];
}
}
// Output assignment
for (var i = 0; i < maskLenBits; i++) {
out[i] <== hashed[i];
}
}
/// @title MGF1 with SHA-384
/// @notice Implements MGF1 using SHA-384 as the underlying hash function
/// @param seedLen Length of the input seed in bytes
/// @param maskLen Desired length of the output mask in bytes
/// @input seed Input seed value as array of bits
/// @output out Generated mask as array of bits
template Mgf1Sha384(SEED_LEN, MASK_LEN) { //in bytes
var SEED_LEN_BITS = SEED_LEN * 8;
var MASK_LEN_BITS = MASK_LEN * 8;
var HASH_LEN = 48; //output len of sha function in bytes
var HASH_LEN_BITS = HASH_LEN * 8;//output len of sha function in bits
signal input seed[SEED_LEN_BITS]; //each represents a bit
signal output out[MASK_LEN_BITS];
assert(MASK_LEN <= 0xffffffff * HASH_LEN );
var ITERATIONS = (MASK_LEN \ HASH_LEN) + 1; //adding 1, in-case MASK_LEN \ HASH_LEN is 0
component sha384[ITERATIONS];
component num2Bits[ITERATIONS];
for (var i = 0; i < ITERATIONS; i++) {
sha384[i] = ShaHashBits(416, 384); //32 bits for counter
num2Bits[i] = Num2Bits(32);
}
var concated[1024]; //seed + 32 bits(4 Bytes) for counter
signal hashed[HASH_LEN_BITS * (ITERATIONS)];
for (var i = 0; i < SEED_LEN_BITS; i++) {
concated[i] = seed[i];
}
for (var i = 0; i < ITERATIONS; i++) {
num2Bits[i].in <== i; //convert counter to bits
for (var j = 0; j < 32; j++) {
//concat seed and counter
concated[SEED_LEN_BITS + j] = num2Bits[i].out[31-j];
}
for (var k =0; k < 416; k++) {
sha384[i].in[k] <== concated[k];
}
for (var j = 0; j < HASH_LEN_BITS; j++) {
hashed[i * HASH_LEN_BITS + j] <== sha384[i].out[j];
}
}
for (var i = 0; i < MASK_LEN_BITS; i++) {
out[i] <== hashed[i];
}
}
/// @title MGF1 with SHA-256
/// @notice Implements MGF1 using SHA-256 as the underlying hash function
/// @param seedLen Length of the input seed in bytes
/// @param maskLen Desired length of the output mask in bytes
/// @input seed Input seed value as array of bits
/// @output out Generated mask as array of bits
template Mgf1Sha256(SEED_LEN, MASK_LEN) { //in bytes
var SEED_LEN_BITS = SEED_LEN * 8;
var MASK_LEN_BITS = MASK_LEN * 8;
var HASH_LEN = 32; //output len of sha function in bytes
var HASH_LEN_BITS = HASH_LEN * 8;//output len of sha function in bits
signal input seed[SEED_LEN_BITS]; //each represents a bit
signal output out[MASK_LEN_BITS];
assert(MASK_LEN <= 0xffffffff * HASH_LEN );
var ITERATIONS = (MASK_LEN \ HASH_LEN) + 1; //adding 1, in-case MASK_LEN \ HASH_LEN is 0
component sha256[ITERATIONS];
component num2Bits[ITERATIONS];
for (var i = 0; i < ITERATIONS; i++) {
sha256[i] = ShaHashChunks(1, 256); //32 bits for counter
num2Bits[i] = Num2Bits(32);
}
var concated[512]; //seed + 32 bits(4 Bytes) for counter
signal hashed[HASH_LEN_BITS * (ITERATIONS)];
for (var i = 0; i < SEED_LEN_BITS; i++) {
concated[i] = seed[i];
}
for (var i = 0; i < ITERATIONS; i++) {
num2Bits[i].in <== i; //convert counter to bits
for (var j = 0; j < 32; j++) {
//concat seed and counter
concated[SEED_LEN_BITS + j] = num2Bits[i].out[31-j];
}
//adding padding (len = 288 = 100100000)
for (var j = 289; j < 503; j++) {
concated[j] = 0;
}
concated[288] = 1;
concated[511] = 0;
concated[510] = 0;
concated[509] = 0;
concated[508] = 0;
concated[507] = 0;
concated[506] = 1;
concated[505] = 0;
concated[504] = 0;
concated[503] = 1;
//hashing value
sha256[i].in <== concated;
for (var j = 0; j < HASH_LEN_BITS; j++) {
hashed[i * HASH_LEN_BITS + j] <== sha256[i].out[j];
}
}
for (var i = 0; i < MASK_LEN_BITS; i++) {
out[i] <== hashed[i];
}
}

35
circuits/circuits/utils/crypto/signature/rsapss/rsapss3.circom
View File

@@ -133,38 +133,13 @@ template VerifyRsaPss3Sig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, HASH_TYPE, KEY_LEN
}
//getting mask
if (HASH_TYPE == 256) {
component MGF1_256 = Mgf1Sha256(HASH_LEN, DB_MASK_LEN);
for (var i = 0; i < (HASH_TYPE); i++) {
MGF1_256.seed[i] <== hash[i];
}
for (var i = 0; i < DB_MASK_LEN * 8; i++) {
dbMask[i] <== MGF1_256.out[i];
}
component MGF1 = Mgf1(HASH_TYPE, HASH_LEN, DB_MASK_LEN);
for (var i = 0; i < (HASH_TYPE); i++) {
MGF1.seed[i] <== hash[i];
}
if (HASH_TYPE == 384) {
component MGF1_384 = Mgf1Sha384(HASH_LEN, DB_MASK_LEN);
for (var i = 0; i < (HASH_TYPE); i++) {
MGF1_384.seed[i] <== hash[i];
}
for (var i = 0; i < DB_MASK_LEN * 8; i++) {
dbMask[i] <== MGF1_384.out[i];
}
}
if (HASH_TYPE == 512) {
component MGF1_512 = Mgf1Sha512(HASH_LEN, DB_MASK_LEN);
for (var i = 0; i < (HASH_TYPE); i++) {
MGF1_512.seed[i] <== hash[i];
}
for (var i = 0; i < DB_MASK_LEN * 8; i++) {
dbMask[i] <== MGF1_512.out[i];
}
for (var i = 0; i < DB_MASK_LEN * 8; i++) {
dbMask[i] <== MGF1.out[i];
}
component xor = Xor2(DB_MASK_LEN * 8);

35
circuits/circuits/utils/crypto/signature/rsapss/rsapss65537.circom
View File

@@ -135,38 +135,13 @@ template VerifyRsaPss65537Sig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, HASH_TYPE, KEY
}
//getting mask
if (HASH_TYPE == 256) {
component MGF1_256 = Mgf1Sha256(HASH_LEN, DB_MASK_LEN);
for (var i = 0; i < (HASH_TYPE); i++) {
MGF1_256.seed[i] <== hash[i];
}
for (var i = 0; i < DB_MASK_LEN * 8; i++) {
dbMask[i] <== MGF1_256.out[i];
}
component MGF1 = Mgf1(HASH_TYPE, HASH_LEN, DB_MASK_LEN);
for (var i = 0; i < (HASH_TYPE); i++) {
MGF1.seed[i] <== hash[i];
}
if (HASH_TYPE == 384) {
component MGF1_384 = Mgf1Sha384(HASH_LEN, DB_MASK_LEN);
for (var i = 0; i < (HASH_TYPE); i++) {
MGF1_384.seed[i] <== hash[i];
}
for (var i = 0; i < DB_MASK_LEN * 8; i++) {
dbMask[i] <== MGF1_384.out[i];
}
}
if (HASH_TYPE == 512) {
component MGF1_512 = Mgf1Sha512(HASH_LEN, DB_MASK_LEN);
for (var i = 0; i < (HASH_TYPE); i++) {
MGF1_512.seed[i] <== hash[i];
}
for (var i = 0; i < DB_MASK_LEN * 8; i++) {
dbMask[i] <== MGF1_512.out[i];
}
for (var i = 0; i < DB_MASK_LEN * 8; i++) {
dbMask[i] <== MGF1.out[i];
}
component xor = Xor2(DB_MASK_LEN * 8);