github/self
1
1
Fork 0
mirror of https://github.com/selfxyz/self.git synced 2026-04-27 03:01:15 -04:00
Code Issues Packages Projects Releases Wiki Activity

remove dummy inputs

Browse Source
This commit is contained in:
turnoffthiscomputer
2024-12-18 16:29:48 +01:00
parent 84478e8135
commit f79a14af9d
55 changed files with 74 additions and 534 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
circuits/circuits/disclose/vc_and_disclose.circom
View File

@@ -48,7 +48,6 @@ template VC_AND_DISCLOSE( nLevels,FORBIDDEN_COUNTRIES_LIST_LENGTH) {
component poseidon_nullifier = PoseidonHash(2);
poseidon_nullifier.in[0] <== secret;
poseidon_nullifier.in[1] <== scope;
poseidon_nullifier.dummy <== 0;
signal output nullifier <== poseidon_nullifier.out;
signal output revealedData_packed[3] <== disclose.revealedData_packed;
signal output older_than[2] <== disclose.older_than;

5
circuits/circuits/dsc/openpassport_dsc.circom
View File

@@ -34,7 +34,6 @@ template OPENPASSPORT_DSC(signatureAlgorithm, n_dsc, k_dsc, n_csca, k_csca, max_
signal input path[nLevels];
signal input siblings[nLevels];
signal dummy <== 0;
// leaf
signal leaf <== LeafHasher(kScaled)(csca_pubKey, signatureAlgorithm);
@@ -45,7 +44,7 @@ template OPENPASSPORT_DSC(signatureAlgorithm, n_dsc, k_dsc, n_csca, k_csca, max_
// verify certificate signature
signal hashedCertificate[hashLength] <== ShaBytesDynamic(hashLength, max_cert_bytes)(raw_dsc_cert, raw_dsc_cert_padded_bytes);
SignatureVerifier(signatureAlgorithm, n_csca, k_csca)(hashedCertificate, csca_pubKey, signature, dummy);
SignatureVerifier(signatureAlgorithm, n_csca, k_csca)(hashedCertificate, csca_pubKey, signature);
// verify DSC csca_pubKey
component shiftLeft = VarShiftLeft(max_cert_bytes, dscPubkeyBytesLength); // use select subarray for dscPubKey variable length
@@ -59,6 +58,6 @@ template OPENPASSPORT_DSC(signatureAlgorithm, n_dsc, k_dsc, n_csca, k_csca, max_
// blinded dsc commitment
signal pubkeyHash <== CustomHasher(k_dsc)(dsc_pubKey);
signal output blinded_dsc_commitment <== PoseidonHash(2)([secret, pubkeyHash], 0);
signal output blinded_dsc_commitment <== PoseidonHash(2)([secret, pubkeyHash]);
}

6
circuits/circuits/prove/openpassport_prove.circom
View File

@@ -47,7 +47,6 @@ template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, M
signal input secret;
signal input dsc_secret;
signal dummy <== 0;
signal attestation_id <== 1;
@@ -59,7 +58,7 @@ template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, M
isWrongSelectorMode === 0;
// verify passport signature
PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, MAX_SIGNED_ATTR_PADDED_LEN)(dg1,dg1_hash_offset, dg2_hash, eContent,eContent_padded_length, signed_attr, signed_attr_padded_length, signed_attr_econtent_hash_offset, pubKey, signature, dummy);
PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, MAX_SIGNED_ATTR_PADDED_LEN)(dg1,dg1_hash_offset, dg2_hash, eContent,eContent_padded_length, signed_attr, signed_attr_padded_length, signed_attr_econtent_hash_offset, pubKey, signature);
// verify passport is not expired
component isValid = IsValid();
isValid.currDate <== current_date;
@@ -72,7 +71,6 @@ template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, M
component poseidon_hasher = PoseidonHash(2);
poseidon_hasher.in[0] <== signatureHashed;
poseidon_hasher.in[1] <== scope;
poseidon_hasher.dummy <== 0;
signal output nullifier <== poseidon_hasher.out;
// DISCLOSE (optional)
@@ -116,6 +114,6 @@ template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, M
signal output commitment <== commitmentPrivate * selectorModeCommitment;
// // blinded dsc commitment
signal pubkeyHash <== CustomHasher(kScaled)(pubKey);
signal blindedDscCommitmenPrivate <== PoseidonHash(2)([dsc_secret, pubkeyHash],0);
signal blindedDscCommitmenPrivate <== PoseidonHash(2)([dsc_secret, pubkeyHash]);
signal output blinded_dsc_commitment <== blindedDscCommitmenPrivate * selectorModeBlindedDscCommitment;
}

3
circuits/circuits/tests/utils/rsa/test_rsa_sha1_65537_2048.circom
View File

@@ -7,9 +7,8 @@ template VerifyRsaPkcs1v1_5Tester() {
signal input modulus[32];
signal input message[32];
signal input dummy;
VerifyRsaPkcs1v1_5(3, 64, 32, 65537, 160)(signature, modulus, message, dummy);
VerifyRsaPkcs1v1_5(3, 64, 32, 65537, 160)(signature, modulus, message);
}
component main = VerifyRsaPkcs1v1_5Tester();

3
circuits/circuits/tests/utils/rsa/test_rsa_sha256_3_2048.circom
View File

@@ -7,9 +7,8 @@ template VerifyRsaPkcs1v1_5Tester() {
signal input modulus[32];
signal input message[32];
signal input dummy;
VerifyRsaPkcs1v1_5(13, 64, 32, 3, 256)(signature, modulus, message, dummy);
VerifyRsaPkcs1v1_5(13, 64, 32, 3, 256)(signature, modulus, message);
}
component main = VerifyRsaPkcs1v1_5Tester();

3
circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_2048.circom
View File

@@ -7,9 +7,8 @@ template VerifyRsaPkcs1v1_5Tester() {
signal input modulus[32];
signal input message[32];
signal input dummy;
VerifyRsaPkcs1v1_5(1, 64, 32, 65537, 256)(signature, modulus, message, dummy);
VerifyRsaPkcs1v1_5(1, 64, 32, 65537, 256)(signature, modulus, message);
}
component main = VerifyRsaPkcs1v1_5Tester();

3
circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_3072.circom
View File

@@ -7,9 +7,8 @@ template VerifyRsaPkcs1v1_5Tester() {
signal input modulus[32];
signal input message[32];
signal input dummy;
VerifyRsaPkcs1v1_5(14, 96, 32, 65537, 256)(signature, modulus, message, dummy);
VerifyRsaPkcs1v1_5(14, 96, 32, 65537, 256)(signature, modulus, message);
}
component main = VerifyRsaPkcs1v1_5Tester();

3
circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_4096.circom
View File

@@ -7,9 +7,8 @@ template VerifyRsaPkcs1v1_5Tester() {
signal input modulus[64];
signal input message[64];
signal input dummy;
VerifyRsaPkcs1v1_5(10, 64, 64, 65537, 256)(signature, modulus, message, dummy);
VerifyRsaPkcs1v1_5(10, 64, 64, 65537, 256)(signature, modulus, message);
}
component main = VerifyRsaPkcs1v1_5Tester();

3
circuits/circuits/tests/utils/rsa/test_rsa_sha512_65537_4096.circom
View File

@@ -7,9 +7,8 @@ template VerifyRsaPkcs1v1_5Tester() {
signal input modulus[64];
signal input message[64];
signal input dummy;
VerifyRsaPkcs1v1_5(15, 64, 64, 65537, 512)(signature, modulus, message, dummy);
VerifyRsaPkcs1v1_5(15, 64, 64, 65537, 512)(signature, modulus, message);
}
component main = VerifyRsaPkcs1v1_5Tester();

78
circuits/circuits/utils/circomlib/bigInt/bigInt.circom
View File

@@ -47,10 +47,9 @@ template BigAddNoCarry(CHUNK_SIZE, CHUNK_NUMBER){
signal input in[2][CHUNK_NUMBER];
signal output out[CHUNK_NUMBER];
signal input dummy;
for (var i = 0; i < CHUNK_NUMBER; i++){
out[i] <== in[0][i] + in[1][i] + dummy * dummy;
out[i] <== in[0][i] + in[1][i];
}
}
@@ -60,11 +59,9 @@ template BigAdd(CHUNK_SIZE, CHUNK_NUMBER){
signal input in[2][CHUNK_NUMBER];
signal output out[CHUNK_NUMBER + 1];
signal input dummy;
component bigAddNoCarry = BigAddNoCarry(CHUNK_SIZE, CHUNK_NUMBER);
bigAddNoCarry.in <== in;
bigAddNoCarry.dummy <== dummy;
component num2bits[CHUNK_NUMBER];
@@ -75,16 +72,16 @@ template BigAdd(CHUNK_SIZE, CHUNK_NUMBER){
if (i == 0){
num2bits[i].in <== bigAddNoCarry.out[i];
} else {
num2bits[i].in <== bigAddNoCarry.out[i] + num2bits[i - 1].out[CHUNK_SIZE] + dummy * dummy;
num2bits[i].in <== bigAddNoCarry.out[i] + num2bits[i - 1].out[CHUNK_SIZE];
}
}
for (var i = 0; i < CHUNK_NUMBER; i++){
if (i == 0) {
out[i] <== bigAddNoCarry.out[i] - (num2bits[i].out[CHUNK_SIZE]) * (2 ** CHUNK_SIZE) + dummy * dummy;
out[i] <== bigAddNoCarry.out[i] - (num2bits[i].out[CHUNK_SIZE]) * (2 ** CHUNK_SIZE);
}
else {
out[i] <== bigAddNoCarry.out[i] - (num2bits[i].out[CHUNK_SIZE]) * (2 ** CHUNK_SIZE) + num2bits[i - 1].out[CHUNK_SIZE] + dummy * dummy;
out[i] <== bigAddNoCarry.out[i] - (num2bits[i].out[CHUNK_SIZE]) * (2 ** CHUNK_SIZE) + num2bits[i - 1].out[CHUNK_SIZE];
}
}
out[CHUNK_NUMBER] <== num2bits[CHUNK_NUMBER - 1].out[CHUNK_SIZE];
@@ -97,7 +94,6 @@ template BigMultNoCarry(CHUNK_SIZE, CHUNK_NUMBER){
assert(CHUNK_SIZE <= 126);
signal input in[2][CHUNK_NUMBER];
signal input dummy;
signal output out[CHUNK_NUMBER * 2 - 1];
signal tmpMults[CHUNK_NUMBER][CHUNK_NUMBER];
@@ -127,7 +123,7 @@ template BigMultNoCarry(CHUNK_SIZE, CHUNK_NUMBER){
if (j == 0){
tmpResult[i][j] <== tmpMults[i - j][j];
} else {
tmpResult[i][j] <== tmpMults[i - j][j] + tmpResult[i][j - 1] + dummy * dummy;
tmpResult[i][j] <== tmpMults[i - j][j] + tmpResult[i][j - 1];
}
}
out[i] <== tmpResult[i][i];
@@ -137,7 +133,7 @@ template BigMultNoCarry(CHUNK_SIZE, CHUNK_NUMBER){
if (j == 0){
tmpResult[i][j] <== tmpMults[CHUNK_NUMBER - 1 - j][i + j - CHUNK_NUMBER + 1];
} else {
tmpResult[i][j] <== tmpMults[CHUNK_NUMBER - 1 - j][i + j - CHUNK_NUMBER + 1] + tmpResult[i][j - 1] + dummy * dummy;
tmpResult[i][j] <== tmpMults[CHUNK_NUMBER - 1 - j][i + j - CHUNK_NUMBER + 1] + tmpResult[i][j - 1];
}
}
out[i] <== tmpResult[i][2 * CHUNK_NUMBER - 2 - i];
@@ -151,15 +147,12 @@ template BigMultNoCarry(CHUNK_SIZE, CHUNK_NUMBER){
template BigMult(CHUNK_SIZE, CHUNK_NUMBER){
signal input in[2][CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
signal output out[CHUNK_NUMBER * 2];
component bigMultNoCarry = BigMultNoCarry(CHUNK_SIZE, CHUNK_NUMBER);
bigMultNoCarry.in <== in;
bigMultNoCarry.dummy <== dummy;
component num2bits[CHUNK_NUMBER * 2 - 1];
component bits2numOverflow[CHUNK_NUMBER * 2 - 1];
@@ -179,7 +172,7 @@ template BigMult(CHUNK_SIZE, CHUNK_NUMBER){
if (i == 0){
num2bits[i].in <== bigMultNoCarry.out[i];
} else {
num2bits[i].in <== dummy * dummy + bigMultNoCarry.out[i] + bits2numOverflow[i - 1].out;
num2bits[i].in <== bigMultNoCarry.out[i] + bits2numOverflow[i - 1].out;
}
bits2numOverflow[i] = Bits2Num(CHUNK_SIZE + ADDITIONAL_LEN);
@@ -206,15 +199,12 @@ template BigMult(CHUNK_SIZE, CHUNK_NUMBER){
// use only for CHUNK_NUMBER == 2 ** x
template BigMultOptimised(CHUNK_SIZE, CHUNK_NUMBER){
signal input dummy;
signal input in[2][CHUNK_NUMBER];
signal output out[CHUNK_NUMBER * 2];
component karatsuba = KaratsubaNoCarry(CHUNK_NUMBER);
karatsuba.in <== in;
karatsuba.dummy <== dummy;
dummy * dummy === 0;
component getLastNBits[CHUNK_NUMBER * 2 - 1];
component bits2Num[CHUNK_NUMBER * 2 - 1];
@@ -245,7 +235,6 @@ template BigMod(CHUNK_SIZE, CHUNK_NUMBER){
signal input base[CHUNK_NUMBER * 2];
signal input modulus[CHUNK_NUMBER];
signal input dummy;
var long_division[2][200] = long_div(CHUNK_SIZE, CHUNK_NUMBER, CHUNK_NUMBER, base, modulus);
@@ -265,7 +254,6 @@ template BigMod(CHUNK_SIZE, CHUNK_NUMBER){
multChecks.in1 <== div;
multChecks.in2 <== modulus;
multChecks.dummy <== dummy;
component greaterThan = BigGreaterThan(CHUNK_SIZE, CHUNK_NUMBER);
@@ -279,7 +267,6 @@ template BigMod(CHUNK_SIZE, CHUNK_NUMBER){
bigAddCheck.in1 <== multChecks.out;
bigAddCheck.in2 <== mod;
bigAddCheck.dummy <== dummy;
component smartEqual = SmartEqual(CHUNK_SIZE, CHUNK_NUMBER * 2 + 2);
@@ -289,7 +276,6 @@ template BigMod(CHUNK_SIZE, CHUNK_NUMBER){
}
smartEqual.in[1][CHUNK_NUMBER * 2] <== 0;
smartEqual.in[1][CHUNK_NUMBER * 2 + 1] <== 0;
smartEqual.dummy <== dummy;
smartEqual.out === 1;
}
@@ -300,17 +286,14 @@ template BigMod(CHUNK_SIZE, CHUNK_NUMBER){
template BigMultModP(CHUNK_SIZE, CHUNK_NUMBER){
signal input in[3][CHUNK_NUMBER];
signal output out[CHUNK_NUMBER];
signal input dummy;
component bigMult = BigMultOptimised(CHUNK_SIZE, CHUNK_NUMBER);
bigMult.in[0] <== in[0];
bigMult.in[1] <== in[1];
bigMult.dummy <== dummy;
component bigMod = BigMod(CHUNK_SIZE, CHUNK_NUMBER);
bigMod.base <== bigMult.out;
bigMod.modulus <== in[2];
bigMod.dummy <== dummy;
out <== bigMod.mod;
}
@@ -321,17 +304,14 @@ template BigMultModP(CHUNK_SIZE, CHUNK_NUMBER){
template BigMultModPNonOptimised(CHUNK_SIZE, CHUNK_NUMBER){
signal input in[3][CHUNK_NUMBER];
signal output out[CHUNK_NUMBER];
signal input dummy;
component bigMult = BigMult(CHUNK_SIZE, CHUNK_NUMBER);
bigMult.in[0] <== in[0];
bigMult.in[1] <== in[1];
bigMult.dummy <== dummy;
component bigMod = BigMod(CHUNK_SIZE, CHUNK_NUMBER);
bigMod.base <== bigMult.out;
bigMod.modulus <== in[2];
bigMod.dummy <== dummy;
out <== bigMod.mod;
}
@@ -345,10 +325,9 @@ template BigSubNoBorrow(CHUNK_SIZE, CHUNK_NUMBER){
signal input in[2][CHUNK_NUMBER];
signal output out[CHUNK_NUMBER];
signal input dummy;
for (var i = 0; i < CHUNK_NUMBER; i++){
out[i] <== in[0][i] - in[1][i] + dummy * dummy;
out[i] <== in[0][i] - in[1][i];
}
}
@@ -358,10 +337,8 @@ template BigSubNoBorrow(CHUNK_SIZE, CHUNK_NUMBER){
template BigSub(CHUNK_SIZE, CHUNK_NUMBER){
signal input in[2][CHUNK_NUMBER];
signal output out[CHUNK_NUMBER];
signal input dummy;
component bigSubNoBorrow = BigSubNoBorrow(CHUNK_SIZE, CHUNK_NUMBER);
bigSubNoBorrow.in <== in;
bigSubNoBorrow.dummy <== dummy;
component lessThan[CHUNK_NUMBER];
for (var i = 0; i < CHUNK_NUMBER; i++){
@@ -369,11 +346,11 @@ template BigSub(CHUNK_SIZE, CHUNK_NUMBER){
lessThan[i].in[1] <== 2 ** CHUNK_SIZE;
if (i == 0){
lessThan[i].in[0] <== bigSubNoBorrow.out[i] + 2 ** CHUNK_SIZE + dummy * dummy;
out[i] <== bigSubNoBorrow.out[i] + (2 ** CHUNK_SIZE) * (lessThan[i].out) + dummy * dummy;
lessThan[i].in[0] <== bigSubNoBorrow.out[i] + 2 ** CHUNK_SIZE;
out[i] <== bigSubNoBorrow.out[i] + (2 ** CHUNK_SIZE) * (lessThan[i].out);
} else {
lessThan[i].in[0] <== bigSubNoBorrow.out[i] - lessThan[i - 1].out + 2 ** CHUNK_SIZE + dummy * dummy;
out[i] <== bigSubNoBorrow.out[i] + (2 ** CHUNK_SIZE) * (lessThan[i].out) - lessThan[i - 1].out + dummy * dummy;
lessThan[i].in[0] <== bigSubNoBorrow.out[i] - lessThan[i - 1].out + 2 ** CHUNK_SIZE;
out[i] <== bigSubNoBorrow.out[i] + (2 ** CHUNK_SIZE) * (lessThan[i].out) - lessThan[i - 1].out;
}
}
}
@@ -386,7 +363,6 @@ template PowerMod(CHUNK_SIZE, CHUNK_NUMBER, EXP) {
signal input base[CHUNK_NUMBER];
signal input modulus[CHUNK_NUMBER];
signal input dummy;
signal output out[CHUNK_NUMBER];
@@ -397,13 +373,11 @@ template PowerMod(CHUNK_SIZE, CHUNK_NUMBER, EXP) {
for (var i = 0; i < exp_process[0]; i++){
muls[i] = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);
muls[i].dummy <== dummy;
muls[i].in[2] <== modulus;
}
for (var i = 0; i < exp_process[1] - 1; i++){
resultMuls[i] = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);
resultMuls[i].dummy <== dummy;
resultMuls[i].in[2] <== modulus;
}
@@ -447,8 +421,6 @@ template BigModInvOptimised(CHUNK_SIZE, CHUNK_NUMBER) {
signal input modulus[CHUNK_NUMBER];
signal output out[CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
var inv[200] = mod_inv(CHUNK_SIZE, CHUNK_NUMBER, in, modulus);
for (var i = 0; i < CHUNK_NUMBER; i++) {
@@ -459,7 +431,6 @@ template BigModInvOptimised(CHUNK_SIZE, CHUNK_NUMBER) {
mult.in[0] <== in;
mult.in[1] <== out;
mult.in[2] <== modulus;
mult.dummy <== dummy;
mult.out[0] === 1;
for (var i = 1; i < CHUNK_NUMBER; i++) {
@@ -476,7 +447,6 @@ template BigAddNonEqual(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS){
signal input in1[CHUNK_NUMBER_GREATER];
signal input in2[CHUNK_NUMBER_LESS];
signal input dummy;
signal output out[CHUNK_NUMBER_GREATER + 1];
@@ -489,7 +459,6 @@ template BigAddNonEqual(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS){
bigAdd.in[0][i] <== in1[i];
bigAdd.in[1][i] <== 0;
}
bigAdd.dummy <== dummy;
out <== bigAdd.out;
}
@@ -504,7 +473,6 @@ template BigMultNoCarryNonEqual(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_L
signal input in1[CHUNK_NUMBER_GREATER];
signal input in2[CHUNK_NUMBER_LESS];
signal input dummy;
signal output out[CHUNK_NUMBER_GREATER + CHUNK_NUMBER_LESS - 1];
@@ -539,7 +507,7 @@ template BigMultNoCarryNonEqual(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_L
if (j == 0){
tmpResult[i][j] <== tmpMults[i - j][j];
} else {
tmpResult[i][j] <== tmpMults[i - j][j] + tmpResult[i][j - 1] + dummy * dummy;
tmpResult[i][j] <== tmpMults[i - j][j] + tmpResult[i][j - 1];
}
}
out[i] <== tmpResult[i][i];
@@ -550,7 +518,7 @@ template BigMultNoCarryNonEqual(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_L
if (j == 0){
tmpResult[i][j] <== tmpMults[i - j][j];
} else {
tmpResult[i][j] <== tmpMults[i - j][j] + tmpResult[i][j - 1] + dummy * dummy;
tmpResult[i][j] <== tmpMults[i - j][j] + tmpResult[i][j - 1];
}
}
out[i] <== tmpResult[i][CHUNK_NUMBER_LESS - 1];
@@ -576,7 +544,6 @@ template BigMultNonEqual(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS){
signal input in1[CHUNK_NUMBER_GREATER];
signal input in2[CHUNK_NUMBER_LESS];
signal input dummy;
signal output out[CHUNK_NUMBER_GREATER + CHUNK_NUMBER_LESS];
var isPowerOfTwo = 0;
for (var i = 0; i < CHUNK_NUMBER_GREATER; i++){
@@ -585,12 +552,10 @@ template BigMultNonEqual(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS){
}
}
if (isPowerOfTwo == 0){
dummy * dummy === 0;
component bigMultNoCarry = BigMultNoCarryNonEqual(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS);
bigMultNoCarry.in1 <== in1;
bigMultNoCarry.in2 <== in2;
bigMultNoCarry.dummy <== dummy;
component num2bits[CHUNK_NUMBER_GREATER + CHUNK_NUMBER_LESS - 1];
component bits2numOverflow[CHUNK_NUMBER_GREATER + CHUNK_NUMBER_LESS - 1];
@@ -614,7 +579,7 @@ template BigMultNonEqual(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS){
if (i == 0){
num2bits[i].in <== bigMultNoCarry.out[i];
} else {
num2bits[i].in <== bigMultNoCarry.out[i] + bits2numOverflow[i - 1].out + dummy * dummy;
num2bits[i].in <== bigMultNoCarry.out[i] + bits2numOverflow[i - 1].out;
}
bits2numOverflow[i] = Bits2Num(CHUNK_SIZE + ADDITIONAL_LEN);
@@ -644,7 +609,6 @@ template BigMultNonEqual(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS){
bigMult.in[0][i] <== in1[i];
bigMult.in[1][i] <== 0;
}
bigMult.dummy <== dummy;
for (var i = 0; i < CHUNK_NUMBER_LESS + CHUNK_NUMBER_GREATER; i++){
out[i] <== bigMult.out[i];
}
@@ -677,7 +641,6 @@ template BigModNonEqual(CHUNK_SIZE, CHUNK_NUMBER_BASE, CHUNK_NUMBER_MODULUS){
signal input base[CHUNK_NUMBER_BASE];
signal input modulus[CHUNK_NUMBER_MODULUS];
signal input dummy;
var long_division[2][200] = long_div(CHUNK_SIZE, CHUNK_NUMBER_MODULUS, CHUNK_NUMBER_DIV - 1, base, modulus);
@@ -698,13 +661,11 @@ template BigModNonEqual(CHUNK_SIZE, CHUNK_NUMBER_BASE, CHUNK_NUMBER_MODULUS){
multChecks.in1 <== div;
multChecks.in2 <== modulus;
multChecks.dummy <== dummy;
} else {
multChecks = BigMultNonEqual(CHUNK_SIZE, CHUNK_NUMBER_MODULUS, CHUNK_NUMBER_DIV);
multChecks.in2 <== div;
multChecks.in1 <== modulus;
multChecks.dummy <== dummy;
}
component greaterThan = BigGreaterThan(CHUNK_SIZE, CHUNK_NUMBER_MODULUS);
@@ -719,7 +680,6 @@ template BigModNonEqual(CHUNK_SIZE, CHUNK_NUMBER_BASE, CHUNK_NUMBER_MODULUS){
bigAddCheck.in1 <== multChecks.out;
bigAddCheck.in2 <== mod;
bigAddCheck.dummy <== dummy;
component smartEqual = SmartEqual(CHUNK_SIZE, CHUNK_NUMBER_BASE + 2);
smartEqual.in[0] <== bigAddCheck.out;
@@ -728,7 +688,6 @@ template BigModNonEqual(CHUNK_SIZE, CHUNK_NUMBER_BASE, CHUNK_NUMBER_MODULUS){
}
smartEqual.in[1][CHUNK_NUMBER_BASE] <== 0;
smartEqual.in[1][CHUNK_NUMBER_BASE + 1] <== 0;
smartEqual.dummy <== dummy;
smartEqual.out === 1;
}
@@ -740,20 +699,16 @@ template BigMultModPNonEqual(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS
signal input in1[CHUNK_NUMBER_GREATER];
signal input in2[CHUNK_NUMBER_LESS];
signal input modulus[CHUNK_NUMBER_MODULUS];
signal input dummy;
dummy * dummy === 0;
signal output out[CHUNK_NUMBER_MODULUS];
component bigMult = BigMultNonEqual(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS);
bigMult.in1 <== in1;
bigMult.in2 <== in2;
bigMult.dummy <== dummy;
component bigMod = BigModNonEqual(CHUNK_SIZE, CHUNK_NUMBER_GREATER + CHUNK_NUMBER_LESS, CHUNK_NUMBER_MODULUS);
bigMod.base <== bigMult.out;
bigMod.modulus <== modulus;
bigMod.dummy <== dummy;
out <== bigMod.mod;
}
@@ -801,7 +756,6 @@ template PowerModNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, EXP) {
signal input base[CHUNK_NUMBER];
signal input modulus[CHUNK_NUMBER];
signal input dummy;
signal output out[CHUNK_NUMBER];
@@ -812,13 +766,11 @@ template PowerModNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, EXP) {
for (var i = 0; i < exp_process[0]; i++){
muls[i] = BigMultModPNonOptimised(CHUNK_SIZE, CHUNK_NUMBER);
muls[i].dummy <== dummy;
muls[i].in[2] <== modulus;
}
for (var i = 0; i < exp_process[1] - 1; i++){
resultMuls[i] = BigMultModPNonOptimised(CHUNK_SIZE, CHUNK_NUMBER);
resultMuls[i].dummy <== dummy;
resultMuls[i].in[2] <== modulus;
}

51
circuits/circuits/utils/circomlib/bigInt/bigIntOverflow.circom
View File

@@ -27,12 +27,10 @@ template BigAddOverflow(CHUNK_SIZE, CHUNK_NUMBER){
signal input in[2][CHUNK_NUMBER];
signal output out[CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
for (var i = 0; i < CHUNK_NUMBER; i++){
out[i] <== in[0][i] + in[1][i] + dummy * dummy;
out[i] <== in[0][i] + in[1][i];
}
}
@@ -42,13 +40,12 @@ template BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_L
signal input in1[CHUNK_NUMBER_GREATER];
signal input in2[CHUNK_NUMBER_LESS];
signal output out[CHUNK_NUMBER_GREATER];
signal input dummy;
for (var i = 0; i < CHUNK_NUMBER_LESS; i++){
out[i] <== in1[i] + in2[i] + dummy * dummy;
out[i] <== in1[i] + in2[i];
}
for (var i = CHUNK_NUMBER_LESS; i < CHUNK_NUMBER_GREATER; i++){
out[i] <== in1[i] + dummy * dummy;
out[i] <== in1[i];
}
}
@@ -60,7 +57,6 @@ template BigMultOverflow(CHUNK_SIZE, CHUNK_NUMBER){
assert(CHUNK_SIZE <= 126);
signal input in[2][CHUNK_NUMBER];
signal input dummy;
signal output out[CHUNK_NUMBER * 2 - 1];
signal tmpMults[CHUNK_NUMBER][CHUNK_NUMBER];
@@ -90,7 +86,7 @@ template BigMultOverflow(CHUNK_SIZE, CHUNK_NUMBER){
if (j == 0){
tmpResult[i][j] <== tmpMults[i - j][j];
} else {
tmpResult[i][j] <== tmpMults[i - j][j] + tmpResult[i][j - 1] + dummy * dummy;
tmpResult[i][j] <== tmpMults[i - j][j] + tmpResult[i][j - 1];
}
}
out[i] <== tmpResult[i][i];
@@ -100,7 +96,7 @@ template BigMultOverflow(CHUNK_SIZE, CHUNK_NUMBER){
if (j == 0){
tmpResult[i][j] <== tmpMults[CHUNK_NUMBER - 1 - j][i + j - CHUNK_NUMBER + 1];
} else {
tmpResult[i][j] <== tmpMults[CHUNK_NUMBER - 1 - j][i + j - CHUNK_NUMBER + 1] + tmpResult[i][j - 1] + dummy * dummy;
tmpResult[i][j] <== tmpMults[CHUNK_NUMBER - 1 - j][i + j - CHUNK_NUMBER + 1] + tmpResult[i][j - 1];
}
}
out[i] <== tmpResult[i][2 * CHUNK_NUMBER - 2 - i];
@@ -117,12 +113,10 @@ template BigMultOptimisedOverflow(CHUNK_SIZE, CHUNK_NUMBER){
assert(CHUNK_SIZE <= 126);
signal input in[2][CHUNK_NUMBER];
signal input dummy;
signal output out[CHUNK_NUMBER * 2 - 1];
component karatsuba = KaratsubaNoCarry(CHUNK_NUMBER);
karatsuba.in <== in;
karatsuba.dummy <== dummy;
for (var i = 0; i < CHUNK_NUMBER * 2 - 1; i++){
out[i] <== karatsuba.out[i];
}
@@ -137,7 +131,6 @@ template BigMultNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_
signal input in1[CHUNK_NUMBER_GREATER];
signal input in2[CHUNK_NUMBER_LESS];
signal input dummy;
signal output out[CHUNK_NUMBER_GREATER + CHUNK_NUMBER_LESS - 1];
@@ -172,7 +165,7 @@ template BigMultNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_
if (j == 0){
tmpResult[i][j] <== tmpMults[i - j][j];
} else {
tmpResult[i][j] <== tmpMults[i - j][j] + tmpResult[i][j - 1] + dummy * dummy;
tmpResult[i][j] <== tmpMults[i - j][j] + tmpResult[i][j - 1];
}
}
out[i] <== tmpResult[i][i];
@@ -183,7 +176,7 @@ template BigMultNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_
if (j == 0){
tmpResult[i][j] <== tmpMults[i - j][j];
} else {
tmpResult[i][j] <== tmpMults[i - j][j] + tmpResult[i][j - 1] + dummy * dummy;
tmpResult[i][j] <== tmpMults[i - j][j] + tmpResult[i][j - 1];
}
}
out[i] <== tmpResult[i][CHUNK_NUMBER_LESS - 1];
@@ -209,19 +202,16 @@ template BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER_BASE, CHUNK_NUMBER_MODULUS, OVE
signal input base[CHUNK_NUMBER_BASE];
signal input modulus[CHUNK_NUMBER_MODULUS];
signal input dummy;
signal output mod[CHUNK_NUMBER_MODULUS];
signal output div[CHUNK_NUMBER_BASE + OVERFLOW_SHIFT - CHUNK_NUMBER_MODULUS + 1];
component reduce = RemoveOverflow(CHUNK_SIZE, CHUNK_NUMBER_BASE, CHUNK_NUMBER_BASE + OVERFLOW_SHIFT);
reduce.in <== base;
reduce.dummy <== dummy;
component bigMod = BigModNonEqual(CHUNK_SIZE, CHUNK_NUMBER_BASE + OVERFLOW_SHIFT, CHUNK_NUMBER_MODULUS);
bigMod.base <== reduce.out;
bigMod.modulus <== modulus;
bigMod.dummy <== dummy;
bigMod.mod ==> mod;
bigMod.div ==> div;
@@ -235,12 +225,9 @@ template BigModInvOverflow(CHUNK_SIZE, CHUNK_NUMBER_BASE, CHUNK_NUMBER) {
signal input modulus[CHUNK_NUMBER];
signal output out[CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
component reduce = RemoveOverflow(CHUNK_SIZE, CHUNK_NUMBER_BASE, CHUNK_NUMBER_BASE + 1);
reduce.in <== in;
reduce.dummy <== dummy;
var div_res[2][200] = long_div(CHUNK_SIZE, CHUNK_NUMBER, (CHUNK_NUMBER_BASE + 1 - CHUNK_NUMBER), reduce.out, modulus);
var mod[CHUNK_NUMBER];
@@ -257,7 +244,6 @@ template BigModInvOverflow(CHUNK_SIZE, CHUNK_NUMBER_BASE, CHUNK_NUMBER) {
mult.in1 <== reduce.out;
mult.in2 <== out;
mult.modulus <== modulus;
mult.dummy <== dummy;
mult.out[0] === 1;
for (var i = 1; i < CHUNK_NUMBER; i++) {
@@ -283,8 +269,6 @@ template RemoveOverflow(CHUNK_SIZE, CHUNK_NUMBER_OLD, CHUNK_NUMBER_NEW){
assert(CHUNK_SIZE <= 126);
assert(CHUNK_NUMBER_OLD <= CHUNK_NUMBER_NEW);
signal input dummy;
dummy * dummy === 0;
signal input in[CHUNK_NUMBER_OLD];
signal output out[CHUNK_NUMBER_NEW];
@@ -300,7 +284,7 @@ template RemoveOverflow(CHUNK_SIZE, CHUNK_NUMBER_OLD, CHUNK_NUMBER_NEW){
out[i] <== bits2Num[i].out;
} else {
getLastNBits[i] = GetLastNBits(CHUNK_SIZE);
getLastNBits[i].in <== in[i] + getLastNBits[i - 1].div + dummy * dummy;
getLastNBits[i].in <== in[i] + getLastNBits[i - 1].div;
bits2Num[i] = Bits2Num(CHUNK_SIZE);
bits2Num[i].in <== getLastNBits[i].out;
out[i] <== bits2Num[i].out;
@@ -324,13 +308,13 @@ template RemoveOverflow(CHUNK_SIZE, CHUNK_NUMBER_OLD, CHUNK_NUMBER_NEW){
out[i] <== bits2Num[i].out;
} else {
getLastNBits[i] = GetLastNBits(CHUNK_SIZE);
getLastNBits[i].in <== in[i] + getLastNBits[i - 1].div + dummy * dummy;
getLastNBits[i].in <== in[i] + getLastNBits[i - 1].div;
bits2Num[i] = Bits2Num(CHUNK_SIZE);
bits2Num[i].in <== getLastNBits[i].out;
out[i] <== bits2Num[i].out;
}
}
out[CHUNK_NUMBER_NEW - 1] <== getLastNBits[CHUNK_NUMBER_NEW - 2].div + in[CHUNK_NUMBER_NEW - 1] + dummy * dummy;
out[CHUNK_NUMBER_NEW - 1] <== getLastNBits[CHUNK_NUMBER_NEW - 2].div + in[CHUNK_NUMBER_NEW - 1];
}
}
@@ -340,20 +324,18 @@ template BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER){
signal input in1[CHUNK_NUMBER];
signal input in2[CHUNK_NUMBER];
signal input modulus[CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
signal output out[CHUNK_NUMBER];
for (var i = 0; i < CHUNK_NUMBER; i++){
if (i == 0){
out[i] <== 2 ** CHUNK_SIZE + modulus[i] + in1[i] - in2[i] + dummy * dummy;
out[i] <== 2 ** CHUNK_SIZE + modulus[i] + in1[i] - in2[i];
} else {
if (i == CHUNK_NUMBER - 1){
out[i] <== modulus[i] + in1[i] - in2[i] - 1 + dummy * dummy;
out[i] <== modulus[i] + in1[i] - in2[i] - 1;
} else {
out[i] <== 2 ** CHUNK_SIZE + modulus[i] + in1[i] - in2[i] - 1 + dummy * dummy;
out[i] <== 2 ** CHUNK_SIZE + modulus[i] + in1[i] - in2[i] - 1;
}
}
}
@@ -391,13 +373,10 @@ template ForceEqual(CHUNK_NUMBER){
template ReducedEqual(CHUNK_SIZE, CHUNK_NUMBER_OLD, CHUNK_NUMBER_NEW){
signal input in1[CHUNK_NUMBER_NEW];
signal input in2[CHUNK_NUMBER_OLD];
signal input dummy;
dummy * dummy === 0;
signal output out;
component reduce = RemoveOverflow(CHUNK_SIZE, CHUNK_NUMBER_OLD, CHUNK_NUMBER_NEW);
reduce.in <== in2;
reduce.dummy <== dummy;
component forceEqual = ForceEqual(CHUNK_NUMBER_NEW);
forceEqual.in[0] <== in1;
@@ -415,13 +394,9 @@ template ReducedEqual(CHUNK_SIZE, CHUNK_NUMBER_OLD, CHUNK_NUMBER_NEW){
template SmartEqual(CHUNK_SIZE, CHUNK_NUMBER){
signal input in[2][CHUNK_NUMBER];
signal output out;
signal input dummy;
dummy * dummy === 0;
component isEqual = IsEqual();
component sumLeft = GetSumOfNElements(CHUNK_NUMBER);
sumLeft.dummy <== dummy;
component sumRight = GetSumOfNElements(CHUNK_NUMBER);
sumRight.dummy <== dummy;
for (var i = 0; i < CHUNK_NUMBER; i++){
sumLeft.in[i] <== 2 ** (i * CHUNK_SIZE) * in[0][i];

12
circuits/circuits/utils/circomlib/bigInt/karatsuba.circom
View File

@@ -7,7 +7,6 @@ pragma circom 2.1.6;
template KaratsubaNoCarry(CHUNK_NUMBER) {
signal input in[2][CHUNK_NUMBER];
signal output out[2 * CHUNK_NUMBER];
signal input dummy;
if (CHUNK_NUMBER == 1) {
out[0] <== in[0][0] * in[1][0];
@@ -15,9 +14,6 @@ template KaratsubaNoCarry(CHUNK_NUMBER) {
component karatsubaA1B1 = KaratsubaNoCarry(CHUNK_NUMBER / 2);
component karatsubaA2B2 = KaratsubaNoCarry(CHUNK_NUMBER / 2);
component karatsubaA1A2B1B2 = KaratsubaNoCarry(CHUNK_NUMBER / 2);
karatsubaA2B2.dummy <== dummy;
karatsubaA1B1.dummy <== dummy;
karatsubaA1A2B1B2.dummy <== dummy;
for (var i = 0; i < CHUNK_NUMBER / 2; i++) {
karatsubaA1B1.in[0][i] <== in[0][i];
@@ -34,18 +30,18 @@ template KaratsubaNoCarry(CHUNK_NUMBER) {
out[i] <== karatsubaA1B1.out[i]
+ karatsubaA1A2B1B2.out[i - CHUNK_NUMBER / 2]
- karatsubaA1B1.out[i - CHUNK_NUMBER / 2]
- karatsubaA2B2.out[i - CHUNK_NUMBER / 2] + dummy * dummy;
- karatsubaA2B2.out[i - CHUNK_NUMBER / 2];
} else {
out[i] <== karatsubaA1B1.out[i] + dummy * dummy;
out[i] <== karatsubaA1B1.out[i];
}
} else {
if (CHUNK_NUMBER / 2 <= i && i < 3 * (CHUNK_NUMBER / 2)) {
out[i] <== karatsubaA2B2.out[i - CHUNK_NUMBER]
+ karatsubaA1A2B1B2.out[i - CHUNK_NUMBER / 2]
- karatsubaA1B1.out[i - CHUNK_NUMBER / 2]
- karatsubaA2B2.out[i - CHUNK_NUMBER / 2] + dummy * dummy;
- karatsubaA2B2.out[i - CHUNK_NUMBER / 2];
} else {
out[i] <== karatsubaA2B2.out[i - CHUNK_NUMBER] + dummy * dummy;
out[i] <== karatsubaA2B2.out[i - CHUNK_NUMBER];
}
}
}

3
circuits/circuits/utils/circomlib/bitify/operations.circom
View File

@@ -10,13 +10,10 @@ template BinSum(NUM, LEN){
assert (LEN + NUM - 1 <= 253);
var OUT_LEN = LEN + NUM - 1;
signal input in[NUM][LEN];
signal input dummy;
dummy * dummy === 0;
signal output out[OUT_LEN];
component bits2Num[NUM];
component sumN = GetSumOfNElements(NUM);
sumN.dummy <== dummy;
for (var i = 0; i < NUM; i++) {
bits2Num[i] = Bits2Num(LEN);
bits2Num[i].in <== in[i];

167
circuits/circuits/utils/circomlib/ec/curve.circom
View File

@@ -51,15 +51,12 @@ template TangentCheck(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
signal input in1[2][CHUNK_NUMBER];
signal input in2[2][CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
component mult = BigMultOptimisedOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult.in[0] <== in1[0];
mult.in[1] <== in1[0];
mult.dummy <== dummy;
component scalarMult = ScalarMultOverflow(CHUNK_NUMBER * 2 - 1);
scalarMult.scalar <== 3;
@@ -68,7 +65,6 @@ template TangentCheck(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
component add = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER);
add.in1 <== scalarMult.out;
add.in2 <== A;
add.dummy <== dummy;
component scalarMult2 = ScalarMultOverflow(CHUNK_NUMBER);
scalarMult2.in <== in1[1];
@@ -77,54 +73,44 @@ template TangentCheck(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
component modInv = BigModInvOverflow(CHUNK_SIZE, CHUNK_NUMBER, CHUNK_NUMBER);
modInv.in <== scalarMult2.out;
modInv.modulus <== P;
modInv.dummy <== dummy;
component mul2 = BigMultNonEqualOverflow(CHUNK_SIZE, 2 * CHUNK_NUMBER - 1, CHUNK_NUMBER);
mul2.in1 <== add.out;
mul2.in2 <== modInv.out;
mul2.dummy <== dummy;
component mod = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER, 3);
mod.base <== mul2.out;
mod.modulus <== P;
mod.dummy <== dummy;
component sub = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub.in1 <== in1[0];
sub.in2 <== in2[0];
sub.modulus <== P;
sub.dummy <== dummy;
component mul3 = BigMultNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER, CHUNK_NUMBER);
mul3.in1 <== mod.mod;
mul3.in2 <== sub.out;
mul3.dummy <== dummy;
component mod2 = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER, 2);
mod2.base <== mul3.out;
mod2.modulus <== P;
mod2.dummy <== dummy;
component sub2 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub2.in1 <== mod2.mod;
sub2.in2 <== in1[1];
sub2.modulus <== P;
sub2.dummy <== dummy;
component add2 = BigAddOverflow(CHUNK_SIZE, CHUNK_NUMBER);
add2.in[0] <== P;
add2.in[1] <== in2[1];
add2.dummy <== dummy;
component smartEqual = SmartEqual(CHUNK_SIZE, CHUNK_NUMBER);
smartEqual.in[0] <== sub2.out;
smartEqual.in[1] <== add2.out;
smartEqual.dummy <== dummy;
component smartEqual2 = SmartEqual(CHUNK_SIZE, CHUNK_NUMBER);
smartEqual2.in[0] <== sub2.out;
smartEqual2.in[1] <== in2[1];
smartEqual2.dummy <== dummy;
smartEqual.out * smartEqual.out + smartEqual2.out === 1;
}
@@ -139,66 +125,54 @@ template AdditionCheck(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
signal input in1[2][CHUNK_NUMBER];
signal input in2[2][CHUNK_NUMBER];
signal input in3[2][CHUNK_NUMBER];
signal input dummy;
component sub = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub.in1 <== in2[0];
sub.in2 <== in1[0];
sub.modulus <== P;
sub.dummy <== dummy;
component sub2 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub2.in1 <== in2[1];
sub2.in2 <== in1[1];
sub2.modulus <== P;
sub2.dummy <== dummy;
component sub3 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub3.in1 <== in1[0];
sub3.in2 <== in3[0];
sub3.modulus <== P;
sub3.dummy <== dummy;
component modInv = BigModInvOverflow(CHUNK_SIZE, CHUNK_NUMBER, CHUNK_NUMBER);
modInv.in <== sub.out;
modInv.modulus <== P;
modInv.dummy <== dummy;
component mul = BigMultOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mul.in[0] <== sub2.out;
mul.in[1] <== modInv.out;
mul.dummy <== dummy;
component mul2 = BigMultNonEqualOverflow(CHUNK_SIZE, 2 * CHUNK_NUMBER - 1, CHUNK_NUMBER);
mul2.in1 <== mul.out;
mul2.in2 <== sub3.out;
mul2.dummy <== dummy;
component mod = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER, 2);
mod.base <== mul2.out;
mod.modulus <== P;
mod.dummy <== dummy;
component sub4 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub4.in1 <== mod.mod;
sub4.in2 <== in1[1];
sub4.modulus <== P;
sub4.dummy <== dummy;
component add = BigAddOverflow(CHUNK_SIZE, CHUNK_NUMBER);
add.in[0] <== P;
add.in[1] <== in3[1];
add.dummy <== dummy;
component smartEqual = SmartEqual(CHUNK_SIZE, CHUNK_NUMBER);
smartEqual.in[0] <== sub4.out;
smartEqual.in[1] <== add.out;
smartEqual.dummy <== dummy;
component smartEqual2 = SmartEqual(CHUNK_SIZE, CHUNK_NUMBER);
smartEqual2.in[0] <== sub4.out;
smartEqual2.in[1] <== in3[1];
smartEqual2.dummy <== dummy;
smartEqual.out * smartEqual.out + smartEqual2.out === 1;
@@ -210,12 +184,10 @@ template AdditionCheck(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
// Computes 0 * G, 1 * G, 2 * G, ... (2 ** WINDOW_SIZE - 1) * G
template EllipticCurvePrecomputePipinger(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, WINDOW_SIZE){
signal input in[2][CHUNK_NUMBER];
signal input dummy;
var PRECOMPUTE_NUMBER = 2 ** WINDOW_SIZE;
signal output out[PRECOMPUTE_NUMBER][2][CHUNK_NUMBER];
dummy * dummy === 0;
for (var i = 0; i < 2; i++){
for (var j = 0; j < CHUNK_NUMBER; j++){
@@ -232,7 +204,6 @@ template EllipticCurvePrecomputePipinger(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, WIND
if (i % 2 == 0){
doublers[i \ 2 - 1] = EllipticCurveDoubleOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
doublers[i \ 2 - 1].in <== out[i \ 2];
doublers[i \ 2 - 1].dummy <== dummy;
doublers[i \ 2 - 1].out ==> out[i];
}
@@ -240,7 +211,6 @@ template EllipticCurvePrecomputePipinger(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, WIND
adders[i \ 2 - 1] = EllipticCurveAddOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
adders[i \ 2 - 1].in1 <== out[1];
adders[i \ 2 - 1].in2 <== out[i - 1];
adders[i \ 2 - 1].dummy <== dummy;
adders[i \ 2 - 1].out ==> out[i];
}
}
@@ -257,48 +227,38 @@ template PointOnCurveOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
assert(CHUNK_SIZE == 64);
signal input in[2][CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
component mult = BigMultOptimisedOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult.in[0] <== in[0];
mult.in[1] <== in[0];
mult.dummy <== dummy;
component mult2 = BigMultNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER);
mult2.in1 <== mult.out;
mult2.in2 <== in[0];
mult2.dummy <== dummy;
component mult3 = BigMultOptimisedOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult3.in[0] <== in[0];
mult3.in[1] <== A;
mult3.dummy <== dummy;
component mult4 = BigMultOptimisedOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult4.in[0] <== in[1];
mult4.in[1] <== in[1];
mult4.dummy <== dummy;
component add = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER * 2 - 1);
add.in1 <== mult2.out;
add.in2 <== mult3.out;
add.dummy <== dummy;
component add2 = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER);
add2.in1 <== add.out;
add2.in2 <== B;
add2.dummy <== dummy;
component mod = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER, 2);
mod.base <== mult4.out;
mod.modulus <== P;
mod.dummy <== dummy;
component mod2 = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER, 3);
mod2.base <== add2.out;
mod2.modulus <== P;
mod2.dummy <== dummy;
for (var i = 0; i < CHUNK_NUMBER; i++){
mod.mod[i] === mod2.mod[i];
@@ -313,14 +273,11 @@ template PointOnCurveOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
template EllipticCurveDoubleOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
signal input in[2][CHUNK_NUMBER];
signal output out[2][CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
// x * x
component mult = BigMultOptimisedOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult.in[0] <== in[0];
mult.in[1] <== in[0];
mult.dummy <== dummy;
// 3 * x * x
component scalarMult = ScalarMultOverflow(CHUNK_NUMBER * 2 - 1);
@@ -331,7 +288,6 @@ template EllipticCurveDoubleOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
component add = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER);
add.in1 <== scalarMult.out;
add.in2 <== A;
add.dummy <== dummy;
// 2 * y
component scalarMult2 = ScalarMultOverflow(CHUNK_NUMBER);
@@ -342,32 +298,27 @@ template EllipticCurveDoubleOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
component modInv = BigModInvOverflow(CHUNK_SIZE, CHUNK_NUMBER, CHUNK_NUMBER);
modInv.in <== scalarMult2.out;
modInv.modulus <== P;
modInv.dummy <== dummy;
// (3 * x * x + a) * 1 / (2 * y)
component mult2 = BigMultNonEqualOverflow(CHUNK_SIZE, 2 * CHUNK_NUMBER - 1, CHUNK_NUMBER);
mult2.in1 <== add.out;
mult2.in2 <== modInv.out;
mult2.dummy <== dummy;
// ((3 * x * x + a) * 1 / (2 * y)) % p ==> λ
component mod = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER, 3);
mod.base <== mult2.out;
mod.modulus <== P;
mod.dummy <== dummy;
// λ * λ
component mult3 = BigMultOptimisedOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult3.in[0] <== mod.mod;
mult3.in[1] <== mod.mod;
mult3.dummy <== dummy;
// P - x
component sub = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub.in1 <== P;
sub.in2 <== in[0];
sub.modulus <== P;
sub.dummy <== dummy;
// 2 * P - 2 * x
component scalarMult3 = ScalarMultOverflow(CHUNK_NUMBER);
@@ -378,13 +329,11 @@ template EllipticCurveDoubleOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
component add2 = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER);
add2.in1 <== mult3.out;
add2.in2 <== scalarMult3.out;
add2.dummy <== dummy;
// (λ * λ + 2 * P - 2 * x) % p ==> x3
component mod2 = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER, 2);
mod2.base <== add2.out;
mod2.modulus <== P;
mod2.dummy <== dummy;
out[0] <== mod2.mod;
@@ -393,32 +342,27 @@ template EllipticCurveDoubleOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
sub2.in1 <== in[0];
sub2.in2 <== out[0];
sub2.modulus <== P;
sub2.dummy <== dummy;
// λ * (x1 - x3)
component mult4 = BigMultNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER, CHUNK_NUMBER);
mult4.in1 <== mod.mod;
mult4.in2 <== sub2.out;
mult4.dummy <== dummy;
// P - y
component sub3 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub3.in1 <== P;
sub3.in2 <== in[1];
sub3.modulus <== P;
sub3.dummy <== dummy;
// λ * (x1 - x3) + P - y
component add3 = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER);
add3.in1 <== mult4.out;
add3.in2 <== sub3.out;
add3.dummy <== dummy;
// (λ * (x1 - x3) + P - y) % P ==> y3
component mod3 = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER, 2);
mod3.base <== add3.out;
mod3.modulus <== P;
mod3.dummy <== dummy;
out[1] <== mod3.mod;
}
@@ -432,78 +376,65 @@ template EllipticCurveAddOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
signal input in1[2][CHUNK_NUMBER];
signal input in2[2][CHUNK_NUMBER];
signal output out[2][CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
// x2 - x1
component sub = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub.in1 <== in2[0];
sub.in2 <== in1[0];
sub.modulus <== P;
sub.dummy <== dummy;
// y2 - y1
component sub2 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub2.in1 <== in2[1];
sub2.in2 <== in1[1];
sub2.modulus <== P;
sub2.dummy <== dummy;
// (x2 - x1) ** -1
component modInv = BigModInvOverflow(CHUNK_SIZE, CHUNK_NUMBER, CHUNK_NUMBER);
modInv.in <== sub.out;
modInv.modulus <== P;
modInv.dummy <== dummy;
// (y2 - y1) * 1 / (x2 - x1)
component mult = BigMultOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult.in[0] <== sub2.out;
mult.in[1] <== modInv.out;
mult.dummy <== dummy;
// (y2 - y1) * 1 / (x2 - x1) % P ==> λ
component mod = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER, 2);
mod.base <== mult.out;
mod.modulus <== P;
mod.dummy <== dummy;
// λ * λ
component mult2 = BigMultOptimisedOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult2.in[0] <== mod.mod;
mult2.in[1] <== mod.mod;
mult2.dummy <== dummy;
// P - in1
component sub3 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub3.in1 <== P;
sub3.in2 <== in1[0];
sub3.modulus <== P;
sub3.dummy <== dummy;
// P - in2
component sub4 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub4.in1 <== P;
sub4.in2 <== in2[0];
sub4.modulus <== P;
sub4.dummy <== dummy;
// 2 * P - in1 - in2
component add = BigAddOverflow(CHUNK_SIZE, CHUNK_NUMBER);
add.in[0] <== sub3.out;
add.in[1] <== sub4.out;
add.dummy <== dummy;
// λ * λ + 2 * P - in1 - in2
component add2 = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER);
add2.in1 <== mult2.out;
add2.in2 <== add.out;
add2.dummy <== dummy;
// (λ * λ + 2 * P - in1 - in2) % P ==> x3
component mod2 = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER, 2);
mod2.base <== add2.out;
mod2.modulus <== P;
mod2.dummy <== dummy;
out[0] <== mod2.mod;
@@ -512,32 +443,27 @@ template EllipticCurveAddOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
sub5.in1 <== in1[0];
sub5.in2 <== out[0];
sub5.modulus <== P;
sub5.dummy <== dummy;
// λ * (x1 - x3)
component mult3 = BigMultNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER);
mult3.in1 <== mult.out;
mult3.in2 <== sub5.out;
mult3.dummy <== dummy;
// P - y1
component sub6 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub6.in1 <== P;
sub6.in2 <== in1[1];
sub6.modulus <== P;
sub6.dummy <== dummy;
// λ * (x1 - x3) + P - y1
component add3 = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER);
add3.in1 <== mult3.out;
add3.in2 <== sub6.out;
add3.dummy <== dummy;
// (λ * (x1 - x3) + P - y1) % P ==> y3
component mod3 = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER, 3);
mod3.base <== add3.out;
mod3.modulus <== P;
mod3.dummy <== dummy;
out[1] <== mod3.mod;
}
@@ -553,7 +479,6 @@ template EllipicCurveScalarGeneratorMultiplicationOptimised(CHUNK_SIZE, CHUNK_NU
assert(CHUNK_SIZE == 64 && CHUNK_NUMBER == 4);
signal input scalar[CHUNK_NUMBER];
signal input dummy;
signal output out[2][CHUNK_NUMBER];
@@ -561,7 +486,6 @@ template EllipicCurveScalarGeneratorMultiplicationOptimised(CHUNK_SIZE, CHUNK_NU
var parts = CHUNK_NUMBER * CHUNK_SIZE \ STRIDE;
dummy * dummy === 0;
var powers[parts][2 ** STRIDE][2][CHUNK_NUMBER];
if (P[0] == 18446744069414583343 && P[1] == 18446744073709551615 && P[2] == 18446744073709551615 && P[3] == 18446744073709551615){
powers = get_g_pow_stride8_table_secp256k1(CHUNK_SIZE, CHUNK_NUMBER);
@@ -611,7 +535,6 @@ template EllipicCurveScalarGeneratorMultiplicationOptimised(CHUNK_SIZE, CHUNK_NU
for (var j = 0; j < 2; j++){
for (var axis_idx = 0; axis_idx < CHUNK_NUMBER; axis_idx++){
getSumOfNElements[i][j][axis_idx] = GetSumOfNElements(2 ** STRIDE);
getSumOfNElements[i][j][axis_idx].dummy <== dummy;
for (var stride_idx = 0; stride_idx < 2 ** STRIDE; stride_idx++){
getSumOfNElements[i][j][axis_idx].in[stride_idx] <== resultCoordinateComputation[i][stride_idx][j][axis_idx];
}
@@ -622,7 +545,7 @@ template EllipicCurveScalarGeneratorMultiplicationOptimised(CHUNK_SIZE, CHUNK_NU
component isZero[parts];
for (var i = 0; i < parts; i++){
isZero[i] = IsZero();
isZero[i].in <== getSumOfNElements[i][0][0].out + getSumOfNElements[i][0][1].out + getSumOfNElements[i][0][2].out + getSumOfNElements[i][0][3].out + getSumOfNElements[i][1][0].out + getSumOfNElements[i][1][1].out + getSumOfNElements[i][1][2].out + getSumOfNElements[i][1][3].out + dummy * dummy;
isZero[i].in <== getSumOfNElements[i][0][0].out + getSumOfNElements[i][0][1].out + getSumOfNElements[i][0][2].out + getSumOfNElements[i][0][3].out + getSumOfNElements[i][1][0].out + getSumOfNElements[i][1][1].out + getSumOfNElements[i][1][2].out + getSumOfNElements[i][1][3].out;
}
signal precomptedDummy[parts][2][CHUNK_NUMBER];
@@ -660,7 +583,6 @@ template EllipicCurveScalarGeneratorMultiplicationOptimised(CHUNK_SIZE, CHUNK_NU
for (var i = 0; i < parts - 1; i++){
adders[i] = EllipticCurveAddOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
adders[i].dummy <== dummy;
isDummyLeft[i] = IsEqual();
isDummyRight[i] = IsEqual();
@@ -738,7 +660,6 @@ template EllipticCurvePipingerMult(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, WINDOW_SIZ
signal input in[2][CHUNK_NUMBER];
signal input scalar[CHUNK_NUMBER];
signal input dummy;
signal output out[2][CHUNK_NUMBER];
@@ -748,7 +669,6 @@ template EllipticCurvePipingerMult(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, WINDOW_SIZ
component precompute = EllipticCurvePrecomputePipinger(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, WINDOW_SIZE);
precompute.in <== in;
precompute.dummy <== dummy;
precompute.out ==> precomputed;
var DOUBLERS_NUMBER = CHUNK_SIZE * CHUNK_NUMBER - WINDOW_SIZE;
@@ -805,7 +725,6 @@ template EllipticCurvePipingerMult(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, WINDOW_SIZ
if (i != 0){
for (var j = 0; j < WINDOW_SIZE; j++){
doublers[i + j - WINDOW_SIZE] = EllipticCurveDoubleOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
doublers[i + j - WINDOW_SIZE].dummy <== dummy;
if (j == 0){
for (var axis_idx = 0; axis_idx < 2; axis_idx++){
@@ -863,14 +782,12 @@ template EllipticCurvePipingerMult(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, WINDOW_SIZ
adders[i \ WINDOW_SIZE].in1 <== res [i \ WINDOW_SIZE];
adders[i \ WINDOW_SIZE].in2 <== tmp2[i \ WINDOW_SIZE];
adders[i \ WINDOW_SIZE].dummy <== dummy;
res[i \ WINDOW_SIZE + 1] <== tmp2[i \ WINDOW_SIZE];
} else {
adders[i \ WINDOW_SIZE].in1 <== doublers[i - 1].out;
adders[i \ WINDOW_SIZE].in2 <== tmp2[i \ WINDOW_SIZE];
adders[i \ WINDOW_SIZE].dummy <== dummy;
zeroEquals[i \ WINDOW_SIZE] = IsEqual();
@@ -920,12 +837,10 @@ template EllipicCurveScalarPrecomputeMultiplicationOptimised(CHUNK_SIZE, CHUNK_N
var parts = CHUNK_NUMBER * CHUNK_SIZE \ STRIDE;
signal input scalar[CHUNK_NUMBER];
signal input dummy;
signal input in[2][CHUNK_NUMBER];
signal input powers[parts][2 ** STRIDE][2][CHUNK_NUMBER];
signal output out[2][CHUNK_NUMBER];
dummy * dummy === 0;
//----------------------------------------------------------------------------------------------------------------------------------------------------------------
// We don`t use point anywhere, we should add any quadratic constraint for secure issues
@@ -974,7 +889,6 @@ template EllipicCurveScalarPrecomputeMultiplicationOptimised(CHUNK_SIZE, CHUNK_N
for (var j = 0; j < 2; j++){
for (var axis_idx = 0; axis_idx < CHUNK_NUMBER; axis_idx++){
getSumOfNElements[i][j][axis_idx] = GetSumOfNElements(2 ** STRIDE);
getSumOfNElements[i][j][axis_idx].dummy <== dummy;
for (var stride_idx = 0; stride_idx < 2 ** STRIDE; stride_idx++){
getSumOfNElements[i][j][axis_idx].in[stride_idx] <== resultCoordinateComputation[i][stride_idx][j][axis_idx];
}
@@ -985,7 +899,7 @@ template EllipicCurveScalarPrecomputeMultiplicationOptimised(CHUNK_SIZE, CHUNK_N
component isZero[parts];
for (var i = 0; i < parts; i++){
isZero[i] = IsZero();
isZero[i].in <== getSumOfNElements[i][0][0].out + getSumOfNElements[i][0][1].out + getSumOfNElements[i][0][2].out + getSumOfNElements[i][0][3].out + getSumOfNElements[i][1][0].out + getSumOfNElements[i][1][1].out + getSumOfNElements[i][1][2].out + getSumOfNElements[i][1][3].out + dummy * dummy;
isZero[i].in <== getSumOfNElements[i][0][0].out + getSumOfNElements[i][0][1].out + getSumOfNElements[i][0][2].out + getSumOfNElements[i][0][3].out + getSumOfNElements[i][1][0].out + getSumOfNElements[i][1][1].out + getSumOfNElements[i][1][2].out + getSumOfNElements[i][1][3].out;
}
signal precomptedDummy[parts][2][CHUNK_NUMBER];
@@ -1023,7 +937,6 @@ template EllipicCurveScalarPrecomputeMultiplicationOptimised(CHUNK_SIZE, CHUNK_N
for (var i = 0; i < parts - 1; i++){
adders[i] = EllipticCurveAddOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
adders[i].dummy <== dummy;
isDummyLeft[i] = IsEqual();
isDummyRight[i] = IsEqual();
@@ -1098,48 +1011,38 @@ template PointOnCurveNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
assert(CHUNK_SIZE == 64);
signal input in[2][CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
component mult = BigMultOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult.in[0] <== in[0];
mult.in[1] <== in[0];
mult.dummy <== dummy;
component mult2 = BigMultNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER);
mult2.in1 <== mult.out;
mult2.in2 <== in[0];
mult2.dummy <== dummy;
component mult3 = BigMultOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult3.in[0] <== in[0];
mult3.in[1] <== A;
mult3.dummy <== dummy;
component mult4 = BigMultOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult4.in[0] <== in[1];
mult4.in[1] <== in[1];
mult4.dummy <== dummy;
component add = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER * 2 - 1);
add.in1 <== mult2.out;
add.in2 <== mult3.out;
add.dummy <== dummy;
component add2 = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER);
add2.in1 <== add.out;
add2.in2 <== B;
add2.dummy <== dummy;
component mod = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER, 2);
mod.base <== mult4.out;
mod.modulus <== P;
mod.dummy <== dummy;
component mod2 = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER, 3);
mod2.base <== add2.out;
mod2.modulus <== P;
mod2.dummy <== dummy;
for (var i = 0; i < CHUNK_NUMBER; i++){
mod.mod[i] === mod2.mod[i];
@@ -1154,14 +1057,11 @@ template PointOnCurveNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
template EllipticCurveDoubleNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
signal input in[2][CHUNK_NUMBER];
signal output out[2][CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
// x * x
component mult = BigMultOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult.in[0] <== in[0];
mult.in[1] <== in[0];
mult.dummy <== dummy;
// 3 * x * x
component scalarMult = ScalarMultOverflow(CHUNK_NUMBER * 2 - 1);
@@ -1172,7 +1072,6 @@ template EllipticCurveDoubleNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
component add = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER);
add.in1 <== scalarMult.out;
add.in2 <== A;
add.dummy <== dummy;
// 2 * y
component scalarMult2 = ScalarMultOverflow(CHUNK_NUMBER);
@@ -1183,32 +1082,27 @@ template EllipticCurveDoubleNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
component modInv = BigModInvOverflow(CHUNK_SIZE, CHUNK_NUMBER, CHUNK_NUMBER);
modInv.in <== scalarMult2.out;
modInv.modulus <== P;
modInv.dummy <== dummy;
// (3 * x * x + a) * 1 / (2 * y)
component mult2 = BigMultNonEqualOverflow(CHUNK_SIZE, 2 * CHUNK_NUMBER - 1, CHUNK_NUMBER);
mult2.in1 <== add.out;
mult2.in2 <== modInv.out;
mult2.dummy <== dummy;
// ((3 * x * x + a) * 1 / (2 * y)) % p ==> λ
component mod = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER, 3);
mod.base <== mult2.out;
mod.modulus <== P;
mod.dummy <== dummy;
// λ * λ
component mult3 = BigMultOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult3.in[0] <== mod.mod;
mult3.in[1] <== mod.mod;
mult3.dummy <== dummy;
// P - x
component sub = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub.in1 <== P;
sub.in2 <== in[0];
sub.modulus <== P;
sub.dummy <== dummy;
// 2 * P - 2 * x
component scalarMult3 = ScalarMultOverflow(CHUNK_NUMBER);
@@ -1219,13 +1113,11 @@ template EllipticCurveDoubleNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
component add2 = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER);
add2.in1 <== mult3.out;
add2.in2 <== scalarMult3.out;
add2.dummy <== dummy;
// (λ * λ + 2 * P - 2 * x) % p ==> x3
component mod2 = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER, 2);
mod2.base <== add2.out;
mod2.modulus <== P;
mod2.dummy <== dummy;
out[0] <== mod2.mod;
@@ -1234,32 +1126,27 @@ template EllipticCurveDoubleNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
sub2.in1 <== in[0];
sub2.in2 <== out[0];
sub2.modulus <== P;
sub2.dummy <== dummy;
// λ * (x1 - x3)
component mult4 = BigMultNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER, CHUNK_NUMBER);
mult4.in1 <== mod.mod;
mult4.in2 <== sub2.out;
mult4.dummy <== dummy;
// P - y
component sub3 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub3.in1 <== P;
sub3.in2 <== in[1];
sub3.modulus <== P;
sub3.dummy <== dummy;
// λ * (x1 - x3) + P - y
component add3 = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER);
add3.in1 <== mult4.out;
add3.in2 <== sub3.out;
add3.dummy <== dummy;
// (λ * (x1 - x3) + P - y) % P ==> y3
component mod3 = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER, 2);
mod3.base <== add3.out;
mod3.modulus <== P;
mod3.dummy <== dummy;
out[1] <== mod3.mod;
}
@@ -1273,78 +1160,65 @@ template EllipticCurveAddNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
signal input in1[2][CHUNK_NUMBER];
signal input in2[2][CHUNK_NUMBER];
signal output out[2][CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
// x2 - x1
component sub = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub.in1 <== in2[0];
sub.in2 <== in1[0];
sub.modulus <== P;
sub.dummy <== dummy;
// y2 - y1
component sub2 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub2.in1 <== in2[1];
sub2.in2 <== in1[1];
sub2.modulus <== P;
sub2.dummy <== dummy;
// (x2 - x1) ** -1
component modInv = BigModInvOverflow(CHUNK_SIZE, CHUNK_NUMBER, CHUNK_NUMBER);
modInv.in <== sub.out;
modInv.modulus <== P;
modInv.dummy <== dummy;
// (y2 - y1) * 1 / (x2 - x1)
component mult = BigMultOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult.in[0] <== sub2.out;
mult.in[1] <== modInv.out;
mult.dummy <== dummy;
// (y2 - y1) * 1 / (x2 - x1) % P ==> λ
component mod = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER, 2);
mod.base <== mult.out;
mod.modulus <== P;
mod.dummy <== dummy;
// λ * λ
component mult2 = BigMultOverflow(CHUNK_SIZE, CHUNK_NUMBER);
mult2.in[0] <== mod.mod;
mult2.in[1] <== mod.mod;
mult2.dummy <== dummy;
// P - in1
component sub3 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub3.in1 <== P;
sub3.in2 <== in1[0];
sub3.modulus <== P;
sub3.dummy <== dummy;
// P - in2
component sub4 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub4.in1 <== P;
sub4.in2 <== in2[0];
sub4.modulus <== P;
sub4.dummy <== dummy;
// 2 * P - in1 - in2
component add = BigAddOverflow(CHUNK_SIZE, CHUNK_NUMBER);
add.in[0] <== sub3.out;
add.in[1] <== sub4.out;
add.dummy <== dummy;
// λ * λ + 2 * P - in1 - in2
component add2 = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER);
add2.in1 <== mult2.out;
add2.in2 <== add.out;
add2.dummy <== dummy;
// (λ * λ + 2 * P - in1 - in2) % P ==> x3
component mod2 = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER, 2);
mod2.base <== add2.out;
mod2.modulus <== P;
mod2.dummy <== dummy;
out[0] <== mod2.mod;
@@ -1353,32 +1227,27 @@ template EllipticCurveAddNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
sub5.in1 <== in1[0];
sub5.in2 <== out[0];
sub5.modulus <== P;
sub5.dummy <== dummy;
// λ * (x1 - x3)
component mult3 = BigMultNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 2 - 1, CHUNK_NUMBER);
mult3.in1 <== mult.out;
mult3.in2 <== sub5.out;
mult3.dummy <== dummy;
// P - y1
component sub6 = BigSubModOverflow(CHUNK_SIZE, CHUNK_NUMBER);
sub6.in1 <== P;
sub6.in2 <== in1[1];
sub6.modulus <== P;
sub6.dummy <== dummy;
// λ * (x1 - x3) + P - y1
component add3 = BigAddNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER);
add3.in1 <== mult3.out;
add3.in2 <== sub6.out;
add3.dummy <== dummy;
// (λ * (x1 - x3) + P - y1) % P ==> y3
component mod3 = BigModOverflow(CHUNK_SIZE, CHUNK_NUMBER * 3 - 2, CHUNK_NUMBER, 3);
mod3.base <== add3.out;
mod3.modulus <== P;
mod3.dummy <== dummy;
out[1] <== mod3.mod;
}
@@ -1394,7 +1263,6 @@ template EllipticCurveAddNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
template EllipicCurveScalarGeneratorMultiplicationNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
signal input scalar[CHUNK_NUMBER];
signal input dummy;
signal output out[2][CHUNK_NUMBER];
@@ -1402,7 +1270,6 @@ template EllipicCurveScalarGeneratorMultiplicationNonOptimised(CHUNK_SIZE, CHUNK
var parts = CHUNK_NUMBER * CHUNK_SIZE \ STRIDE;
dummy * dummy === 0;
var powers[parts][2 ** STRIDE][2][CHUNK_NUMBER];
if (CHUNK_NUMBER == 6){
if (P[0] == 9747760000893709395 && P[1] == 12453481191562877553 && P[2] == 1347097566612230435 && P[3] == 1526563086152259252 && P[4] == 1107163671716839903 && P[5] == 10140169582434348328){
@@ -1451,7 +1318,6 @@ template EllipicCurveScalarGeneratorMultiplicationNonOptimised(CHUNK_SIZE, CHUNK
for (var j = 0; j < 2; j++){
for (var axis_idx = 0; axis_idx < CHUNK_NUMBER; axis_idx++){
getSumOfNElements[i][j][axis_idx] = GetSumOfNElements(2 ** STRIDE);
getSumOfNElements[i][j][axis_idx].dummy <== dummy;
for (var stride_idx = 0; stride_idx < 2 ** STRIDE; stride_idx++){
getSumOfNElements[i][j][axis_idx].in[stride_idx] <== resultCoordinateComputation[i][stride_idx][j][axis_idx];
}
@@ -1462,7 +1328,7 @@ template EllipicCurveScalarGeneratorMultiplicationNonOptimised(CHUNK_SIZE, CHUNK
component isZero[parts];
for (var i = 0; i < parts; i++){
isZero[i] = IsZero();
isZero[i].in <== getSumOfNElements[i][0][0].out + getSumOfNElements[i][0][1].out + getSumOfNElements[i][0][2].out + getSumOfNElements[i][0][3].out + getSumOfNElements[i][1][0].out + getSumOfNElements[i][1][1].out + getSumOfNElements[i][1][2].out + getSumOfNElements[i][1][3].out + dummy * dummy;
isZero[i].in <== getSumOfNElements[i][0][0].out + getSumOfNElements[i][0][1].out + getSumOfNElements[i][0][2].out + getSumOfNElements[i][0][3].out + getSumOfNElements[i][1][0].out + getSumOfNElements[i][1][1].out + getSumOfNElements[i][1][2].out + getSumOfNElements[i][1][3].out;
}
signal precomptedDummy[parts][2][CHUNK_NUMBER];
@@ -1500,7 +1366,6 @@ template EllipicCurveScalarGeneratorMultiplicationNonOptimised(CHUNK_SIZE, CHUNK
for (var i = 0; i < parts - 1; i++){
adders[i] = EllipticCurveAdd(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
adders[i].dummy <== dummy;
isDummyLeft[i] = IsEqual();
isDummyRight[i] = IsEqual();
@@ -1587,12 +1452,10 @@ template EllipicCurveScalarPrecomputeMultiplicationNonOptimised(CHUNK_SIZE, CHUN
var parts = CHUNK_NUMBER * CHUNK_SIZE \ STRIDE;
signal input scalar[CHUNK_NUMBER];
signal input dummy;
signal input in[2][CHUNK_NUMBER];
signal input powers[parts][2 ** STRIDE][2][CHUNK_NUMBER];
signal output out[2][CHUNK_NUMBER];
dummy * dummy === 0;
//----------------------------------------------------------------------------------------------------------------------------------------------------------------
// We don`t use point anywhere, we should add any quadratic constraint for secure issues
@@ -1641,7 +1504,6 @@ template EllipicCurveScalarPrecomputeMultiplicationNonOptimised(CHUNK_SIZE, CHUN
for (var j = 0; j < 2; j++){
for (var axis_idx = 0; axis_idx < CHUNK_NUMBER; axis_idx++){
getSumOfNElements[i][j][axis_idx] = GetSumOfNElements(2 ** STRIDE);
getSumOfNElements[i][j][axis_idx].dummy <== dummy;
for (var stride_idx = 0; stride_idx < 2 ** STRIDE; stride_idx++){
getSumOfNElements[i][j][axis_idx].in[stride_idx] <== resultCoordinateComputation[i][stride_idx][j][axis_idx];
}
@@ -1652,7 +1514,7 @@ template EllipicCurveScalarPrecomputeMultiplicationNonOptimised(CHUNK_SIZE, CHUN
component isZero[parts];
for (var i = 0; i < parts; i++){
isZero[i] = IsZero();
isZero[i].in <== getSumOfNElements[i][0][0].out + getSumOfNElements[i][0][1].out + getSumOfNElements[i][0][2].out + getSumOfNElements[i][0][3].out + getSumOfNElements[i][1][0].out + getSumOfNElements[i][1][1].out + getSumOfNElements[i][1][2].out + getSumOfNElements[i][1][3].out + dummy * dummy;
isZero[i].in <== getSumOfNElements[i][0][0].out + getSumOfNElements[i][0][1].out + getSumOfNElements[i][0][2].out + getSumOfNElements[i][0][3].out + getSumOfNElements[i][1][0].out + getSumOfNElements[i][1][1].out + getSumOfNElements[i][1][2].out + getSumOfNElements[i][1][3].out;
}
signal precomptedDummy[parts][2][CHUNK_NUMBER];
@@ -1690,7 +1552,6 @@ template EllipicCurveScalarPrecomputeMultiplicationNonOptimised(CHUNK_SIZE, CHUN
for (var i = 0; i < parts - 1; i++){
adders[i] = EllipticCurveAdd(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
adders[i].dummy <== dummy;
isDummyLeft[i] = IsEqual();
isDummyRight[i] = IsEqual();
@@ -1765,36 +1626,28 @@ template EllipicCurveScalarPrecomputeMultiplicationNonOptimised(CHUNK_SIZE, CHUN
template PointOnCurve(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
signal input in[2][CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
if (CHUNK_NUMBER == 4 && CHUNK_SIZE == 64){
component pointOnCurveOptimised = PointOnCurveOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
pointOnCurveOptimised.in <== in;
pointOnCurveOptimised.dummy <== dummy;
} else {
component pointOnCurveNonOptimised = PointOnCurveNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
pointOnCurveNonOptimised.in <== in;
pointOnCurveNonOptimised.dummy <== dummy;
}
}
template EllipticCurveDouble(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
signal input in[2][CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
signal output out[2][CHUNK_NUMBER];
if (CHUNK_NUMBER == 4 && CHUNK_SIZE == 64){
component ecDoubleOptimised = EllipticCurveDoubleOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
ecDoubleOptimised.in <== in;
ecDoubleOptimised.dummy <== dummy;
out <== ecDoubleOptimised.out;
} else {
component ecDoubleNonOptimised = EllipticCurveDoubleNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
ecDoubleNonOptimised.in <== in;
ecDoubleNonOptimised.dummy <== dummy;
out <== ecDoubleNonOptimised.out;
}
}
@@ -1802,40 +1655,32 @@ template EllipticCurveDouble(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
template EllipticCurveAdd(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
signal input in1[2][CHUNK_NUMBER];
signal input in2[2][CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
signal output out[2][CHUNK_NUMBER];
if (CHUNK_NUMBER == 4 && CHUNK_SIZE == 64){
component ecAddOptimised = EllipticCurveAddOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
ecAddOptimised.in1 <== in1;
ecAddOptimised.in2 <== in2;
ecAddOptimised.dummy <== dummy;
out <== ecAddOptimised.out;
} else {
component ecAddNonOptimised = EllipticCurveAddNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
ecAddNonOptimised.in1 <== in1;
ecAddNonOptimised.in2 <== in2;
ecAddNonOptimised.dummy <== dummy;
out <== ecAddNonOptimised.out;
}
}
template EllipicCurveScalarGeneratorMultiplication(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
signal input scalar[CHUNK_NUMBER];
signal input dummy;
dummy * dummy === 0;
signal output out[2][CHUNK_NUMBER];
if (CHUNK_SIZE == 64 && CHUNK_NUMBER == 4){
component ecGenMultOptimised = EllipicCurveScalarGeneratorMultiplicationOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
ecGenMultOptimised.scalar <== scalar;
ecGenMultOptimised.dummy <== dummy;
out <== ecGenMultOptimised.out;
} else {
component ecGenMultNonOptimised = EllipicCurveScalarGeneratorMultiplicationNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
ecGenMultNonOptimised.scalar <== scalar;
ecGenMultNonOptimised.dummy <== dummy;
out <== ecGenMultNonOptimised.out;
}
@@ -1848,26 +1693,22 @@ template EllipicCurveScalarPrecomputeMultiplication(CHUNK_SIZE, CHUNK_NUMBER, A,
var parts = CHUNK_NUMBER * CHUNK_SIZE \ STRIDE;
signal input scalar[CHUNK_NUMBER];
signal input dummy;
signal input in[2][CHUNK_NUMBER];
signal input powers[parts][2 ** STRIDE][2][CHUNK_NUMBER];
signal output out[2][CHUNK_NUMBER];
dummy * dummy === 0;
if (CHUNK_SIZE == 64 && CHUNK_NUMBER == 4){
component scalarMultOptimised = EllipicCurveScalarPrecomputeMultiplicationOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
scalarMultOptimised.in <== in;
scalarMultOptimised.scalar <== scalar;
scalarMultOptimised.powers <== powers;
scalarMultOptimised.dummy <== dummy;
out <== scalarMultOptimised.out;
} else {
component scalarMultNonOptimised = EllipicCurveScalarPrecomputeMultiplicationNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
scalarMultNonOptimised.in <== in;
scalarMultNonOptimised.scalar <== scalar;
scalarMultNonOptimised.powers <== powers;
scalarMultNonOptimised.dummy <== dummy;
out <== scalarMultNonOptimised.out;
}

2
circuits/circuits/utils/circomlib/ec/get.circom
View File

@@ -36,11 +36,9 @@ template EllipticCurveGetGenerator(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
}
// Get "dummy" point
// We can`t "if" signal in circom, so we always need to do all opertions, even we won`t use results of them
// For example, in scalar mult we can have case where we shouln`t add anything (bits = [0,0, .. ,0])
// We will ignore result, but we still should get it, so we need to pout something anyway
// We use this dummy point for such purposes
// Dummy point = G * 2**256
template EllipticCurveGetDummy(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
assert (CHUNK_SIZE == 64);

15
circuits/circuits/utils/circomlib/hasher/hash.circom
View File

@@ -33,37 +33,31 @@ template ShaHashChunks(BLOCK_NUM, ALGO){
BLOCK_SIZE = 1024;
}
signal input in[BLOCK_SIZE * BLOCK_NUM];
signal input dummy;
signal output out[ALGO];
if (ALGO == 160) {
component hash160 = Sha1HashChunks(BLOCK_NUM);
hash160.in <== in;
hash160.dummy <== dummy;
hash160.out ==> out;
}
if (ALGO == 224) {
component hash224 = Sha224HashChunks(BLOCK_NUM);
hash224.in <== in;
hash224.dummy <== dummy;
hash224.out ==> out;
}
if (ALGO == 256) {
component hash256 = Sha256HashChunks(BLOCK_NUM);
hash256.in <== in;
hash256.dummy <== dummy;
hash256.out ==> out;
}
if (ALGO == 384) {
component hash384 = Sha384HashChunks(BLOCK_NUM);
hash384.in <== in;
hash384.dummy <== dummy;
hash384.out ==> out;
}
if (ALGO == 512) {
component hash512 = Sha512HashChunks(BLOCK_NUM);
hash512.in <== in;
hash512.dummy <== dummy;
hash512.out ==> out;
}
}
@@ -76,37 +70,31 @@ template ShaHashBits(LEN, ALGO){
BLOCK_SIZE = 1024;
}
signal input in[LEN];
signal input dummy;
signal output out[ALGO];
if (ALGO == 160) {
component hash160 = Sha1HashBits(LEN);
hash160.in <== in;
hash160.dummy <== dummy;
hash160.out ==> out;
}
if (ALGO == 224) {
component hash224 = Sha224HashBits(LEN);
hash224.in <== in;
hash224.dummy <== dummy;
hash224.out ==> out;
}
if (ALGO == 256) {
component hash256 = Sha256HashBits(LEN);
hash256.in <== in;
hash256.dummy <== dummy;
hash256.out ==> out;
}
if (ALGO == 384) {
component hash384 = Sha384HashBits(LEN);
hash384.in <== in;
hash384.dummy <== dummy;
hash384.out ==> out;
}
if (ALGO == 512) {
component hash512 = Sha512HashBits(LEN);
hash512.in <== in;
hash512.dummy <== dummy;
hash512.out ==> out;
}
}
@@ -121,12 +109,9 @@ template PoseidonHash(LEN){
assert (LEN <= 16);
assert (LEN > 0);
signal input in[LEN];
signal input dummy;
dummy * dummy === 0;
signal output out;
component poseidon = Poseidon(LEN);
poseidon.in <== in;
poseidon.dummy <== dummy;
out <== poseidon.out;
}

21
circuits/circuits/utils/circomlib/hasher/poseidon/poseidon.circom
View File

@@ -31,15 +31,12 @@ template Ark(t, C, r) {
template Mix(t, M) {
signal input in[t];
signal input dummy;
dummy * dummy === 0;
signal output out[t];
component sum[t];
for (var i = 0; i < t; i++) {
sum[i] = GetSumOfNElements(t);
sum[i].dummy <== dummy;
for (var j = 0; j < t; j++) {
sum[i].in[j] <== M[j][i] * in[j];
}
@@ -49,12 +46,9 @@ template Mix(t, M) {
template MixLast(t, M, s) {
signal input in[t];
signal input dummy;
dummy * dummy === 0;
signal output out;
component sum = GetSumOfNElements(t);
sum.dummy <== dummy;
for (var j = 0; j < t; j++) {
sum.in[j] <== M[j][s] * in[j];
}
@@ -63,28 +57,23 @@ template MixLast(t, M, s) {
template MixS(t, S, r) {
signal input in[t];
signal input dummy;
dummy * dummy === 0;
signal output out[t];
component sum = GetSumOfNElements(t);
sum.dummy <== dummy;
for (var i = 0; i < t; i++) {
sum.in[i] <== S[(t * 2 - 1) * r + i] * in[i];
}
out[0] <== sum.out;
for (var i = 1; i < t; i++) {
out[i] <== in[i] + in[0] * S[(t * 2 - 1) * r + t + i - 1] + dummy * dummy;
out[i] <== in[i] + in[0] * S[(t * 2 - 1) * r + t + i - 1];
}
}
template PoseidonEx(nInputs, nOuts) {
signal input inputs[nInputs];
signal input initialState;
signal input dummy;
dummy * dummy === 0;
signal output out[nOuts];
@@ -130,7 +119,6 @@ template PoseidonEx(nInputs, nOuts) {
}
mix[r] = Mix(t,M);
mix[r].dummy <== dummy;
for (var j = 0; j < t; j++) {
mix[r].in[j] <== ark[r + 1].out[j];
}
@@ -148,7 +136,6 @@ template PoseidonEx(nInputs, nOuts) {
}
mix[nRoundsF \ 2 - 1] = Mix(t,P);
mix[nRoundsF \ 2 - 1].dummy <== dummy;
for (var j = 0; j < t; j++) {
mix[nRoundsF \ 2 - 1].in[j] <== ark[nRoundsF \ 2].out[j];
}
@@ -163,7 +150,6 @@ template PoseidonEx(nInputs, nOuts) {
}
mixS[r] = MixS(t, S, r);
mixS[r].dummy <== dummy;
for (var j = 0; j < t; j++) {
if (j == 0) {
mixS[r].in[j] <== sigmaP[r].out + C[(nRoundsF \ 2 + 1) * t + r];
@@ -193,7 +179,6 @@ template PoseidonEx(nInputs, nOuts) {
}
mix[nRoundsF \ 2 + r] = Mix(t,M);
mix[nRoundsF \ 2 + r].dummy <== dummy;
for (var j = 0; j < t; j++) {
mix[nRoundsF \ 2 + r].in[j] <== ark[nRoundsF \ 2 + r + 1].out[j];
}
@@ -207,7 +192,6 @@ template PoseidonEx(nInputs, nOuts) {
for (var i = 0; i < nOuts; i++) {
mixLast[i] = MixLast(t,M,i);
mixLast[i].dummy <== dummy;
for (var j = 0; j < t; j++) {
mixLast[i].in[j] <== sigmaF[nRoundsF - 1][j].out;
}
@@ -221,12 +205,9 @@ template PoseidonEx(nInputs, nOuts) {
// Use this template to calculate to calculate Poseidon hash of your vector (1 elememnt array for one num)
template Poseidon(nInputs) {
signal input in[nInputs];
signal input dummy;
dummy * dummy === 0;
signal output out;
component pEx = PoseidonEx(nInputs, 1);
pEx.dummy <== dummy;
pEx.initialState <== 0;
for (var i = 0; i < nInputs; i++) {
pEx.inputs[i] <== in[i];

6
circuits/circuits/utils/circomlib/hasher/sha1/sha1.circom
View File

@@ -5,8 +5,6 @@ include "sha1compression.circom";
include "../sha2/sha2Common.circom";
template Sha1HashChunks(BLOCK_NUM) {
signal input dummy;
dummy * dummy === 0;
signal input in[BLOCK_NUM * 512];
signal output out[160];
@@ -23,7 +21,6 @@ template Sha1HashChunks(BLOCK_NUM) {
for (i = 0; i < BLOCK_NUM; i++) {
sha1Compression[i] = Sha1compression();
sha1Compression[i].dummy <== dummy;
if (i == 0) {
for (k = 0; k < 32; k++) {
@@ -56,8 +53,6 @@ template Sha1HashChunks(BLOCK_NUM) {
}
template Sha1HashBits(LEN) {
signal input dummy;
dummy * dummy === 0;
signal input in[LEN];
signal output out[160];
@@ -79,7 +74,6 @@ template Sha1HashBits(LEN) {
for (i = 0; i < BLOCK_NUM; i++) {
sha1Compression[i] = Sha1compression();
sha1Compression[i].dummy <== dummy;
if (i == 0) {
for (k = 0; k < 32; k++) {

4
circuits/circuits/utils/circomlib/hasher/sha1/sha1compression.circom
View File

@@ -9,8 +9,6 @@ include "../../bitify/operations.circom";
template Sha1compression() {
signal input hin[160];
signal input inp[512];
signal input dummy;
dummy * dummy === 0;
signal output out[160];
signal a[81][32];
@@ -45,14 +43,12 @@ template Sha1compression() {
component tTmp[80];
for (i = 0; i <= 79; i++){
tTmp[i] = T(i);
tTmp[i].dummy <== dummy;
}
component fSum[5];
for (i = 0; i < 5; i++){
fSum[i] = BinSum(2, 32);
fSum[i].dummy <== dummy;
}
for (var t = 0; t <= 15; t++) {

3
circuits/circuits/utils/circomlib/hasher/sha1/t.circom
View File

@@ -7,8 +7,6 @@ include "./constants.circom";
include "../../int/arithmetic.circom";
template T(t) {
signal input dummy;
dummy * dummy === 0;
signal input a[32];
signal input b[32];
@@ -32,7 +30,6 @@ template T(t) {
}
component sumBinary = BinSum(5, 32);
sumBinary.dummy <== dummy;
var nout = 35;
for (k = 0; k < 32; k++) {

4
circuits/circuits/utils/circomlib/hasher/sha2/sha224/sha224HashBits.circom
View File

@@ -8,8 +8,6 @@ include "sha224InitialValue.circom";
template Sha224HashBits(LEN) {
signal input in[LEN];
signal input dummy;
dummy * dummy === 0;
signal output out[224];
component addPadding = ShaPadding(LEN, 512);
@@ -28,9 +26,7 @@ template Sha224HashBits(LEN) {
for (var m = 0; m < BLOCK_NUM; m++) {
sch[m] = Sha2_224_256Shedule();
sch[m].dummy <== dummy;
rds[m] = Sha2_224_256Rounds(64);
rds[m].dummy <== dummy;
for (var k = 0; k < 16; k++) {
for (var i = 0; i < 32; i++) {

4
circuits/circuits/utils/circomlib/hasher/sha2/sha224/sha224HashChunks.circom
View File

@@ -8,8 +8,6 @@ include "sha224InitialValue.circom";
template Sha224HashChunks(BLOCK_NUM) {
signal input in[BLOCK_NUM * 512];
signal input dummy;
dummy * dummy === 0;
signal output out[224];
signal states[BLOCK_NUM + 1][8][32];
@@ -23,9 +21,7 @@ template Sha224HashChunks(BLOCK_NUM) {
for (var m = 0; m < BLOCK_NUM; m++) {
sch[m] = Sha2_224_256Shedule();
sch[m].dummy <== dummy;
rds[m] = Sha2_224_256Rounds(64);
rds[m].dummy <== dummy;
for (var k = 0; k < 16; k++) {
for (var i = 0; i < 32; i++) {

8
circuits/circuits/utils/circomlib/hasher/sha2/sha256/sha256Compress.circom
View File

@@ -12,8 +12,6 @@ template Sha2_224_256CompressInner() {
signal input inp;
signal input key;
signal input dummy;
dummy * dummy === 0;
signal input a[32];
signal input b[32];
@@ -39,9 +37,7 @@ template Sha2_224_256CompressInner() {
outB <== a;
component dSum = GetSumOfNElements(32);
dSum.dummy <== dummy;
component hSum = GetSumOfNElements(32);
hSum.dummy <== dummy;
for (var i = 0; i < 32; i++) {
dSum.in[i] <== (1 << i) * c[i];
@@ -57,13 +53,9 @@ template Sha2_224_256CompressInner() {
component s1Xor[32];
component s0Sum = GetSumOfNElements(32);
s0Sum.dummy <== dummy;
component s1Sum = GetSumOfNElements(32);
s1Sum.dummy <== dummy;
component mjSum = GetSumOfNElements(32);
mjSum.dummy <== dummy;
component chSum = GetSumOfNElements(32);
chSum.dummy <== dummy;
for (var i = 0; i < 32; i++) {

4
circuits/circuits/utils/circomlib/hasher/sha2/sha256/sha256HashBits.circom
View File

@@ -8,8 +8,6 @@ include "sha256Rounds.circom";
template Sha256HashBits(LEN) {
signal input in[LEN];
signal input dummy;
dummy * dummy === 0;
signal output out[256];
@@ -29,9 +27,7 @@ template Sha256HashBits(LEN) {
for (var m = 0; m < BLOCK_NUM; m++) {
sch[m] = Sha2_224_256Shedule();
sch[m].dummy <== dummy;
rds[m] = Sha2_224_256Rounds(64);
rds[m].dummy <== dummy;
for (var k = 0; k < 16; k++) {
for (var i = 0; i < 32; i++) {

5
circuits/circuits/utils/circomlib/hasher/sha2/sha256/sha256HashChunks.circom
View File

@@ -8,12 +8,9 @@ include "sha256Rounds.circom";
template Sha256HashChunks(BLOCK_NUM) {
signal input in[BLOCK_NUM * 512];
signal input dummy;
dummy * dummy === 0;
signal output out[256];
dummy * dummy === 0;
signal states[BLOCK_NUM + 1][8][32];
@@ -26,9 +23,7 @@ template Sha256HashChunks(BLOCK_NUM) {
for (var m = 0; m < BLOCK_NUM; m++) {
sch[m] = Sha2_224_256Shedule();
sch[m].dummy <== dummy;
rds[m] = Sha2_224_256Rounds(64);
rds[m].dummy <== dummy;
for (var k = 0; k < 16; k++) {
for (var i = 0; i < 32; i++) {

28
circuits/circuits/utils/circomlib/hasher/sha2/sha256/sha256Rounds.circom
View File

@@ -18,8 +18,6 @@ template Sha2_224_256Rounds(n) {
signal input inpHash[8][32];
signal output outHash[8][32];
signal input dummy;
dummy * dummy === 0;
signal a [n + 1][32];
signal b [n + 1][32];
@@ -43,9 +41,7 @@ template Sha2_224_256Rounds(n) {
g[0] <== inpHash[6];
component sumDd = GetSumOfNElements(32);
sumDd.dummy <== dummy;
component sumHh = GetSumOfNElements(32);
sumHh.dummy <== dummy;
for (var i = 0; i < 32; i++) {
sumDd.in[i] <== inpHash[3][i] * (1 << i);
sumHh.in[i] <== inpHash[7][i] * (1 << i);
@@ -57,7 +53,6 @@ template Sha2_224_256Rounds(n) {
component sum[8];
for (var j = 0; j < 8; j++) {
sum[j] = GetSumOfNElements(32);
sum[j].dummy <== dummy;
for (var i = 0; i < 32; i++) {
sum[j].in[i] <== (1 << i) * inpHash[j][i];
}
@@ -72,7 +67,6 @@ template Sha2_224_256Rounds(n) {
compress[k].inp <== words[k];
compress[k].key <== ROUND_KEYS[k];
compress[k].dummy <== dummy;
compress[k].a <== a [k];
compress[k].b <== b [k];
@@ -98,17 +92,11 @@ template Sha2_224_256Rounds(n) {
modulo[j] = GetLastNBits(32);
}
component sumA = GetSumOfNElements(32);
sumA.dummy <== dummy;
component sumB = GetSumOfNElements(32);
sumB.dummy <== dummy;
component sumC = GetSumOfNElements(32);
sumC.dummy <== dummy;
component sumE = GetSumOfNElements(32);
sumE.dummy <== dummy;
component sumF = GetSumOfNElements(32);
sumF.dummy <== dummy;
component sumG = GetSumOfNElements(32);
sumG.dummy <== dummy;
for (var i = 0; i < 32; i++) {
sumA.in[i] <== (1 << i) * a[n][i];
@@ -119,14 +107,14 @@ template Sha2_224_256Rounds(n) {
sumG.in[i] <== (1 << i) * g[n][i];
}
modulo[0].in <== hashWords[0] + sumA.out + dummy * dummy;
modulo[1].in <== hashWords[1] + sumB.out + dummy * dummy;
modulo[2].in <== hashWords[2] + sumC.out + dummy * dummy;
modulo[3].in <== hashWords[3] + dd[n] + dummy * dummy;
modulo[4].in <== hashWords[4] + sumE.out + dummy * dummy;
modulo[5].in <== hashWords[5] + sumF.out + dummy * dummy;
modulo[6].in <== hashWords[6] + sumG.out + dummy * dummy;
modulo[7].in <== hashWords[7] + hh[n] + dummy * dummy;
modulo[0].in <== hashWords[0] + sumA.out;
modulo[1].in <== hashWords[1] + sumB.out;
modulo[2].in <== hashWords[2] + sumC.out;
modulo[3].in <== hashWords[3] + dd[n];
modulo[4].in <== hashWords[4] + sumE.out;
modulo[5].in <== hashWords[5] + sumF.out;
modulo[6].in <== hashWords[6] + sumG.out;
modulo[7].in <== hashWords[7] + hh[n];
for (var j = 0; j < 8; j++) {
modulo[j].out ==> outHash[j];

7
circuits/circuits/utils/circomlib/hasher/sha2/sha256/sha256Schedule.circom
View File

@@ -13,15 +13,12 @@ template Sha2_224_256Shedule() {
signal input chunkBits[16][32];
signal output outWords [64];
signal input dummy;
dummy * dummy === 0;
signal outBits[64][32];
component sumN[16];
for (var k = 0; k < 16; k++) {
sumN[k] = GetSumOfNElements(32);
sumN[k].dummy <== dummy;
for (var i = 0; i < 32; i++) {
sumN[k].in[i] <== (1 << i) * chunkBits[k][i];
}
@@ -43,9 +40,7 @@ template Sha2_224_256Shedule() {
var l = m - 2;
s0Sum[m - 16] = GetSumOfNElements(32);
s0Sum[m - 16].dummy <== dummy;
s1Sum[m - 16] = GetSumOfNElements(32);
s1Sum[m - 16].dummy <== dummy;
for (var i = 0; i < 32; i++) {
@@ -68,7 +63,7 @@ template Sha2_224_256Shedule() {
modulo[r] = GetLastNBits(32);
modulo[r].in <== s1Sum[m - 16].out + outWords[m - 7] + s0Sum[m - 16].out + outWords[m - 16] + dummy * dummy;
modulo[r].in <== s1Sum[m - 16].out + outWords[m - 7] + s0Sum[m - 16].out + outWords[m - 16];
modulo[r].out ==> outBits[m];
bits2Num[r] = Bits2Num(32);
bits2Num[r].in <== outBits[m];

4
circuits/circuits/utils/circomlib/hasher/sha2/sha384/sha384HashBits.circom
View File

@@ -8,8 +8,6 @@ include "sha384InitialValue.circom";
template Sha384HashBits(LEN) {
signal input in[LEN];
signal input dummy;
dummy * dummy === 0;
signal output out[384];
component addPadding = ShaPadding(LEN, 1024);
@@ -28,9 +26,7 @@ template Sha384HashBits(LEN) {
for (var m = 0; m < BLOCK_NUM; m++) {
sch[m] = Sha2_384_512Schedule();
sch[m].dummy <== dummy;
rds[m] = Sha2_384_512Rounds(80);
rds[m].dummy <== dummy;
for (var k = 0; k < 16; k++) {
for (var i = 0; i < 64; i++) {

4
circuits/circuits/utils/circomlib/hasher/sha2/sha384/sha384HashChunks.circom
View File

@@ -8,8 +8,6 @@ include "sha384InitialValue.circom";
template Sha384HashChunks(BLOCK_NUM) {
signal input in[BLOCK_NUM * 1024];
signal input dummy;
dummy * dummy === 0;
signal output out[384];
@@ -25,9 +23,7 @@ template Sha384HashChunks(BLOCK_NUM) {
for (var m = 0; m < BLOCK_NUM; m++) {
sch[m] = Sha2_384_512Schedule();
sch[m].dummy <== dummy;
rds[m] = Sha2_384_512Rounds(80);
rds[m].dummy <== dummy;
for (var k = 0; k < 16; k++) {
for (var i = 0; i < 64; i++) {

8
circuits/circuits/utils/circomlib/hasher/sha2/sha512/sha512Compress.circom
View File

@@ -12,8 +12,6 @@ template Sha2_384_512CompressInner() {
signal input inp;
signal input key;
signal input dummy;
dummy * dummy === 0;
signal input a[64];
signal input b[64];
@@ -34,9 +32,7 @@ template Sha2_384_512CompressInner() {
signal output outHH;
component dSum = GetSumOfNElements(64);
dSum.dummy <== dummy;
component hSum = GetSumOfNElements(64);
hSum.dummy <== dummy;
for (var i = 0; i < 64; i++) {
outG[i] <== f[i];
outF[i] <== e[i];
@@ -55,13 +51,9 @@ template Sha2_384_512CompressInner() {
component s1Xor[64];
component s0Sum = GetSumOfNElements(64);
s0Sum.dummy <== dummy;
component s1Sum = GetSumOfNElements(64);
s1Sum.dummy <== dummy;
component mjSum = GetSumOfNElements(64);
mjSum.dummy <== dummy;
component chSum = GetSumOfNElements(64);
chSum.dummy <== dummy;
for (var i = 0; i < 64; i++) {

4
circuits/circuits/utils/circomlib/hasher/sha2/sha512/sha512HashBits.circom
View File

@@ -8,8 +8,6 @@ include "sha512Rounds.circom";
template Sha512HashBits(LEN) {
signal input in[LEN];
signal input dummy;
dummy * dummy === 0;
signal output out[512];
@@ -29,9 +27,7 @@ template Sha512HashBits(LEN) {
for (var m = 0; m < BLOCK_NUM; m++) {
sch[m] = Sha2_384_512Schedule();
sch[m].dummy <== dummy;
rds[m] = Sha2_384_512Rounds(80);
rds[m].dummy <== dummy;
for (var k = 0; k < 16; k++) {
for (var i = 0; i < 64; i++) {

4
circuits/circuits/utils/circomlib/hasher/sha2/sha512/sha512HashChunks.circom
View File

@@ -8,8 +8,6 @@ include "sha512Rounds.circom";
template Sha512HashChunks(BLOCK_NUM) {
signal input in[BLOCK_NUM * 1024];
signal input dummy;
dummy * dummy === 0;
signal output out[512];
@@ -24,9 +22,7 @@ template Sha512HashChunks(BLOCK_NUM) {
for (var m = 0; m < BLOCK_NUM; m++) {
sch[m] = Sha2_384_512Schedule();
sch[m].dummy <== dummy;
rds[m] = Sha2_384_512Rounds(80);
rds[m].dummy <== dummy;
for (var k = 0; k < 16; k++) {
for (var i = 0; i < 64; i++) {

28
circuits/circuits/utils/circomlib/hasher/sha2/sha512/sha512Rounds.circom
View File

@@ -17,8 +17,6 @@ template Sha2_384_512Rounds(n) {
signal input inpHash[8][64];
signal output outHash[8][64];
signal input dummy;
dummy * dummy === 0;
signal a [n + 1][64];
signal b [n + 1][64];
@@ -42,9 +40,7 @@ template Sha2_384_512Rounds(n) {
g[0] <== inpHash[6];
component sumDd = GetSumOfNElements(64);
sumDd.dummy <== dummy;
component sumHh = GetSumOfNElements(64);
sumHh.dummy <== dummy;
for (var i = 0; i < 64; i++) {
sumDd.in[i] <== inpHash[3][i] * (1 << i);
sumHh.in[i] <== inpHash[7][i] * (1 << i);
@@ -56,7 +52,6 @@ template Sha2_384_512Rounds(n) {
component sum[8];
for (var j = 0; j < 8; j++) {
sum[j] = GetSumOfNElements(64);
sum[j].dummy <== dummy;
for (var i = 0; i < 64; i++) {
sum[j].in[i] <== (1 << i) * inpHash[j][i];
}
@@ -71,7 +66,6 @@ template Sha2_384_512Rounds(n) {
compress[k].inp <== words[k];
compress[k].key <== ROUND_KEYS[k];
compress[k].dummy <== dummy;
compress[k].a <== a [k];
@@ -99,17 +93,11 @@ template Sha2_384_512Rounds(n) {
}
component sumA = GetSumOfNElements(64);
sumA.dummy <== dummy;
component sumB = GetSumOfNElements(64);
sumB.dummy <== dummy;
component sumC = GetSumOfNElements(64);
sumC.dummy <== dummy;
component sumE = GetSumOfNElements(64);
sumE.dummy <== dummy;
component sumF = GetSumOfNElements(64);
sumF.dummy <== dummy;
component sumG = GetSumOfNElements(64);
sumG.dummy <== dummy;
for (var i = 0; i < 64; i++) {
sumA.in[i] <== (1 << i) * a[n][i];
@@ -120,14 +108,14 @@ template Sha2_384_512Rounds(n) {
sumG.in[i] <== (1 << i) * g[n][i];
}
modulo[0].in <== hashWords[0] + sumA.out + dummy * dummy;
modulo[1].in <== hashWords[1] + sumB.out + dummy * dummy;
modulo[2].in <== hashWords[2] + sumC.out + dummy * dummy;
modulo[3].in <== hashWords[3] + dd[n] + dummy * dummy;
modulo[4].in <== hashWords[4] + sumE.out + dummy * dummy;
modulo[5].in <== hashWords[5] + sumF.out + dummy * dummy;
modulo[6].in <== hashWords[6] + sumG.out + dummy * dummy;
modulo[7].in <== hashWords[7] + hh[n] + dummy * dummy;
modulo[0].in <== hashWords[0] + sumA.out;
modulo[1].in <== hashWords[1] + sumB.out;
modulo[2].in <== hashWords[2] + sumC.out;
modulo[3].in <== hashWords[3] + dd[n];
modulo[4].in <== hashWords[4] + sumE.out;
modulo[5].in <== hashWords[5] + sumF.out;
modulo[6].in <== hashWords[6] + sumG.out;
modulo[7].in <== hashWords[7] + hh[n];
for (var j = 0; j < 8; j++) {
modulo[j].out ==> outHash[j];

5
circuits/circuits/utils/circomlib/hasher/sha2/sha512/sha512Schedule.circom
View File

@@ -12,8 +12,6 @@ template Sha2_384_512Schedule() {
signal input chunkBits[16][64];
signal output outWords [80];
signal input dummy;
dummy * dummy === 0;
signal outBits[80][64];
@@ -21,7 +19,6 @@ template Sha2_384_512Schedule() {
component sumN[16];
for (var k = 0; k < 16; k++) {
sumN[k] = GetSumOfNElements(64);
sumN[k].dummy <== dummy;
for (var i = 0; i < 64; i++) {
sumN[k].in[i] <== (1 << i) * chunkBits[k][i];
}
@@ -44,9 +41,7 @@ template Sha2_384_512Schedule() {
var l = m - 2;
s0Sum[m - 16] = GetSumOfNElements(64);
s0Sum[m - 16].dummy <== dummy;
s1Sum[m - 16] = GetSumOfNElements(64);
s1Sum[m - 16].dummy <== dummy;
for (var i = 0; i < 64; i++) {

1
circuits/circuits/utils/circomlib/hasher/shaBytes/dynamic/sha1Bytes.circom
View File

@@ -70,7 +70,6 @@ template Sha1General(maxBitsPadded) {
for (i=0; i<maxBlocks; i++) {
sha1compression[i] = Sha1compression();
sha1compression[i].dummy <== 0;
if (i==0) {
for (k=0; k<32; k++) {

6
circuits/circuits/utils/circomlib/int/arithmetic.circom
View File

@@ -161,14 +161,10 @@ template GetLastNBits(N){
// Get sum of N elements with 1 constraint.
// Use this instead of a + b + ... + c;
// Circom will drop linear constaraint because of optimisation
// This one adds dummy * dummy (0) to make it quadratic
template GetSumOfNElements(N){
assert (N >= 2);
signal input in[N];
signal input dummy;
dummy * dummy === 0;
signal output out;
signal sum[N - 1];
@@ -180,5 +176,5 @@ template GetSumOfNElements(N){
sum[i] <== sum[i - 1] + in[i + 1];
}
}
out <== sum[N - 2] + dummy * dummy;
out <== sum[N - 2];
}

2
circuits/circuits/utils/circomlib/merkle-trees/binary-merkle-root.circom
View File

@@ -36,7 +36,7 @@ template BinaryMerkleRoot(MAX_DEPTH) {
var c[2][2] = [ [nodes[i], siblings[i]], [siblings[i], nodes[i]] ];
var childNodes[2] = MultiMux1(2)(c, indices[i]);
nodes[i + 1] <== PoseidonHash(2)(childNodes, 0);
nodes[i + 1] <== PoseidonHash(2)(childNodes);
}
var isDepth = IsEqual()([depth, MAX_DEPTH]);

4
circuits/circuits/utils/circomlib/merkle-trees/smt.circom
View File

@@ -31,7 +31,7 @@ template SMTVerify(nLength) {
path <== ct1.out;
// Closest_key to leaf
signal leaf <== PoseidonHash(3)([value, 1, 1], 0); // compute the leaf from the value
signal leaf <== PoseidonHash(3)([value, 1, 1]); // compute the leaf from the value
signal isClosestZero <== IsEqual()([value,0]); // check if the inital value is 0, in that case the leaf will be 0 too, not Hash(0,1,1);
signal leafOrZero <== leaf * (1 - isClosestZero);
@@ -40,7 +40,7 @@ template SMTVerify(nLength) {
signal computedRootIsValid <== IsEqual()([computedRoot,root]);
// check is leaf equals virtual leaf
signal virtualLeaf <== PoseidonHash(3)([virtualValue, 1,1], 0);
signal virtualLeaf <== PoseidonHash(3)([virtualValue, 1,1]);
signal areLeafAndVirtualLeafEquals <== IsEqual()([virtualLeaf, leaf]);
signal isInclusionOrNonInclusionValid <== IsEqual()([mode,areLeafAndVirtualLeafEquals]);

14
circuits/circuits/utils/circomlib/signature/ecdsa.circom
View File

@@ -21,7 +21,6 @@ template verifyECDSABits(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, ALGO){
signal input pubkey[2][CHUNK_NUMBER];
signal input signature[2][CHUNK_NUMBER];
signal input hashed[ALGO];
signal input dummy;
signal hashedChunked[CHUNK_NUMBER];
@@ -45,7 +44,6 @@ template verifyECDSABits(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, ALGO){
modInv.in <== signature[1];
modInv.modulus <== order;
modInv.dummy <== dummy;
modInv.out ==> sinv;
// (s ^ -1 mod n) * h mod n
@@ -53,31 +51,26 @@ template verifyECDSABits(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, ALGO){
mult.in[0] <== sinv;
mult.in[1] <== hashedChunked;
mult.in[2] <== order;
mult.dummy <== dummy;
// (s ^ -1 mod n) * r mod n
component mult2 = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);
mult2.in[0] <== sinv;
mult2.in[1] <== signature[0];
mult2.in[2] <== order;
mult2.dummy <== dummy;
// h * s_inv * G
component scalarMult1 = EllipicCurveScalarGeneratorMultiplication(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
scalarMult1.scalar <== mult.out;
scalarMult1.dummy <== dummy;
// r * s_inv * (x, y)
component scalarMult2 = EllipticCurvePipingerMult(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, 4);
scalarMult2.scalar <== mult2.out;
scalarMult2.in <== pubkey;
scalarMult2.dummy <== dummy;
// (x1, y1) = h * s_inv * G + r * s_inv * (x, y)
component add = EllipticCurveAdd(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
add.in1 <== scalarMult1.out;
add.in2 <== scalarMult2.out;
add.dummy <== dummy;
// x1 === r
for (var i = 0; i < CHUNK_NUMBER; i++){
@@ -100,7 +93,6 @@ template verifyECDSABigInt(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
signal input pubkey[2][CHUNK_NUMBER];
signal input signature[2][CHUNK_NUMBER];
signal input hashed[CHUNK_NUMBER];
signal input dummy;
component getOrder = EllipicCurveGetOrder(CHUNK_SIZE,CHUNK_NUMBER, A, B, P);
signal order[CHUNK_NUMBER];
@@ -113,7 +105,6 @@ template verifyECDSABigInt(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
modInv.in <== signature[1];
modInv.modulus <== order;
modInv.dummy <== dummy;
modInv.out ==> sinv;
// (s ^ -1 mod n) * h mod n
@@ -121,31 +112,26 @@ template verifyECDSABigInt(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
mult.in[0] <== sinv;
mult.in[1] <== hashed;
mult.in[2] <== order;
mult.dummy <== dummy;
// (s ^ -1 mod n) * r mod n
component mult2 = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);
mult2.in[0] <== sinv;
mult2.in[1] <== signature[0];
mult2.in[2] <== order;
mult2.dummy <== dummy;
// h * s_inv * G
component scalarMult1 = EllipicCurveScalarGeneratorMultiplication(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
scalarMult1.scalar <== mult.out;
scalarMult1.dummy <== dummy;
// r * s_inv * (x, y)
component scalarMult2 = EllipticCurvePipingerMult(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, 4);
scalarMult2.scalar <== mult2.out;
scalarMult2.in <== pubkey;
scalarMult2.dummy <== dummy;
// (x1, y1) = h * s_inv * G + r * s_inv * (x, y)
component add = EllipticCurveAdd(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
add.in1 <== scalarMult1.out;
add.in2 <== scalarMult2.out;
add.dummy <== dummy;
// x1 === r
for (var i = 0; i < CHUNK_NUMBER; i++){

2
circuits/circuits/utils/circomlib/signature/rsa/verifyRsaPkcs1v1_5.circom
View File

@@ -20,7 +20,6 @@ template VerifyRsaPkcs1v1_5(signatureAlgorithm, CHUNK_SIZE, CHUNK_NUMBER, E_BITS
signal input message[CHUNK_NUMBER];
signal input dummy;
// Range check which is came from old openpassport impl
component signatureRangeCheck[CHUNK_NUMBER];
@@ -39,7 +38,6 @@ template VerifyRsaPkcs1v1_5(signatureAlgorithm, CHUNK_SIZE, CHUNK_NUMBER, E_BITS
bigPow.base[i] <== signature[i];
bigPow.modulus[i] <== modulus[i];
}
bigPow.dummy <== dummy;
var padding[5] = getPadding(signatureAlgorithm);

6
circuits/circuits/utils/circomlib/signature/rsapss/mgf1.circom
View File

@@ -9,11 +9,9 @@ template Mgf1Sha384(SEED_LEN, MASK_LEN) { //in bytes
var HASH_LEN_BITS = HASH_LEN * 8;//output len of sha function in bits
signal input seed[SEED_LEN_BITS]; //each represents a bit
signal input dummy;
signal output out[MASK_LEN_BITS];
dummy * dummy === 0;
assert(MASK_LEN <= 0xffffffff * HASH_LEN );
@@ -24,7 +22,6 @@ template Mgf1Sha384(SEED_LEN, MASK_LEN) { //in bytes
for (var i = 0; i < ITERATIONS; i++) {
sha384[i] = ShaHashChunks(1 , 384); //32 bits for counter
sha384[i].dummy <== dummy;
num2Bits[i] = Num2Bits(32);
}
@@ -80,10 +77,8 @@ template Mgf1Sha256(SEED_LEN, MASK_LEN) { //in bytes
var HASH_LEN_BITS = HASH_LEN * 8;//output len of sha function in bits
signal input seed[SEED_LEN_BITS]; //each represents a bit
signal input dummy;
signal output out[MASK_LEN_BITS];
dummy * dummy === 0;
assert(MASK_LEN <= 0xffffffff * HASH_LEN );
var ITERATIONS = (MASK_LEN \ HASH_LEN) + 1; //adding 1, in-case MASK_LEN \ HASH_LEN is 0
@@ -93,7 +88,6 @@ template Mgf1Sha256(SEED_LEN, MASK_LEN) { //in bytes
for (var i = 0; i < ITERATIONS; i++) {
sha256[i] = ShaHashChunks(1, 256); //32 bits for counter
sha256[i].dummy <== dummy;
num2Bits[i] = Num2Bits(32);
}

16
circuits/circuits/utils/circomlib/signature/rsapss/rsapss.circom
View File

@@ -23,8 +23,6 @@ template VerifyRsaPssSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HASH_TYPE) {
signal input signature[CHUNK_NUMBER];
signal input hashed[HASH_TYPE];
signal input dummy;
dummy * dummy === 0;
var EM_LEN = (CHUNK_SIZE * CHUNK_NUMBER) \ 8;
var HASH_LEN = HASH_TYPE \ 8;
@@ -39,7 +37,6 @@ template VerifyRsaPssSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HASH_TYPE) {
powerMod = PowerMod(CHUNK_SIZE, CHUNK_NUMBER, EXP);
powerMod.base <== signature;
powerMod.modulus <== pubkey;
powerMod.dummy <== dummy;
signal encoded[CHUNK_NUMBER];
encoded <== powerMod.out;
@@ -94,7 +91,6 @@ template VerifyRsaPssSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HASH_TYPE) {
//getting mask
if (HASH_TYPE == 256) {
component MGF1_256 = Mgf1Sha256(HASH_LEN, DB_MASK_LEN);
MGF1_256.dummy <== dummy;
for (var i = 0; i < (HASH_TYPE); i++) {
MGF1_256.seed[i] <== hash[i];
@@ -106,7 +102,6 @@ template VerifyRsaPssSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HASH_TYPE) {
}
if (HASH_TYPE == 384) {
component MGF1_384 = Mgf1Sha384(HASH_LEN, DB_MASK_LEN);
MGF1_384.dummy <== dummy;
for (var i = 0; i < (HASH_TYPE); i++) {
MGF1_384.seed[i] <== hash[i];
@@ -175,7 +170,6 @@ template VerifyRsaPssSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HASH_TYPE) {
//hashing
component hDash256 = ShaHashChunks(2, HASH_TYPE);
hDash256.dummy <== dummy;
hDash256.in <== mDash;
hDash256.out === hash;
@@ -199,7 +193,6 @@ template VerifyRsaPssSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HASH_TYPE) {
mDash[1014] <== 1;
component hDash256 = ShaHashChunks(2, HASH_TYPE);
hDash256.dummy <== dummy;
hDash256.in <== mDash;
hDash256.out === hash;
@@ -226,7 +219,6 @@ template VerifyRsaPssSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HASH_TYPE) {
//hashing mDash
component hDash384 = ShaHashChunks(1, HASH_TYPE);
hDash384.dummy <== dummy;
hDash384.in <== mDash;
hDash384.out === hash;
@@ -251,9 +243,7 @@ template VerifyRsaPssSigNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HA
signal input pubkey[CHUNK_NUMBER];
signal input signature[CHUNK_NUMBER];
signal input hashed[HASH_TYPE];
signal input dummy;
dummy * dummy === 0;
var EM_LEN = (CHUNK_SIZE * CHUNK_NUMBER) \ 8;
var HASH_LEN = HASH_TYPE \ 8;
@@ -268,7 +258,6 @@ template VerifyRsaPssSigNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HA
powerMod = PowerModNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, EXP);
powerMod.base <== signature;
powerMod.modulus <== pubkey;
powerMod.dummy <== dummy;
signal encoded[CHUNK_NUMBER];
encoded <== powerMod.out;
@@ -322,7 +311,6 @@ template VerifyRsaPssSigNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HA
//getting mask
if (HASH_TYPE == 256) {
component MGF1_256 = Mgf1Sha256(HASH_LEN, DB_MASK_LEN);
MGF1_256.dummy <== dummy;
for (var i = 0; i < (HASH_TYPE); i++) {
MGF1_256.seed[i] <== hash[i];
@@ -334,7 +322,6 @@ template VerifyRsaPssSigNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HA
}
if (HASH_TYPE == 384) {
component MGF1_384 = Mgf1Sha384(HASH_LEN, DB_MASK_LEN);
MGF1_384.dummy <== dummy;
for (var i = 0; i < (HASH_TYPE); i++) {
MGF1_384.seed[i] <== hash[i];
@@ -404,7 +391,6 @@ template VerifyRsaPssSigNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HA
//hashing
component hDash256 = ShaHashChunks(2, HASH_TYPE);
hDash256.dummy <== dummy;
hDash256.in <== mDash;
hDash256.out === hash;
@@ -427,7 +413,6 @@ template VerifyRsaPssSigNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HA
mDash[1014] <== 1;
component hDash256 = ShaHashChunks(2, HASH_TYPE);
hDash256.dummy <== dummy;
hDash256.in <== mDash;
hDash256.out === hash;
@@ -454,7 +439,6 @@ template VerifyRsaPssSigNonOptimised(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HA
//hashing mDash
component hDash384 = ShaHashChunks(1, HASH_TYPE);
hDash384.dummy <== dummy;
hDash384.in <== mDash;
hDash384.out === hash;

14
circuits/circuits/utils/circomlib/signatures/ecdsa.circom
View File

@@ -21,7 +21,6 @@ template verifyECDSABits(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, ALGO){
signal input pubkey[2][CHUNK_NUMBER];
signal input signature[2][CHUNK_NUMBER];
signal input hashed[ALGO];
signal input dummy;
signal hashedChunked[CHUNK_NUMBER];
@@ -45,7 +44,6 @@ template verifyECDSABits(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, ALGO){
modInv.in <== signature[1];
modInv.modulus <== order;
modInv.dummy <== dummy;
modInv.out ==> sinv;
// (s ^ -1 mod n) * h mod n
@@ -53,31 +51,26 @@ template verifyECDSABits(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, ALGO){
mult.in[0] <== sinv;
mult.in[1] <== hashedChunked;
mult.in[2] <== order;
mult.dummy <== dummy;
// (s ^ -1 mod n) * r mod n
component mult2 = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);
mult2.in[0] <== sinv;
mult2.in[1] <== signature[0];
mult2.in[2] <== order;
mult2.dummy <== dummy;
// h * s_inv * G
component scalarMult1 = EllipicCurveScalarGeneratorMultiplication(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
scalarMult1.scalar <== mult.out;
scalarMult1.dummy <== dummy;
// r * s_inv * (x, y)
component scalarMult2 = EllipticCurvePipingerMult(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, 4);
scalarMult2.scalar <== mult2.out;
scalarMult2.in <== pubkey;
scalarMult2.dummy <== dummy;
// (x1, y1) = h * s_inv * G + r * s_inv * (x, y)
component add = EllipticCurveAdd(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
add.in1 <== scalarMult1.out;
add.in2 <== scalarMult2.out;
add.dummy <== dummy;
// x1 === r
for (var i = 0; i < CHUNK_NUMBER; i++){
@@ -100,7 +93,6 @@ template verifyECDSABigInt(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
signal input pubkey[2][CHUNK_NUMBER];
signal input signature[2][CHUNK_NUMBER];
signal input hashed[CHUNK_NUMBER];
signal input dummy;
component getOrder = EllipicCurveGetOrder(CHUNK_SIZE,CHUNK_NUMBER, A, B, P);
signal order[CHUNK_NUMBER];
@@ -113,7 +105,6 @@ template verifyECDSABigInt(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
modInv.in <== signature[1];
modInv.modulus <== order;
modInv.dummy <== dummy;
modInv.out ==> sinv;
// (s ^ -1 mod n) * h mod n
@@ -121,31 +112,26 @@ template verifyECDSABigInt(CHUNK_SIZE, CHUNK_NUMBER, A, B, P){
mult.in[0] <== sinv;
mult.in[1] <== hashed;
mult.in[2] <== order;
mult.dummy <== dummy;
// (s ^ -1 mod n) * r mod n
component mult2 = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);
mult2.in[0] <== sinv;
mult2.in[1] <== signature[0];
mult2.in[2] <== order;
mult2.dummy <== dummy;
// h * s_inv * G
component scalarMult1 = EllipicCurveScalarGeneratorMultiplication(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
scalarMult1.scalar <== mult.out;
scalarMult1.dummy <== dummy;
// r * s_inv * (x, y)
component scalarMult2 = EllipticCurvePipingerMult(CHUNK_SIZE, CHUNK_NUMBER, A, B, P, 4);
scalarMult2.scalar <== mult2.out;
scalarMult2.in <== pubkey;
scalarMult2.dummy <== dummy;
// (x1, y1) = h * s_inv * G + r * s_inv * (x, y)
component add = EllipticCurveAdd(CHUNK_SIZE, CHUNK_NUMBER, A, B, P);
add.in1 <== scalarMult1.out;
add.in2 <== scalarMult2.out;
add.dummy <== dummy;
// x1 === r
for (var i = 0; i < CHUNK_NUMBER; i++){

1
circuits/circuits/utils/passport/computeCommitment.circom
View File

@@ -17,7 +17,6 @@ template ComputeCommitment() {
poseidon_hasher.in[0] <== secret;
poseidon_hasher.in[1] <== attestation_id;
poseidon_hasher.in[2] <== leaf;
poseidon_hasher.dummy <== 0;
signal dg1_packed[3] <== PackBytes(93)(dg1);
for (var i = 0; i < 3; i++) {

2
circuits/circuits/utils/passport/customHashers.circom
View File

@@ -10,7 +10,6 @@ template CustomHasher(k) {
component hash[rounds];
for (var i = 0; i < rounds ; i ++){
hash[i] = PoseidonHash(16);
hash[i].dummy <== 0;
}
for (var i = 0; i < rounds ; i ++){
@@ -27,7 +26,6 @@ template CustomHasher(k) {
for (var i = 0 ; i < rounds ; i++) {
finalHash.in[i] <== hash[i].out;
}
finalHash.dummy <== 0;
signal output out <== finalHash.out;
}

3
circuits/circuits/utils/passport/ofac/ofac_name.circom
View File

@@ -18,10 +18,9 @@ template OFAC_NAME() {
for (var i = 0; i < 13; i++) {
poseidon_hasher[j].in[i] <== dg1[10 + 13 * j + i];
}
poseidon_hasher[j].dummy <== 0;
}
signal name_hash <== PoseidonHash(3)([poseidon_hasher[0].out, poseidon_hasher[1].out, poseidon_hasher[2].out], 0);
signal name_hash <== PoseidonHash(3)([poseidon_hasher[0].out, poseidon_hasher[1].out, poseidon_hasher[2].out]);
signal output ofacCheckResult <== SMTVerify(256)(name_hash, smt_leaf_value, smt_root, smt_siblings, 0);
}

6
circuits/circuits/utils/passport/ofac/ofac_name_dob.circom
View File

@@ -17,9 +17,8 @@ template OFAC_NAME_DOB() {
for (var i = 0; i < 13; i++) {
poseidon_hasher[j].in[i] <== dg1[10 + 13 * j + i];
}
poseidon_hasher[j].dummy <== 0;
}
signal name_hash <== PoseidonHash(3)([poseidon_hasher[0].out, poseidon_hasher[1].out, poseidon_hasher[2].out], 0);
signal name_hash <== PoseidonHash(3)([poseidon_hasher[0].out, poseidon_hasher[1].out, poseidon_hasher[2].out]);
// Dob hash
component pos_dob = PoseidonHash(6);
@@ -27,10 +26,9 @@ template OFAC_NAME_DOB() {
pos_dob.in[i] <== dg1[62 + i];
}
pos_dob.dummy <== 0;
// NameDob hash
signal name_dob_hash <== PoseidonHash(2)([pos_dob.out, name_hash], 0);
signal name_dob_hash <== PoseidonHash(2)([pos_dob.out, name_hash]);
signal output ofacCheckResult <== SMTVerify(256)(name_dob_hash, smt_leaf_value, smt_root, smt_siblings, 0);
}

1
circuits/circuits/utils/passport/ofac/ofac_passport_number.circom
View File

@@ -16,6 +16,5 @@ template OFAC_PASSPORT_NUMBER() {
for (var i = 0; i < 9; i++) {
poseidon_hasher.in[i] <== dg1[49 + i];
}
poseidon_hasher.dummy <== 0;
signal output ofacCheckResult <== SMTVerify(256)(poseidon_hasher.out, smt_leaf_value, smt_root, smt_siblings, 0);
}

1
circuits/circuits/utils/passport/ofac/validateCountry.circom
View File

@@ -15,7 +15,6 @@ template ValidateCountry(nLevels) {
for (var i = 0; i < 6; i++) {
poseidon_hasher.inputs[i] <== host_user[i];
}
poseidon_hasher.dummy <== 0;
SMTVerify(nLevels)(poseidon_hasher.out, smt_leaf_value, smt_root, smt_siblings, 0);
}

5
circuits/circuits/utils/passport/passportVerifier.circom
View File

@@ -28,7 +28,6 @@ template PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_LEN, MAX_SIGNED
signal input pubKey[kScaled];
signal input signature[kScaled];
signal input dummy;
// compute hash of DG1
signal dg1Bits[93 * 8];
@@ -41,7 +40,7 @@ template PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_LEN, MAX_SIGNED
}
}
signal dg1Sha[HASH_LEN_BITS] <== ShaHashBits(93 * 8, HASH_LEN_BITS)(dg1Bits, 0);
signal dg1Sha[HASH_LEN_BITS] <== ShaHashBits(93 * 8, HASH_LEN_BITS)(dg1Bits);
component dg1ShaBytes[HASH_LEN_BYTES];
@@ -78,6 +77,6 @@ template PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_LEN, MAX_SIGNED
signal signedAttrSha[HASH_LEN_BITS] <== ShaBytesDynamic(HASH_LEN_BITS, MAX_SIGNED_ATTR_LEN)(signed_attr, signed_attr_padded_length);
SignatureVerifier(signatureAlgorithm, n, k)(signedAttrSha, pubKey, signature, dummy);
SignatureVerifier(signatureAlgorithm, n, k)(signedAttrSha, pubKey, signature);
}

1
circuits/circuits/utils/passport/secp256r1Verifier.circom
View File

@@ -59,5 +59,4 @@ template Secp256r1Verifier(signatureAlgorithm, n, k) {
ecdsa_verify.pubkey <== pubkey_xy;
ecdsa_verify.signature <== [signature_r, signature_s];
ecdsa_verify.hashed <== hash;
ecdsa_verify.dummy <== 0;
}

8
circuits/circuits/utils/passport/signatureVerifier.circom
View File

@@ -19,7 +19,6 @@ template SignatureVerifier(signatureAlgorithm, n, k) {
signal input pubKey[kScaled];
signal input signature[kScaled];
signal input dummy;
var msg_len = (HASH_LEN_BITS + n) \ n;
@@ -35,7 +34,6 @@ template SignatureVerifier(signatureAlgorithm, n, k) {
}
rsa.modulus <== pubKey;
rsa.signature <== signature;
rsa.dummy <== dummy;
}
if (signatureAlgorithm == 3) {
@@ -48,7 +46,6 @@ template SignatureVerifier(signatureAlgorithm, n, k) {
}
rsa.modulus <== pubKey;
rsa.signature <== signature;
rsa.dummy <== dummy;
}
if (
@@ -73,7 +70,6 @@ template SignatureVerifier(signatureAlgorithm, n, k) {
rsaPssShaVerification.pubkey <== pubKey;
rsaPssShaVerification.signature <== signature;
rsaPssShaVerification.hashed <== hash; // send the raw hash
rsaPssShaVerification.dummy <== 0;
}
if (signatureAlgorithm == 7) {
@@ -94,7 +90,6 @@ template SignatureVerifier(signatureAlgorithm, n, k) {
}
rsa.modulus <== pubKey;
rsa.signature <== signature;
rsa.dummy <== dummy;
}
if (signatureAlgorithm == 11) {
component rsa = VerifyRsaPkcs1v1_5(signatureAlgorithm, n, k, 65537, 160);
@@ -106,7 +101,6 @@ template SignatureVerifier(signatureAlgorithm, n, k) {
}
rsa.modulus <== pubKey;
rsa.signature <== signature;
rsa.dummy <== dummy;
}
if (signatureAlgorithm == 12) {
@@ -121,7 +115,6 @@ template SignatureVerifier(signatureAlgorithm, n, k) {
}
rsa.modulus <== pubKey;
rsa.signature <== signature;
rsa.dummy <== dummy;
}
if (signatureAlgorithm == 14) {
component rsa = VerifyRsaPkcs1v1_5(signatureAlgorithm, n, k, 65537, 256);
@@ -133,7 +126,6 @@ template SignatureVerifier(signatureAlgorithm, n, k) {
}
rsa.modulus <== pubKey;
rsa.signature <== signature;
rsa.dummy <== dummy;
}
if (signatureAlgorithm == 15) {

4
circuits/tests/utils/rsaPkcs1v1_5.test.ts
View File

@@ -20,7 +20,6 @@ describe('VerifyRsaPkcs1v1_5 Circuit Test', function () {
it(`should verify RSA signature using the circuit for ${algorithm}`, async function () {
// Generate inputs using the utility function
const { signature, modulus, message } = generateMockRsaPkcs1v1_5Inputs(algorithm);
let dummy = 0;
// Run circuit with inputs
const circuit = await wasmTester(
@@ -36,8 +35,7 @@ describe('VerifyRsaPkcs1v1_5 Circuit Test', function () {
const witness = await circuit.calculateWitness({
signature,
modulus,
message,
dummy,
message
});
// Check constraints