Merge branch 'feat/circom-dl' of github.com:openpassport-org/openpassport into feat/circom-dl

circuits/.gitignore

@@ -1,3 +1,4 @@
 inputs
 build
-node_modules/
+node_modules/
+err.log

circuits/circuits/disclose/vc_and_disclose.circom

@@ -1,9 +1,9 @@
 pragma circom 2.1.9;
 
-include "./verify_commitment.circom";
-include "./disclose.circom";
-include "./proveCountryIsNotInList.circom";
-include "../ofac/ofac_name.circom";
+include "../utils/passport/disclose/verify_commitment.circom";
+include "../utils/passport/disclose/disclose.circom";
+include "../utils/passport/disclose/proveCountryIsNotInList.circom";
+include "../utils/passport/ofac/ofac_name.circom";
 
 template VC_AND_DISCLOSE( nLevels,FORBIDDEN_COUNTRIES_LIST_LENGTH) {
 
@@ -45,9 +45,10 @@ template VC_AND_DISCLOSE( nLevels,FORBIDDEN_COUNTRIES_LIST_LENGTH) {
     disclose.majority <== majority;
     
     // generate scope nullifier
-    component poseidon_nullifier = Poseidon(2);
-    poseidon_nullifier.inputs[0] <== secret;
-    poseidon_nullifier.inputs[1] <== scope;
+    component poseidon_nullifier = PoseidonHash(2);
+    poseidon_nullifier.in[0] <== secret;
+    poseidon_nullifier.in[1] <== scope;
+    poseidon_nullifier.dummy <== 0;
     signal output nullifier <== poseidon_nullifier.out;
     signal output revealedData_packed[3] <== disclose.revealedData_packed;
     signal output older_than[2] <== disclose.older_than;

circuits/circuits/prove/openpassport_prove.circom

@@ -6,8 +6,8 @@ include "../utils/passport/signatureAlgorithm.circom";
 include "../utils/passport/date/isValid.circom";
 // include "../utils/circomlib/hasher/poseidon/poseidon.circom";
 include "../utils/passport/passportVerifier.circom";
-include "../disclose/disclose.circom";
-include "../disclose/proveCountryIsNotInList.circom";
+include "../utils/passport/disclose/disclose.circom";
+include "../utils/passport/disclose/proveCountryIsNotInList.circom";
 include "../utils/passport/ofac/ofac_name.circom";
 
 template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, MAX_SIGNED_ATTR_PADDED_LEN, FORBIDDEN_COUNTRIES_LIST_LENGTH) {

circuits/circuits/utils/circomlib/signature/ecdsa.circom

@@ -0,0 +1,154 @@
+pragma circom  2.1.6;
+
+include "../ec/curve.circom";
+include "../ec/get.circom";
+include "../bigInt/bigInt.circom";
+
+// Here is ecdsa signature verification
+// For now, only 256 bit curves are allowed with chunking 64 4
+//--------------------------------------------------------------------------------------------------------------------------------
+// Use this one if you hash message in circuit (message is bits, not chunked int)!!!
+// signature[2] = [r, s] - signature
+// pubkey[2] = [x, y] - pubkey for signature
+// hashed[ALGO] = h - hashed message by some algo (typically sha-2 256 for 256 bit curves)
+// n is curve order
+// s_inv = s ^ -1 mod n
+// (x1, y1) = h * s_inv * G + r * s_inv * (x, y)
+// x1 === r
+template verifyECDSABits(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, ALGO){
+    assert(CHUNK_SIZE == 64 && CHUNK_NUMBER == 4);
+    
+    signal input pubkey[2][CHUNK_NUMBER];
+    signal input signature[2][CHUNK_NUMBER];
+    signal input hashed[ALGO];
+    signal input dummy;
+
+    signal hashedChunked[CHUNK_NUMBER];
+    
+    component bits2Num[CHUNK_NUMBER];
+    for (var i = 0; i < CHUNK_NUMBER; i++) {
+        bits2Num[i] = Bits2Num(CHUNK_SIZE);
+        for (var j = 0; j < CHUNK_SIZE; j++) {
+            bits2Num[i].in[CHUNK_SIZE - 1 - j] <== hashed[i * CHUNK_SIZE + j];
+        }
+        hashedChunked[CHUNK_NUMBER - 1 - i] <== bits2Num[i].out;
+    }
+    
+    component getOrder = EllipicCurveGetOrder(CHUNK_SIZE,CHUNK_NUMBER, A, B, P);
+    signal order[CHUNK_NUMBER];
+    order <== getOrder.order;
+    
+    // s_inv = s ^ -1 mod n
+    signal sinv[CHUNK_NUMBER];
+    
+    component modInv = BigModInvOptimised(CHUNK_SIZE, CHUNK_NUMBER);
+    
+    modInv.in <== signature[1];
+    modInv.modulus <== order;
+    modInv.dummy <== dummy;
+    modInv.out ==> sinv;
+    
+    // (s ^ -1 mod n) * h mod n
+    component mult = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);
+    mult.in[0] <== sinv;
+    mult.in[1] <== hashedChunked;
+    mult.in[2] <== order;
+    mult.dummy <== dummy;
+
+    // (s ^ -1 mod n) * r mod n
+    component mult2 = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);
+    mult2.in[0] <== sinv;
+    mult2.in[1] <== signature[0];
+    mult2.in[2] <== order;
+    mult2.dummy <== dummy;
+    
+    // h * s_inv * G
+    component scalarMult1 = EllipicCurveScalarGeneratorMultiplication(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
+    scalarMult1.scalar <== mult.out;
+    scalarMult1.dummy <== dummy;
+    
+    // r * s_inv * (x, y)
+    component scalarMult2 = EllipticCurvePipingerMult(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, 4);
+    scalarMult2.scalar <== mult2.out;
+    scalarMult2.in <== pubkey;
+    scalarMult2.dummy <== dummy;
+
+    // (x1, y1) = h * s_inv * G + r * s_inv * (x, y)
+    component add = EllipticCurveAdd(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
+    add.in1 <== scalarMult1.out;
+    add.in2 <== scalarMult2.out;
+    add.dummy <== dummy;
+
+    // x1 === r
+    for (var i = 0; i < CHUNK_NUMBER; i++){
+        add.out[0][i] === signature[0][i];
+    }
+}
+
+
+// Use this one if yours message is chunk bigint 
+// pubkey[2] = [x, y] - pubkey for signature
+// signature[2] = [r, s] - signature
+// hashed = h - hashed message 
+// n is curve order
+// s_inv = s ^ -1 mod n
+// (x1, y1) = h * s_inv * G + r * s_inv * (x, y)
+// x1 === r
+template verifyECDSABigInt(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
+    assert(CHUNK_SIZE == 64 && CHUNK_NUMBER == 4);
+    
+    signal input pubkey[2][CHUNK_NUMBER];
+    signal input signature[2][CHUNK_NUMBER];
+    signal input hashed[CHUNK_NUMBER];
+    signal input dummy;
+    
+    component getOrder = EllipicCurveGetOrder(CHUNK_SIZE,CHUNK_NUMBER, A, B, P);
+    signal order[CHUNK_NUMBER];
+    order <== getOrder.order;
+    
+    // s_inv = s ^ -1 mod n
+    signal sinv[CHUNK_NUMBER];
+    
+    component modInv = BigModInvOptimised(CHUNK_SIZE, CHUNK_NUMBER);
+    
+    modInv.in <== signature[1];
+    modInv.modulus <== order;
+    modInv.dummy <== dummy;
+    modInv.out ==> sinv;
+    
+    // (s ^ -1 mod n) * h mod n
+    component mult = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);
+    mult.in[0] <== sinv;
+    mult.in[1] <== hashed;
+    mult.in[2] <== order;
+    mult.dummy <== dummy;
+
+    // (s ^ -1 mod n) * r mod n
+    component mult2 = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);
+    mult2.in[0] <== sinv;
+    mult2.in[1] <== signature[0];
+    mult2.in[2] <== order;
+    mult2.dummy <== dummy;
+    
+    // h * s_inv * G
+    component scalarMult1 = EllipicCurveScalarGeneratorMultiplication(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
+    scalarMult1.scalar <== mult.out;
+    scalarMult1.dummy <== dummy;
+    
+    // r * s_inv * (x, y)
+    component scalarMult2 = EllipticCurvePipingerMult(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, 4);
+    scalarMult2.scalar <== mult2.out;
+    scalarMult2.in <== pubkey;
+    scalarMult2.dummy <== dummy;
+
+    // (x1, y1) = h * s_inv * G + r * s_inv * (x, y)
+    component add = EllipticCurveAdd(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
+    add.in1 <== scalarMult1.out;
+    add.in2 <== scalarMult2.out;
+    add.dummy <== dummy;
+
+    // x1 === r
+    for (var i = 0; i < CHUNK_NUMBER; i++){
+        add.out[0][i] === signature[0][i];
+    }
+}

circuits/circuits/utils/passport/disclose/disclose.circom

@@ -1,7 +1,7 @@
 pragma circom 2.1.9;
 
-include "../utils/circomlib/utils/bytes.circom";
-include "../utils/passport/date/isOlderThan.circom";
+include "../../circomlib/utils/bytes.circom";
+include "../date/isOlderThan.circom";
 
 template DISCLOSE() {
     signal input dg1[93];

circuits/circuits/utils/passport/disclose/proveCountryIsNotInList.circom

@@ -1,7 +1,7 @@
 pragma circom 2.1.5;
 
-include "../utils/circomlib/bitify/comparators.circom";
-include "../utils/circomlib/utils/bytes.circom";
+include "../../circomlib/bitify/comparators.circom";
+include "../../circomlib/utils/bytes.circom";
 
 template ProveCountryIsNotInList(forbiddenCountriesListLength) {
     signal input dg1[93];

circuits/circuits/utils/passport/disclose/verify_commitment.circom

@@ -1,8 +1,8 @@
 pragma circom 2.1.9;
 
-include "../utils/circomlib/utils/bytes.circom";
-include "../utils/circomlib/merkle-trees/binary-merkle-root.circom";
-include "../utils/passport/computeCommitment.circom";
+include "../../circomlib/utils/bytes.circom";
+include "../../circomlib/merkle-trees/binary-merkle-root.circom";
+include "../computeCommitment.circom";
 
 template VERIFY_COMMITMENT( nLevels) {
 

circuits/err.log

@@ -1,35 +0,0 @@
-warning[P1004]: File "/home/ayman/openpassport/openpassport/circuits/circuits/utils/rsa/rsa.circom" does not include pragma version. Assuming pragma version (2, 1, 9)
- = At the beginning of file "/home/ayman/openpassport/openpassport/circuits/circuits/utils/rsa/rsa.circom", you should add the directive "pragma circom <Version>", to indicate which compiler version you are using.
-
-warning[P1004]: File "/home/ayman/openpassport/openpassport/circuits/circuits/utils/rsapss/rsapss.circom" does not include pragma version. Assuming pragma version (2, 1, 9)
- = At the beginning of file "/home/ayman/openpassport/openpassport/circuits/circuits/utils/rsapss/rsapss.circom", you should add the directive "pragma circom <Version>", to indicate which compiler version you are using.
-
-warning[P1004]: File "/home/ayman/openpassport/openpassport/circuits/circuits/utils/rsa/rsaPkcs1.circom" does not include pragma version. Assuming pragma version (2, 1, 9)
- = At the beginning of file "/home/ayman/openpassport/openpassport/circuits/circuits/utils/rsa/rsaPkcs1.circom", you should add the directive "pragma circom <Version>", to indicate which compiler version you are using.
-
-error[T2046]: Typing error found
-   ┌─ "/home/ayman/openpassport/openpassport/circuits/circuits/utils/passport/customHashers.circom":19:17
-   │
-19 │                 hash[i].inputs[j] <== in[i * 16 + j];
-   │                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Signal not found in component: only accesses to input/output signals are allowed
-
-error[T2046]: Typing error found
-   ┌─ "/home/ayman/openpassport/openpassport/circuits/circuits/utils/passport/customHashers.circom":21:17
-   │
-21 │                 hash[i].inputs[j] <== 0;
-   │                 ^^^^^^^^^^^^^^^^^^^^^^^ Signal not found in component: only accesses to input/output signals are allowed
-
-error[T2046]: Typing error found
-   ┌─ "/home/ayman/openpassport/openpassport/circuits/circuits/utils/passport/customHashers.circom":28:9
-   │
-28 │         finalHash.inputs[i] <== hash[i].out;
-   │         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Signal not found in component: only accesses to input/output signals are allowed
-
-error[T2000]: Typing error found
-   ┌─ "/home/ayman/openpassport/openpassport/circuits/circuits/dsc/openpassport_dsc.circom":47:9
-   │
-47 │         raw_dsc_cert_bits[i * 8] <== Num2Bits(8)(raw_dsc_cert[i]);
-   │         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Assignee and assigned types do not match. 
- Expected dimensions: 0, found 1
-
-previous errors were found