github-mig/ZoKrates
github-mig/ZoKrates
1
0
Fork 0
mirror of synced 2025-09-24 04:40:05 +00:00
Code Issues Projects Releases Wiki Activity

Whitespace and spelling fixes

Browse source
This commit is contained in:
William Entriken 2020-01-06 13:56:49 -05:00
parent e6e1bec0bc
commit 27e9385a18
82 changed files with 241 additions and 228 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -17,7 +17,7 @@ _This is a proof-of-concept implementation. It has not been tested for productio
curl -LSfs get.zokrat.es | sh
```
Have a look at the [documentation](https://zokrates.github.io/) for more information about using ZoKrates.
Have a look at the [documentation](https://zokrates.github.io/) for more information about using ZoKrates.
A getting started tutorial can be found [here](https://zokrates.github.io/sha256example.html).
## Getting Help
@ -30,6 +30,6 @@ ZoKrates is released under the GNU Lesser General Public License v3.
## Contributing
We happily welcome contributions. You can either pick an existing issue, or reach out on [Gitter](https://gitter.im/ZoKrates/Lobby).
We happily welcome contributions. You can either pick an existing issue or reach out on [Gitter](https://gitter.im/ZoKrates/Lobby).
Unless you explicitly state otherwise, any contribution you intentionally submit for inclusion in the work shall be licensed as above, without any additional terms or conditions.

2
ci/before_deploy.sh
View file

@ -1,3 +1,5 @@
#!/bin/bash
# This script takes care of building your crate and packaging it for release
set -ex

4
ci/install.sh
View file

@ -1,3 +1,5 @@
#!/bin/bash
set -ex
main() {
@ -10,7 +12,7 @@ main() {
sort=gsort # for `sort --sort-version`, from brew's coreutils.
fi
# Builds for iOS are done on OSX, but require the specific target to be
# Builds for iOS are done on macOS, but require the specific target to be
# installed.
case $TARGET in
aarch64-apple-ios)

4
ci/script.sh
View file

@ -1,8 +1,10 @@
#!/bin/bash
# This script takes care of testing your crate
set -ex
# This is the test phase. We will only build as tests happened before.
# This is the test phase. We will only build if tests happened before.
main() {
cross build --target $TARGET
cross build --target $TARGET --release

8
scripts/one_liner.sh
View file

@ -28,10 +28,10 @@ need_cmd() {
get_bitness() {
need_cmd head
# Architecture detection without dependencies beyond coreutils.
# ELF files start out "\x7fELF", and the following byte is
# ELF files start out "\x7fELF", and the following bytes are
# 0x01 for 32-bit and
# 0x02 for 64-bit.
# The printf builtin on some shells like dash only supports octal
# The printf builtin on some shells - like dash - only supports octal
# escape sequences, so we use those.
local _current_exe_head
_current_exe_head=$(head -c 5 /proc/self/exe )
@ -302,7 +302,7 @@ main() {
# install ZoKrates
for f in $(ls $td); do
# put folders into $dest
if [ -d $td/$f ]; then
if [ -d $td/$f ]; then
if [ -e "$dest/$f" ] && [ $force = false ]; then
err "$f already exists in $dest, use --force to overwrite"
else
@ -327,7 +327,7 @@ main() {
cat <<'EOF'
ZoKrates was installed succesfully!
ZoKrates was installed successfully!
If this is the first time you're installing ZoKrates run the following:
export PATH=$PATH:$HOME/.zokrates/bin
export ZOKRATES_HOME=$HOME/.zokrates/stdlib

2
scripts/release.sh
View file

@ -1,3 +1,5 @@
#!/bin/bash
# Exit if any subcommand fails
set -e

4
zokrates_book/src/concepts/control_flow.md
View file

@ -14,7 +14,7 @@ Arguments are passed by value.
### If expressions
An if expression allows you to branch your code depending on a condition.
An "if expression" allows you to branch your code depending on a condition.
```zokrates
{{#include ../../../zokrates_cli/examples/book/if_else.zok}}
@ -32,5 +32,5 @@ For loops are available with the following syntax:
{{#include ../../../zokrates_cli/examples/book/for.zok}}
```
The bounds have to be known at compile time, so only constants are allowed.
The bounds have to be known at compile-time, so only constants are allowed.
For-loops define their own scope.

2
zokrates_book/src/concepts/functions.md
View file

@ -21,7 +21,7 @@ When defining a variable as the return value of a function, types are optional:
{{#include ../../../zokrates_cli/examples/book/multi_def.zok}}
```
If there is an ambiguity, providing the types of some of the assigned variables is necessary.
If there is any ambiguity, providing the types of some of the assigned variables is necessary.
```zokrates
{{#include ../../../zokrates_cli/examples/book/type_annotations.zok}}

6
zokrates_book/src/concepts/imports.md
View file

@ -35,10 +35,10 @@ from "./path/to/my/module" import main as module
// `main` is now in scope under the alias `module`.
```
Note that this legacy method is likely to be become deprecated, so it is recommended to use the preferred way instead.
Note that this legacy method is likely to become deprecated, so it is recommended to use the preferred way instead.
### Symbols
Two types of symbols can be imported:
Two types of symbols can be imported
#### Functions
Functions are imported by name. If many functions have the same name but different signatures, all of them get imported, and which one to use in a particular call is inferred.
@ -58,7 +58,7 @@ There also is a handy syntax to import from the parent directory:
from "../mycode" import foo
```
Also imports further up the file-system are supported:
Also, imports further up the file-system are supported:
```zokrates
from "../../../mycode" import foo
```

10
zokrates_book/src/concepts/stdlib.md
View file

@ -31,9 +31,9 @@ There also is support for 2-round (1024-bit input) and 3-round (1536-bit input)
import "hashes/sha256/512bitPacked.zok"
```
A function that takes an array of 4 field elements as inputs, unpacks each of them to 128 bits (big endian), concatenates them and applies sha256. It then returns an array of 2 field elements, each representing 128 bits of the result.
A function that takes an array of 4 field elements as inputs, unpacks each of them to 128 bits (big-endian), concatenates them and applies sha256. It then returns an array of 2 field elements, each representing 128 bits of the result.
### Public-key Cryptography
### Public-key Cryptography
#### Proof of private-key ownership
@ -41,8 +41,8 @@ A function that takes an array of 4 field elements as inputs, unpacks each of th
import "ecc/proofOfOwnership.zok"
```
Verifies match of a given public/private keypair. Checks if the following equation holds for the provided keypair:
`pk = sk*G`
Verifies match of a given public/private keypair. Checks if the following equation holds for the provided keypair:
`pk = sk*G`
where `G` is the chosen base point of the subgroup and `*` denotes scalar multiplication in the subgroup.
#### Signature verification
@ -85,5 +85,5 @@ Packs 256 field elements as one. Overflows can occur.
import "utils/pack/nonStrictUnpack256"
```
Unpacks a field element to 256 field elements. Uniqueness of the output is not guaranteed.
Unpacks a field element into 256 field elements. Uniqueness of the output is not guaranteed.

16
zokrates_book/src/concepts/types.md
View file

@ -33,18 +33,18 @@ ZoKrates provides two complex types, Arrays and Structs.
ZoKrates supports static arrays, i.e., their length needs to be known at compile time.
Arrays can contain elements of any type and have arbitrary dimensions.
The following examples code shows examples of how to use arrays:
The following example code shows examples of how to use arrays:
```zokrates
{{#include ../../../zokrates_cli/examples/book/array.zok}}
```
#### Declaration and Initialization
An array is defined by appending `[]` to a type literal representing the type of the array's elements.
An array is defined by appending `[]` to a type literal representing the type of the array's elements.
Initialization always needs to happen in the same statement as declaration, unless the array is declared within a function's signature.
Initialization always needs to happen in the same statement as a declaration, unless the array is declared within a function's signature.
For initialization, a list of comma-separated values is provided within brackets `[]`.
For initialization, a list of comma-separated values is provided within brackets `[]`.
ZoKrates offers a special shorthand syntax to initialize an array with a constant value:
`[value;repetitions]`
@ -60,7 +60,7 @@ The following code provides examples for declaration and initialization:
As an array can contain any type of elements, it can contain arrays again.
There is a special syntax to declare such multi-dimensional arrays, i.e., arrays of arrays.
To declare an array of an inner array, i.e., and array of elements of a type, prepend brackets `[size]` to the declaration of the inner array.
To declare an array of an inner array, i.e., and an array of elements of a type, prepend brackets `[size]` to the declaration of the inner array.
In summary, this leads to the following scheme for array declarations:
`data_type[size of 1st dimension][size of 2nd dimension]`.
Consider the following example:
@ -89,8 +89,8 @@ field[2] b = a[1..3] // initialize an array copying a slice from `a`
```
### Structs
A struct is a composite datatype representing a named collection of variables.
The contained variables can be of any type.
A struct is a composite datatype representing a named collection of variables.
The contained variables can be of any type.
The following code shows an example of how to use structs.
@ -111,7 +111,7 @@ struct Point {
#### Declaration and Initialization
Initialization of a variable of a struct type always needs to happen in the same statement as declaration, unless the struct-typed variable is declared within a function's signature.
Initialization of a variable of a struct type always needs to happen in the same statement as a declaration, unless the struct-typed variable is declared within a function's signature.
The following example shows declaration and initialization of a variable of the `Point` struct type:

2
zokrates_book/src/introduction.md
View file

@ -6,7 +6,7 @@ ZoKrates is a toolbox for zkSNARKs on Ethereum. It helps you use verifiable comp
## Background on zkSNARKs
Zero-knowledge proofs (ZKPs) are a family of probabilistic protocols, first described by [Goldwasser, Micali and Rackoff](http://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Proof%20Systems/The_Knowledge_Complexity_Of_Interactive_Proof_Systems.pdf) in 1985.
One particular family of ZKPs is described as zero-knowledge **S**uccinct **N**on-interactive **AR**guments of **K**nowledge, a.k.a. zkSNARKs. zkSNARKs are the most widely used zero-knowledge protocols, with the anonymous cryptocurrency Zcash and the smart-contract platform Ethereum among the notable early adopters.
For further details we refer the reader to some introductory material provided by the community: [[1]](https://z.cash/technology/zksnarks/),[[2]](https://medium.com/@VitalikButerin/zkSNARKs-under-the-hood-b33151a013f6), [[3]](https://blog.decentriq.ch/zk-SNARKs-primer-part-one/).

12
zokrates_book/src/reference/cli.md
View file

@ -13,10 +13,10 @@ You can see an overview of the available subcommands by running
./zokrates compile -i /path/to/add.zok
```
Compiles a `.zok` source code file into ZoKrates internal representation of arithmetic circuits.
Compiles a `.zok` source code file into ZoKrates internal representation of arithmetic circuits.
Creates a compiled binary file at `./out`.
Unless the `--light` flag is set, a human readable `.ztf` file is generated, which displays the compilation output in ZoKrates Text Format.
Unless the `--light` flag is set, a human-readable `.ztf` file is generated, which displays the compilation output in ZoKrates Text Format.
## `compute-witness`
@ -24,9 +24,9 @@ Unless the `--light` flag is set, a human readable `.ztf` file is generated, whi
./zokrates compute-witness -a 1 2 3
```
Computes a witness for the compiled program found at `./out` and arguments to the program.
A witness is a valid assignment of the variables, which include the results of the computation.
Arguments to the program are passed as a space-separated list with the `-a` flag, or over `stdin`.
Computes a witness for the compiled program found at `./out` and computes arguments of the program.
A witness is a valid assignment of the variables that include the results of the computation.
Arguments of the program are passed as a space-separated list with the `-a` flag, or over `stdin`.
Creates a witness file at `./witness`
@ -47,7 +47,7 @@ These keys are derived from a source of randomness, commonly referred to as "tox
./zokrates export-verifier
```
Using the verifying key at `./verifying.key`, generates a Solidity contract which contains the generated verification key and a public function to verify a solution to the compiled program at `./out`.
Using the verifying key at `./verifying.key`, generates a Solidity contract that contains the generated verification key and a public function to verify a solution to the compiled program at `./out`.
Creates a verifier contract at `./verifier.sol`.

2
zokrates_book/src/reference/proving_schemes.md
View file

@ -29,7 +29,7 @@ cargo +nightly -Z package-features build --release --package zokrates_cli --feat
## G16 malleability
When using G16, developers should pay attention to the fact that an attacker seeing a valid proof can very easily generate a different but still valid proof. Therefore, depending on the use case, making sure on chain that the same proof cannot be submitted twice may *not* be enough to guarantee that attackers cannot replay proofs. Mechanisms to solve this issue include:
When using G16, developers should pay attention to the fact that an attacker, seeing a valid proof, can very easily generate a different but still valid proof. Therefore, depending on the use case, making sure on chain that the same proof cannot be submitted twice may *not* be enough to guarantee that attackers cannot replay proofs. Mechanisms to solve this issue include:
- signed proofs
- nullifiers
- usage of an ethereum address as a public input to the program

8
zokrates_book/src/reference/testing.md
View file

@ -1,10 +1,10 @@
# Testing
Before running any tests, make sure make sure your `ZOKRATES_HOME` environment variable is set correctly.
Before running any tests, make sure your `ZOKRATES_HOME` environment variable is set correctly.
It has to point to `zokrates_stdlib/stdlib/`
## Unit tests
In ZoKrates, unit tests comprise
In ZoKrates, unit tests comprise of
- internal tests for all zokrates crates
- compilation tests for all examples in `zokrates_cli/examples`. These tests only ensure that the examples compile.
- compilation + witness-computation tests. These tests compile the test cases, compute a witness and compare the result with a pre-defined expected result.
@ -24,10 +24,10 @@ Integration tests are excluded from `cargo test` by default.
They are defined in the `zokrates_cli` crate in `integration.rs` and use the test cases specified in `zokrates_cli/tests/code`.
Before running integration tests:
1. Make sure your `$ZOKRATES_HOME` is set correctly
1. Make sure your `$ZOKRATES_HOME` is set correctly
2. You have [solc](https://github.com/ethereum/solc-js) installed and in your `$PATH`.
Solc can conveniently be installed through `npm` by running
Solc can conveniently be installed through `npm` by running
```
npm install -g solc
```

4
zokrates_book/src/sha256example.md
View file

@ -23,7 +23,7 @@ The first line imports the `sha256packed` function from the ZoKrates standard li
`sha256packed` is a SHA256 implementation that is optimized for the use in the ZoKrates DSL. Here is how it works: We want to pass 512 bits of input to SHA256. However, a `field` value can only hold 254 bits due to the size of the underlying prime field we are using. As a consequence, we use four field elements, each one encoding 128 bits, to represent our input. The four elements are then concatenated in ZoKrates and passed to SHA256. Given that the resulting hash is 256 bit long, we split it in two and return each value as a 128 bit number.
In case you are interested in an example that is fully compliant with existing SHA256 implementations in Python or Solidity you can have a look at this [blog](https://blog.decentriq.ch/proving-hash-pre-image-zksnarks-zokrates) post.
In case you are interested in an example that is fully compliant with existing SHA256 implementations in Python or Solidity, you can have a look at this [blog](https://blog.decentriq.ch/proving-hash-pre-image-zksnarks-zokrates) post.
Our code is really just using the `sha256packed`, returning the computed hash.
@ -104,7 +104,7 @@ Finally, Peggy can run the command to construct the proof:
./zokrates generate-proof
```
As the inputs were declared as private in the program, they do not appear in the proof thanks to the zero knowledge property of the protocol.
As the inputs were declared as private in the program, they do not appear in the proof thanks to the zero-knowledge property of the protocol.
ZoKrates creates a file, `proof.json`, consisting of the three elliptic curve points that make up the zkSNARKs proof. The `verifyTx` function in the smart contract deployed by Victor accepts these three values, along with an array of public inputs. The array of public inputs consists of:

2
zokrates_cli/examples/book/structs.code
View file

@ -5,7 +5,7 @@ struct Bar {
struct Foo {
Bar a
bool b
bool b
}
def main() -> (Foo):

2
zokrates_cli/examples/bool_or.zok
View file

@ -3,5 +3,5 @@ def main(field a, field b) -> (field):
field y = if a + 2 == 4 || b * 2 == 2 then 1 else 0 fi
field z = if y == 1 || y == 0 then y else 1 fi
z == 1
return z
return z

10
zokrates_cli/examples/dex/ringtrade_example.zok
View file

@ -43,13 +43,13 @@ def checkConstraints(field[3] amount, field[3] sourceToken, field[3] targetToken
field[3] sourceTokenPriceOrder = [0, 0, 0]
field[3] targetTokenPriceOrder = [0, 0, 0]
for field i in 0..3 do
sourceTokenPriceOrder[i] = priceToken[sourceToken[i]]
targetTokenPriceOrder[i] = priceToken[targetToken[i]]
endfor
// orders are only touched, if the limit price is below the calculated price:
// orders are only touched if the limit price is below the calculated price:
for field i in 0..3 do
1 == if volume[i] == 0 then 1 else limitLessThanPrice(sourceTokenPriceOrder[i], targetTokenPriceOrder[i], limit[i]) fi
endfor
@ -68,7 +68,7 @@ def checkConstraints(field[3] amount, field[3] sourceToken, field[3] targetToken
// If an order σ ∈ Oi→j with a limit price p has a positive trading volume, then every order in Oi→j with a lower limit price should be completely fulfilled.
highestTouchedOrder = tupleForTokenPairsWithValue(0)
for field i in 0..3 do
for field i in 0..3 do
highestTouchedOrder = updateHighestTouchedOrder(highestTouchedOrder, sourceToken[i], targetToken[i], limit[i], volume[i])
endfor
@ -76,7 +76,7 @@ def checkConstraints(field[3] amount, field[3] sourceToken, field[3] targetToken
1 == verifyCompletelyFulfilledIfLimitLowerHighestTouchedOrder(highestTouchedOrder, amount[i], sourceToken[i], targetToken[i], limit[i], volume[i])
endfor
return 1 // Could return total volume to maximize for
return 1 // Could return the total volume to maximize for
def main(private field[3] encodedOrder, private field[3] bitmapOrder, private field[3] volume, private field[3] priceToken) -> (field):
// Remove orders that are not double signed
@ -88,7 +88,7 @@ def main(private field[3] encodedOrder, private field[3] bitmapOrder, private fi
field[3] limit = [0, 0, 0]
// Decode orders
for field i in 0..3 do
for field i in 0..3 do
a, s, t, l = decodeOrder(encodedOrder[i])
amount[i] = a
sourceToken[i] = s

4
zokrates_cli/examples/merkleTree/pedersenPathProof3.zok
View file

@ -3,7 +3,7 @@ import "ecc/edwardsCompress" as edwardsCompress
import "ecc/babyjubjubParams" as context
import "hashes/utils/256bitsDirectionHelper" as multiplex
import "utils/binary/not" as NOT
// Merke-Tree inclusion proof for tree depth 3 using SNARK efficient pedersen hashes
// Merke-Tree inclusion proof for tree depth 3 using SNARK efficient pedersen hashes
// directionSelector=> 1/true if current digest is on the rhs of the hash
def main(field[256] rootDigest, private field[256] leafDigest, private field[3] directionSelector, field[256] PathDigest0, private field[256] PathDigest1, private field[256] PathDigest2) -> (field):
context = context()
@ -23,5 +23,5 @@ def main(field[256] rootDigest, private field[256] leafDigest, private field[3]
rootDigest == currentDigest
return 1 //return true in success
return 1 //return true in success

4
zokrates_cli/examples/merkleTree/sha256PathProof3.zok
View file

@ -2,7 +2,7 @@ import "hashes/sha256/512bit" as sha256
import "utils/multiplexer/256bit" as multiplex
import "utils/binary/not" as NOT
// Merke-Tree inclusion proof for tree depth 3
// Merkle-Tree inclusion proof for tree depth 3
def main(field treeDepth, field[256] rootDigest, private field[256] leafDigest, private field[2] directionSelector, field[256] PathDigest0, private field[256] PathDigest1) -> (field):
@ -28,4 +28,4 @@ def main(field treeDepth, field[256] rootDigest, private field[256] leafDigest,
counter == treeDepth
rootDigest == currentDigest
return 1 //return true in success
return 1 //return true in success

4
zokrates_cli/examples/merkleTree/testpedersenPathProof3.zok
View file

@ -1,5 +1,5 @@
import "./pedersenPathProof3"
// Merke-Tree inclusion proof for tree depth 3
// Merke-Tree inclusion proof for tree depth 3
// def main(field treeDepth, field[256] rootDigest, private field[256] leafDigest, private field[2] directionSelector, field[256] PathDigest0, private field[256] PathDigest1) -> (field):
def main() -> (field):
@ -16,5 +16,5 @@ def main() -> (field):
field success = pedersenPathProof3(rootDigest, leafDigest, [0, 0, 0], PathDigest0, PathDigest1, PathDigest2)
return 1 //return true in success
return 1 //return true in success

4
zokrates_cli/examples/merkleTree/testsha256PathProof3.zok
View file

@ -4,8 +4,8 @@ def main() -> (field):
field treeDepth = 3
field[256] rootDigest = [1 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,0 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,1 ,0 ,1 ,0 ,1 ,0 ,0 ,1 ,1 ,0 ,0 ,0 ,1 ,1 ,0 ,1 ,0 ,1 ,1 ,0 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,1 ,0 ,0 ,1 ,0 ,1 ,1 ,1 ,0 ,1 ,0 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,1 ,1 ,0 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,1 ,0 ,0 ,1 ,1 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,1 ,0]
field[256] leafDigest = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1]
field[2] directionSelector = [0, 0]
field[256] PathDigest0 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1]
field[2] directionSelector = [0, 0]
field[256] PathDigest0 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1]
field[256] PathDigest1 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1]
field out = merkleTreeProof(treeDepth,rootDigest,leafDigest,directionSelector,PathDigest0,PathDigest1)

2
zokrates_cli/examples/runtime_errors/lt_overflow_max_plus_1.zok
View file

@ -1,5 +1,5 @@
// we can compare numbers up to 2^(pbits - 2) - 1, ie any number which fits in (pbits - 2) bits
// lt should not work for the maxvalue = 2^(pbits - 2) - 1 augmented by one
// It should not work for the maxvalue = 2^(pbits - 2) - 1 augmented by one
// /!\ should be called with a = 0
def main(field a) -> (field):

6
zokrates_cli/examples/waldo.zok
View file

@ -18,8 +18,8 @@ def isWaldo(field a, field p, field q) -> (field):
// define all
def main(field a0, field a1, field a2, field a3, private field index, private field p, private field q) -> (field):
// prover provides the index of Waldo
field waldo = if index == 0 then a0 else 0 fi
waldo = waldo + if index == 1 then a1 else 0 fi
waldo = waldo + if index == 2 then a2 else 0 fi
field waldo = if index == 0 then a0 else 0 fi
waldo = waldo + if index == 1 then a1 else 0 fi
waldo = waldo + if index == 2 then a2 else 0 fi
waldo = waldo + if index == 3 then a3 else 0 fi
return isWaldo(waldo, p, q)

6
zokrates_cli/src/bin.rs
View file

@ -136,7 +136,8 @@ fn cli() -> Result<(), String> {
).arg(Arg::with_name("proving-scheme")
.short("s")
.long("proving-scheme")
.help("Proving scheme to use to export the verifier. Available options are G16, PGHR13 and GM17")
.help("Proving scheme to use for exporting the verifier. Available options are G16 (default), PGHR13 and GM17")
.value_name("FILE")
.takes_value(true)
.required(false)
.default_value(&default_scheme)
@ -235,7 +236,8 @@ fn cli() -> Result<(), String> {
).arg(Arg::with_name("proving-scheme")
.short("s")
.long("proving-scheme")
.help("Proving scheme to use to generate the proof. Available options are G16, PGHR13 and GM17")
.help("Proving scheme to use for generating the proof. Available options are G16 (default), PGHR13 and GM17")
.value_name("FILE")
.takes_value(true)
.required(false)
.default_value(&default_scheme)

2
zokrates_cli/tests/code/sha_round.zok
View file

@ -5,7 +5,7 @@ def main(private field[256] expected) -> (field):
field[256] a = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
field[256] b = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1]
field[256] IV = [0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1]
expected == sha256([a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], a[14], a[15], a[16], a[17], a[18], a[19], a[20], a[21], a[22], a[23], a[24], a[25], a[26], a[27], a[28], a[29], a[30], a[31], a[32], a[33], a[34], a[35], a[36], a[37], a[38], a[39], a[40], a[41], a[42], a[43], a[44], a[45], a[46], a[47], a[48], a[49], a[50], a[51], a[52], a[53], a[54], a[55], a[56], a[57], a[58], a[59], a[60], a[61], a[62], a[63], a[64], a[65], a[66], a[67], a[68], a[69], a[70], a[71], a[72], a[73], a[74], a[75], a[76], a[77], a[78], a[79], a[80], a[81], a[82], a[83], a[84], a[85], a[86], a[87], a[88], a[89], a[90], a[91], a[92], a[93], a[94], a[95], a[96], a[97], a[98], a[99], a[100], a[101], a[102], a[103], a[104], a[105], a[106], a[107], a[108], a[109], a[110], a[111], a[112], a[113], a[114], a[115], a[116], a[117], a[118], a[119], a[120], a[121], a[122], a[123], a[124], a[125], a[126], a[127], a[128], a[129], a[130], a[131], a[132], a[133], a[134], a[135], a[136], a[137], a[138], a[139], a[140], a[141], a[142], a[143], a[144], a[145], a[146], a[147], a[148], a[149], a[150], a[151], a[152], a[153], a[154], a[155], a[156], a[157], a[158], a[159], a[160], a[161], a[162], a[163], a[164], a[165], a[166], a[167], a[168], a[169], a[170], a[171], a[172], a[173], a[174], a[175], a[176], a[177], a[178], a[179], a[180], a[181], a[182], a[183], a[184], a[185], a[186], a[187], a[188], a[189], a[190], a[191], a[192], a[193], a[194], a[195], a[196], a[197], a[198], a[199], a[200], a[201], a[202], a[203], a[204], a[205], a[206], a[207], a[208], a[209], a[210], a[211], a[212], a[213], a[214], a[215], a[216], a[217], a[218], a[219], a[220], a[221], a[222], a[223], a[224], a[225], a[226], a[227], a[228], a[229], a[230], a[231], a[232], a[233], a[234], a[235], a[236], a[237], a[238], a[239], a[240], a[241], a[242], a[243], a[244], a[245], a[246], a[247], a[248], a[249], a[250], a[251], a[252], a[253], a[254], a[255], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[32], b[33], b[34], b[35], b[36], b[37], b[38], b[39], b[40], b[41], b[42], b[43], b[44], b[45], b[46], b[47], b[48], b[49], b[50], b[51], b[52], b[53], b[54], b[55], b[56], b[57], b[58], b[59], b[60], b[61], b[62], b[63], b[64], b[65], b[66], b[67], b[68], b[69], b[70], b[71], b[72], b[73], b[74], b[75], b[76], b[77], b[78], b[79], b[80], b[81], b[82], b[83], b[84], b[85], b[86], b[87], b[88], b[89], b[90], b[91], b[92], b[93], b[94], b[95], b[96], b[97], b[98], b[99], b[100], b[101], b[102], b[103], b[104], b[105], b[106], b[107], b[108], b[109], b[110], b[111], b[112], b[113], b[114], b[115], b[116], b[117], b[118], b[119], b[120], b[121], b[122], b[123], b[124], b[125], b[126], b[127], b[128], b[129], b[130], b[131], b[132], b[133], b[134], b[135], b[136], b[137], b[138], b[139], b[140], b[141], b[142], b[143], b[144], b[145], b[146], b[147], b[148], b[149], b[150], b[151], b[152], b[153], b[154], b[155], b[156], b[157], b[158], b[159], b[160], b[161], b[162], b[163], b[164], b[165], b[166], b[167], b[168], b[169], b[170], b[171], b[172], b[173], b[174], b[175], b[176], b[177], b[178], b[179], b[180], b[181], b[182], b[183], b[184], b[185], b[186], b[187], b[188], b[189], b[190], b[191], b[192], b[193], b[194], b[195], b[196], b[197], b[198], b[199], b[200], b[201], b[202], b[203], b[204], b[205], b[206], b[207], b[208], b[209], b[210], b[211], b[212], b[213], b[214], b[215], b[216], b[217], b[218], b[219], b[220], b[221], b[222], b[223], b[224], b[225], b[226], b[227], b[228], b[229], b[230], b[231], b[232], b[233], b[234], b[235], b[236], b[237], b[238], b[239], b[240], b[241], b[242], b[243], b[244], b[245], b[246], b[247], b[248], b[249], b[250], b[251], b[252], b[253], b[254], b[255]], IV)
return 1

4
zokrates_cli/tests/contract/test.js
View file

@ -31,8 +31,8 @@ let jsonInterface = JSON.parse(solc.compile(jsonContractSource));
let abi = jsonInterface.contracts[contractPath]["Verifier"].abi
let bytecode = jsonInterface.contracts[contractPath]["Verifier"].evm.bytecode
//There is a solc issue, that for unknown reasons wont link the BN256G2 Library automatically for gm17 v1 and v2 contracts. I dont know why this is happening,
//the contracts compile and deploy without any issue on remix. To fix this, the the BN256G2 Library must be compiled and deployed by itself, after that,
//There is a solc issue, that for unknown reasons wont link the BN256G2 Library automatically for gm17 v1 and v2 contracts. I dont know why this is happening,
//the contracts compile and deploy without any issue on remix. To fix this, the the BN256G2 Library must be compiled and deployed by itself, after that,
//the library placeholder must be replaced with the library address in the contracts bytecode
if (format == "gm17") {
let library = await deployLibrary();

2
zokrates_core/lib/gm17.cpp
View file

@ -24,7 +24,7 @@ using namespace libsnark;
namespace gm17 {
//takes input and puts it into constraint system
// takes input and puts it into a constraint system
r1cs_se_ppzksnark_constraint_system<libff::alt_bn128_pp> createConstraintSystem(const uint8_t* A, const uint8_t* B, const uint8_t* C, int A_len, int B_len, int C_len, int constraints, int variables, int inputs)
{
r1cs_se_ppzksnark_constraint_system<libff::alt_bn128_pp> cs;

4
zokrates_core/lib/pghr13.cpp
View file

@ -12,7 +12,7 @@
#include <cassert>
#include <iomanip>
// contains definition of alt_bn128 ec public parameters
// contains definitions of alt_bn128 ec public parameters
#include "libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp"
// contains required interfaces and types (keypair, proof, generator, prover, verifier)
#include <libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp>
@ -24,7 +24,7 @@ using namespace libsnark;
namespace pghr13 {
//takes input and puts it into constraint system
// takes input and puts it into a constraint system
r1cs_ppzksnark_constraint_system<libff::alt_bn128_pp> createConstraintSystem(const uint8_t* A, const uint8_t* B, const uint8_t* C, int A_len, int B_len, int C_len, int constraints, int variables, int inputs)
{
r1cs_ppzksnark_constraint_system<libff::alt_bn128_pp> cs;

2
zokrates_core/lib/util.cpp
View file

@ -19,7 +19,7 @@ libff::bigint<libff::alt_bn128_r_limbs> libsnarkBigintFromBytes(const uint8_t* _
x.data[3 - i] |= uint64_t(_x[i * 8 + j]) << (8 * (7-j));
}
}
return x;
}

2
zokrates_core/lib/util.hpp
View file

@ -1,6 +1,6 @@
#pragma once
// contains definition of alt_bn128 ec public parameters
// contains definitions of alt_bn128 ec public parameters
#include "libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp"
#include <fstream>
#include <iostream>

2
zokrates_core/src/embed.rs
View file

@ -10,7 +10,7 @@ use typed_absy::types::{FunctionKey, Signature, Type};
use zokrates_embed::{generate_sha256_round_constraints, BellmanConstraint};
use zokrates_field::field::Field;
/// A low level function that contains non-deterministic introduction of variables. It is carried as is until
/// A low level function that contains non-deterministic introduction of variables. It is carried out as is until
/// the flattening step when it can be inlined.
#[derive(Debug, Clone, PartialEq)]
pub enum FlatEmbed {

30
zokrates_core/src/flatten/mod.rs
View file

@ -1,4 +1,4 @@
//! Module containing the `Flattener` to process a program that it is R1CS-able.
//! Module containing the `Flattener` to process a program that is R1CS-able.
//!
//! @file flatten.rs
//! @author Dennis Kuhnert <dennis.kuhnert@campus.tu-berlin.de>
@ -122,7 +122,7 @@ impl<'ast, T: Field> Flattener<'ast, T> {
///
/// # Arguments
///
/// * `symbols` - Available functions in in this context
/// * `symbols` - Available functions in this context
/// * `statements_flattened` - Vector where new flattened statements can be added.
/// * `condition` - the condition as a `BooleanExpression`.
/// * `consequence` - the consequence of type U.
@ -464,9 +464,9 @@ impl<'ast, T: Field> Flattener<'ast, T> {
}
},
e => {
// we have array[e] with e an arbitrary expression
// we have array[e] with e as an arbitrary expression
// first we check that e is in 0..array.len(), so we check that sum(if e == i then 1 else 0) == 1
// here depending on the size, we could use a proper range check based on bits
// here, depending on the size, we could use a proper range check based on bits
let range_check = (0..size)
.map(|i| {
FieldElementExpression::IfElse(
@ -546,7 +546,7 @@ impl<'ast, T: Field> Flattener<'ast, T> {
///
/// # Arguments
///
/// * `symbols` - Available functions in in this context
/// * `symbols` - Available functions in this context
/// * `statements_flattened` - Vector where new flattened statements can be added.
/// * `expression` - `BooleanExpression` that will be flattened.
///
@ -581,7 +581,7 @@ impl<'ast, T: Field> Flattener<'ast, T> {
let lhs_id = self.use_sym();
statements_flattened.push(FlatStatement::Definition(lhs_id, lhs_flattened));
// check that lhs and rhs are within the right range, ie, their higher two bits are zero. We use big-endian so they are at positions 0 and 1
// check that lhs and rhs are within the right range, i.e., their higher two bits are zero. We use big-endian so they are at positions 0 and 1
// lhs
{
@ -923,8 +923,8 @@ impl<'ast, T: Field> Flattener<'ast, T> {
replacement_map.insert(formal_argument.id, new_var);
}
// Ensure Renaming and correct returns:
// add all flattened statements, adapt return statement
// Ensure renaming and correct returns:
// add all flattened statements, adapt return statements
let (mut return_statements, statements): (Vec<_>, Vec<_>) =
funct.statements.into_iter().partition(|s| match s {
@ -990,7 +990,7 @@ impl<'ast, T: Field> Flattener<'ast, T> {
///
/// # Arguments
///
/// * `symbols` - Available functions in in this context
/// * `symbols` - Available functions in this context
/// * `statements_flattened` - Vector where new flattened statements can be added.
/// * `expr` - `TypedExpression` that will be flattened.
fn flatten_expression(
@ -1039,7 +1039,7 @@ impl<'ast, T: Field> Flattener<'ast, T> {
///
/// # Arguments
///
/// * `symbols` - Available functions in in this context
/// * `symbols` - Available functions in this context
/// * `statements_flattened` - Vector where new flattened statements can be added.
/// * `expr` - `FieldElementExpression` that will be flattened.
fn flatten_field_expression(
@ -1226,7 +1226,7 @@ impl<'ast, T: Field> Flattener<'ast, T> {
// construct the result iterating through the bits, multiplying by the associated power iff the bit is true
ebits_le.into_iter().zip(powers).fold(
FlatExpression::Number(T::from(1)), // initialise the result at 1. If we have no bits to iterate through, we're computing x**0 == 1
FlatExpression::Number(T::from(1)), // initialise the result at 1. If we have no bits to itegrate through, we're computing x**0 == 1
|acc, (bit, power)| match bit {
true => {
// update the result by introducing a new variable
@ -1282,7 +1282,7 @@ impl<'ast, T: Field> Flattener<'ast, T> {
///
/// # Arguments
///
/// * `symbols` - Available functions in in this context
/// * `symbols` - Available functions in this context
/// * `statements_flattened` - Vector where new flattened statements can be added.
/// * `expr` - `StructExpression` that will be flattened.
fn flatten_struct_expression(
@ -1368,7 +1368,7 @@ impl<'ast, T: Field> Flattener<'ast, T> {
///
/// # Arguments
///
/// * `symbols` - Available functions in in this context
/// * `symbols` - Available functions in this context
/// * `statements_flattened` - Vector where new flattened statements can be added.
/// * `expr` - `ArrayExpression` that will be flattened.
/// # Remarks
@ -1447,7 +1447,7 @@ impl<'ast, T: Field> Flattener<'ast, T> {
///
/// # Arguments
///
/// * `symbols` - Available functions in in this context
/// * `symbols` - Available functions in this context
/// * `statements_flattened` - Vector where new flattened statements can be added.
/// * `stat` - `TypedStatement` that will be flattened.
fn flatten_statement(
@ -1564,7 +1564,7 @@ impl<'ast, T: Field> Flattener<'ast, T> {
///
/// # Arguments
///
/// * `symbols` - Available functions in in this context
/// * `symbols` - Available functions in this context
/// * `funct` - `TypedFunction` that will be flattened
fn flatten_function(
&mut self,

5
zokrates_core/src/ir/from_flat.rs
View file

@ -67,7 +67,10 @@ impl<T: Field> From<FlatProg<T>> for Prog<T> {
// get the main function
let main = flat_prog.main;
// get the interface of the program, ie which inputs are private and public
// get the signature to keep high level information in the low level representation
let signature = main.signature.clone();
// get the interface of the program, i.e. which inputs are private and public
let private = main.arguments.iter().map(|p| p.private).collect();
let main = main.into();

6
zokrates_core/src/proof_system/bn128/utils/libsnark.rs
View file

@ -5,7 +5,7 @@ use std::collections::HashMap;
use std::ffi::CString;
use zokrates_field::field::Field;
// utility function. Converts a Fields vector-based byte representation to fixed size array.
// utility function. Converts a Field's vector-based byte representation to fixed size array.
fn vec_as_u8_32_array(vec: &Vec<u8>) -> [u8; 32] {
assert!(vec.len() <= 32);
let mut array = [0u8; 32];
@ -192,7 +192,7 @@ pub fn prepare_generate_proof<T: Field>(
)
}
/// Returns the index of `var` in `variables`, adding `var` with incremented index if it not yet exists.
/// Returns the index of `var` in `variables`, adding `var` with incremented index if it does not yet exists.
///
/// # Arguments
///
@ -238,7 +238,7 @@ pub fn r1cs_program<T: Field>(
//Only the main function is relevant in this step, since all calls to other functions were resolved during flattening
let main = prog.main;
//~out are added after main's arguments as we want variables (columns)
//~out are added after main's arguments, since we want variables (columns)
//in the r1cs to be aligned like "public inputs | private inputs"
let main_return_count = main.returns.len();

12
zokrates_core/src/semantics.rs
View file

@ -39,7 +39,7 @@ struct State<'ast, T: Field> {
types: TypeMap,
}
/// A symbol for a given name: either a type, or a group of functions. Not both!
/// A symbol for a given name: either a type or a group of functions. Not both!
#[derive(PartialEq, Hash, Eq, Debug)]
enum SymbolType {
Type,
@ -194,7 +194,7 @@ impl<'ast> Hash for ScopedVariable<'ast> {
impl<'ast> Eq for ScopedVariable<'ast> {}
/// Checker, checks the semantics of a program, keeping track of functions and variables in scope
/// Checker checks the semantics of a program, keeping track of functions and variables in scope
pub struct Checker<'ast> {
scope: HashSet<ScopedVariable<'ast>>,
functions: HashSet<FunctionKey<'ast>>,
@ -879,7 +879,7 @@ impl<'ast> Checker<'ast> {
vars_types.push(t);
var_names.push(name);
}
// find arguments types
// find argument types
let mut arguments_checked = vec![];
for arg in arguments {
let arg_checked = self.check_expression(arg, module_id, &types).map_err(|e| vec![e])?;
@ -4027,7 +4027,7 @@ mod tests {
#[test]
fn subset() {
// a A value cannot be defined with A as id but members being a subset of the declaration
// a A value cannot be defined with A as id if members are a subset of the declaration
// struct Foo = { foo: field, bar: bool }
// Foo foo = Foo { foo: 42 }
@ -4069,8 +4069,8 @@ mod tests {
#[test]
fn invalid() {
// a A value cannot be defined with A as id but members being different ids than the declaration
// a A value cannot be defined with A as id but members being different types than the declaration
// a A value cannot be defined with A as id if members are different ids than the declaration
// a A value cannot be defined with A as id if members are different types than the declaration
// struct Foo = { foo: field, bar: bool }
// Foo { foo: 42, baz: bool } // error

6
zokrates_core/src/static_analysis/inline.rs
View file

@ -5,7 +5,7 @@
//! @date 2019
//! Start from the `main` function in the `main` module and inline all calls except those to flat embeds
//! The resulting program has a single module, where we define a function for each flat embed, and replace function calls to the embeds found
//! The resulting program has a single module, where we define a function for each flat embed and replace the function calls with the embeds found
//! during inlining by calls to these functions, to be resolved during flattening.
//! The resulting program has a single module of the form
@ -24,7 +24,7 @@ use zokrates_field::field::Field;
/// An inliner
#[derive(Debug)]
pub struct Inliner<'ast, T: Field> {
modules: TypedModules<'ast, T>, // the modules to look for functions in when inlining
modules: TypedModules<'ast, T>, // the modules to look for functions when inlining
module_id: TypedModuleId, // the current module we're visiting
statement_buffer: Vec<TypedStatement<'ast, T>>, // a buffer of statements to be added to the inlined statements
stack: Vec<(String, FunctionKey<'ast>, usize)>, // the current call stack
@ -165,7 +165,7 @@ impl<'ast, T: Field> Inliner<'ast, T> {
}
}
// Focus the Inliner on another module with id `module_id` and return the current `module_id`
// Focus the inliner on another module with id `module_id` and return the current `module_id`
fn change_module(&mut self, module_id: TypedModuleId) -> TypedModuleId {
std::mem::replace(&mut self.module_id, module_id)
}

4
zokrates_core/src/typed_absy/mod.rs
View file

@ -657,7 +657,7 @@ pub enum BooleanExpression<'ast, T: Field> {
/// An expression of type `array`
/// # Remarks
/// * Contrary to basic types which represented as enums, we wrap an enum `ArrayExpressionInner` in a struct in order to keep track of the type (content and size)
/// * Contrary to basic types which are represented as enums, we wrap an enum `ArrayExpressionInner` in a struct in order to keep track of the type (content and size)
/// of the array. Only using an enum would require generics, which would propagate up to TypedExpression which we want to keep simple, hence this "runtime"
/// type checking
#[derive(Clone, PartialEq, Hash, Eq)]
@ -1018,7 +1018,7 @@ impl<'ast, T: Field> fmt::Debug for TypedExpressionList<'ast, T> {
}
}
// Common behaviour accross expressions
// Common behaviour across expressions
pub trait IfElse<'ast, T: Field> {
fn if_else(condition: BooleanExpression<'ast, T>, consequence: Self, alternative: Self)

2
zokrates_core_test/tests/tests/precedence.zok
View file

@ -1,5 +1,5 @@
def main(field g) -> (field):
9 == 1 + 2 * 2 ** 2 // Checks precedence of arithmetic operators (expecting transitiv behaviour)
9 == 1 + 2 * 2 ** 2 // Checks precedence of arithmetic operators (expecting transitive behaviour)
9 == 2 ** 2 * 2 + 1
7 == 2 ** 2 * 2 - 1
3 == 2 ** 2 / 2 + 1

4
zokrates_core_test/tests/tests/split.json
View file

@ -7,7 +7,7 @@
},
"output": {
"Ok": {
"values": ["0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", "1", "0", "1", "0", "0", "1", "1", "0", "0", "0", "1", "0", "0", "0", "0", "1", "0", "1", "1", "0", "0", "0", "0", "0", "0", "1", "0", "1", "0", "0", "0", "0", "0", "1", "0", "1", "1", "1", "0", "1", "1", "0", "0", "0", "0", "1", "1", "1", "1", "0", "0", "0", "0", "0", "1", "1", "0", "1", "0", "0", "0", "1", "1", "0", "1", "1", "0", "0", "1", "0", "0", "0", "0", "0", "0", "0", "1", "1", "0", "1", "1", "0", "1", "0", "1", "1", "0", "1", "0", "0", "1", "1", "0", "1", "1", "0", "1", "0", "1", "1", "1", "1", "0", "1", "0", "1", "0", "0", "1", "1", "1", "1", "0", "1", "0", "0", "1", "0", "1", "1", "0", "1", "1", "0", "0", "0"]
"values": ["0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", "1", "0", "1", "0", "0", "1", "1", "0", "0", "0", "1", "0", "0", "0", "0", "1", "0", "1", "1", "0", "0", "0", "0", "0", "0", "1", "0", "1", "0", "0", "0", "0", "0", "1", "0", "1", "1", "1", "0", "1", "1", "0", "0", "0", "0", "1", "1", "1", "1", "0", "0", "0", "0", "0", "1", "1", "0", "1", "0", "0", "0", "1", "1", "0", "1", "1", "0", "0", "1", "0", "0", "0", "0", "0", "0", "0", "1", "1", "0", "1", "1", "0", "1", "0", "1", "1", "0", "1", "0", "0", "1", "1", "0", "1", "1", "0", "1", "0", "1", "1", "1", "1", "0", "1", "0", "1", "0", "0", "1", "1", "1", "1", "0", "1", "0", "0", "1", "0", "1", "1", "0", "1", "1", "0", "0", "0"]
}
}
},
@ -27,7 +27,7 @@
},
"output": {
"Ok": {
"values": ["0", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1"]
"values": ["0", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1"]
}
}
},

4
zokrates_field/src/field.rs
View file

@ -88,7 +88,7 @@ pub trait Field:
fn get_required_bits() -> usize;
/// Tries to parse a string into this representation
fn try_from_dec_str<'a>(s: &'a str) -> Result<Self, ()>;
/// Returns a decimal string representing a the member of the equivalence class of this `Field` in Z/pZ
/// Returns a decimal string representing the member of the equivalence class of this `Field` in Z/pZ
/// which lies in [-(p-1)/2, (p-1)/2]
fn to_compact_dec_string(&self) -> String;
}
@ -146,7 +146,7 @@ impl Field for FieldPrime {
})
}
fn to_compact_dec_string(&self) -> String {
// values up to (p-1)/2 included are represented as positive, values between (p+1)/2 and p-1 as represented as negative by subtracting p
// values up to (p-1)/2 included are represented as positive, values between (p+1)/2 and p-1 are represented as negative by subtracting p
if self.value <= FieldPrime::max_value().value / 2 {
format!("{}", self.value.to_str_radix(10))
} else {

4
zokrates_parser/src/ace_mode/index.js
View file

@ -3,7 +3,7 @@
*
* Copyright (c) 2019, Ajax.org B.V.
* All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright
@ -14,7 +14,7 @@
* * Neither the name of Ajax.org B.V. nor the
* names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

8
zokrates_parser/src/zokrates.pest
View file

@ -1,4 +1,4 @@
/**
/**
* ZoKrates Grammar
* Author: Jacob Eberhardt, Thibaut Schaeffer
*/
@ -33,14 +33,14 @@ vis_private = {"private"}
vis_public = {"public"}
vis = { vis_private | vis_public }
// Statements
// Statements
statement = { (return_statement // does not require subsequent newline
| (iteration_statement
| multi_assignment_statement // try this first as we want all assignments based on return of function calls match here and not later
| definition_statement
| assignment_statement
| expression_statement
) ~ NEWLINE
| expression_statement
) ~ NEWLINE
) ~ NEWLINE* }
iteration_statement = { "for" ~ ty ~ identifier ~ "in" ~ expression ~ ".." ~ expression ~ "do" ~ NEWLINE* ~ statement* ~ "endfor"}

2
zokrates_pest_ast/src/lib.rs
View file

@ -1090,7 +1090,7 @@ mod tests {
field a = 1
a[32 + x][55] = y
for field i in 0..3 do
a == 1 + 2 + 3+ 4+ 5+ 6+ 6+ 7+ 8 + 4+ 5+ 3+ 4+ 2+ 3
a == 1 + 2 + 3+ 4+ 5+ 6+ 6+ 7+ 8 + 4+ 5+ 3+ 4+ 2+ 3
endfor
a.member == 1
return a

6
zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok
View file

@ -1,15 +1,15 @@
// Parameters are based on: https://github.com/HarryR/ethsnarks/tree/9cdf0117c2e42c691e75b98979cb29b099eca998/src/jubjub
// Parameters are based on: https://github.com/HarryR/ethsnarks/tree/9cdf0117c2e42c691e75b98979cb29b099eca998/src/jubjub
// Note: parameters will be updated soon to be more compatible with zCash's implementation
def main() -> (field[10]):
// Order of the curve E
field JUBJUBE = 21888242871839275222246405745257275088614511777268538073601725287587578984328
field JUBJUBE = 21888242871839275222246405745257275088614511777268538073601725287587578984328
field JUBJUBC = 8 // Cofactor
field JUBJUBA = 168700 // Coefficient A
field JUBJUBD = 168696 // Coefficient D
field MONTA = 168698 // int(2*(JUBJUB_A+JUBJUB_D)/(JUBJUB_A-JUBJUB_D))
field MONTB = 1 // int(4/(JUBJUB_A-JUBJUB_D))
// Point at infinity
field[2] infinity = [0, 1]

2
zokrates_stdlib/stdlib/ecc/edwardsAdd.zok
View file

@ -5,7 +5,7 @@ import "ecc/babyjubjubParams" as context
def main(field[2] pt1, field[2] pt2, field[10] context) -> (field[2]):
field a = context[0]
field d = context[1]
field d = context[1]
field u1 = pt1[0]
field v1 = pt1[1]

4
zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok
View file

@ -5,12 +5,12 @@
def main(field[2] pt, field[10] context) -> (field):
field a = context[0]
field d = context[1]
field d = context[1]
field uu = pt[0] * pt[0]
field vv = pt[1] * pt[1]
field uuvv = uu * vv
a * uu + vv == 1 + d * uuvv
return 1

8
zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok
View file

@ -3,23 +3,23 @@ import "ecc/edwardsScalarMult" as multiply
import "utils/pack/nonStrictUnpack256" as unpack256
// Verifies that the point is not one of the low-order points.
// If any of the points is multiplied by the cofactor, the resulting point
// will be infinity.
// will be infinity.
// Returns 1 if the point is not one of the low-order points, 0 otherwise.
// Curve parameters are defined with the last argument
// https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/edwards.rs#L166
def main(field[2] pt, field[10] context) -> (field):
field cofactor = context[7]
field cofactor = context[7]
// Co-factor currently hard-coded to 8 for efficiency reasons
// See discussion here: https://github.com/Zokrates/ZoKrates/pull/301#discussion_r267203391
// Generic code:
// field[256] cofactorExponent = unpack256(cofactor)
// field[256] cofactorExponent = unpack256(cofactor)
// field[2] ptExp = multiply(cofactorExponent, pt, context)
field[2] ptExp = add(pt, pt, context) // 2*pt
ptExp = add(ptExp, ptExp, context) // 4*pt
ptExp = add(ptExp, ptExp, context) // 8*pt
field out = if ptExp[0] == 0 && ptExp[1] == 1 then 0 else 1 fi
return out

6
zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok
View file

@ -3,16 +3,16 @@ import "ecc/edwardsOnCurve" as assertOnCurve
// Function that implements scalar multiplication for a fixed base point
// Curve parameters are defined with the last argument
// The exponent is hard-coded to a 256bit scalar, hence we allow wrapping around the group for certain
// curve parameters.
// curve parameters.
// Note that the exponent array is not check to be boolean in this gadget
// Reference: https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/fs.rs#L555
def main(field[256] exponent, field[2] pt, field[10] context) -> (field[2]):
field[2] infinity = [context[2], context[3]]
field[2] infinity = [context[2], context[3]]
field[2] doubledP = pt
field[2] accumulatedP = infinity
for field i in 0..256 do
field j = 255 - i
candidateP = add(accumulatedP, doubledP, context)

2
zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok
View file

@ -12,7 +12,7 @@ import "ecc/edwardsCompress" as edwardsCompress
// #%%
// entropy = np.random.bytes(64)
// hasher = PedersenHasher("test")
// print(hasher.dsl_code)
// print(hasher.dsl_code)
// 512bit to 256bit Pedersen hash using compression of the field elements
def main(field[512] e) -> (field[256]):

4
zokrates_stdlib/stdlib/hashes/pedersen/6bit.zok
View file

@ -1,5 +1,5 @@
import "utils/multiplexer/lookup3bitSigned" as sel3s
import "utils/multiplexer/lookup2bit" as sel2
import "utils/multiplexer/lookup3bitSigned" as sel3s
import "utils/multiplexer/lookup2bit" as sel2
import "ecc/babyjubjubParams" as context
import "ecc/edwardsAdd" as add

6
zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok
View file

@ -1,7 +1,7 @@
import "./IVconstants" as IVconstants
import "./shaRoundNoBoolCheck" as sha256
import "./IVconstants" as IVconstants
import "./shaRoundNoBoolCheck" as sha256
// A function that takes 4 field[256] arrays as inputs
// A function that takes 4 field[256] arrays as inputs
// and applies 2 rounds of sha256 compression.
// It returns an array of 256 field elements.
def main(field[256] a, field[256] b, field[256] c, field[256] d) -> (field[256]):

2
zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok
View file

@ -1,5 +1,5 @@
import "./1536bit" as sha256
// Take two field[256] arrays as input
// Take two field[256] arrays as input
// and returns their sha256 full round output as an array of 256 field elements.
def main(field[256] a, field[256] b, field[256] c, field[256] d) -> (field[256]):

6
zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok
View file

@ -1,7 +1,7 @@
import "./IVconstants" as IVconstants
import "./shaRoundNoBoolCheck" as sha256
import "./IVconstants" as IVconstants
import "./shaRoundNoBoolCheck" as sha256
// A function that takes 6 field[256] arrays as inputs
// A function that takes 6 field[256] arrays as inputs
// and applies 3 rounds of sha256 compression.
// It returns an array of 256 field elements.
def main(field[256] a, field[256] b, field[256] c, field[256] d, field[256] e, field[256] f) -> (field[256]):

6
zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok
View file

@ -1,12 +1,12 @@
import "./512bit" as sha256
import "./512bit" as sha256
// A function that takes 1 field[256] array as input
// A function that takes 1 field[256] array as input
// and returns the sha256 full round output as an array of 256 field elements.
def main(field[256] a) -> (field[256]):
// Hash is computed on 256 bits of input
// padding fits in the remaining 256 bits of the first block
// add dummy block (single "1" followed by "0" + total length)
// add dummy block (single "1" followed by "0" + total length)
field[256] dummyblock1 = [ \
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \

12
zokrates_stdlib/stdlib/hashes/sha256/512bit.zok
View file

@ -1,15 +1,15 @@
import "./IVconstants" as IVconstants
import "./shaRoundNoBoolCheck" as sha256
import "./IVconstants" as IVconstants
import "./shaRoundNoBoolCheck" as sha256
// A function that takes 2 field[256] arrays as inputs
// A function that takes 2 field[256] arrays as inputs
// and returns their sha256 compression function as an array of 256 field elements.
// In contrast to full_round.zok no padding is being applied
// In contrast to full_round.zok no padding is being applied
def main(field[256] a, field[256] b) -> (field[256]):
// a and b is NOT checked to be of type bool
IV = IVconstants()
digest = sha256(a, b, IV)
//digest is constraint to be of type bool
//digest is constraint to be of type bool
return digest
return digest

12
zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok
View file

@ -3,20 +3,20 @@ import "../../utils/pack/unpack128" as unpack128
import "./512bitPadded" as sha256
// A function that takes an array of 4 field elements as inputs, unpacks each of them to 128
// bits (big endian), concatenates them and applies sha256.
// It then returns an array of two field elements, each representing 128 bits of the result.
// It then returns an array of two field elements, each representing 128 bits of the result.
def main(field[4] preimage) -> (field[2]):
a = unpack128(preimage[0])
b = unpack128(preimage[1])
c = unpack128(preimage[2])
d = unpack128(preimage[3])
field[256] lhs = [...a, ...b]
field[256] rhs = [...c, ...d]
field[256] r = sha256(lhs, rhs)
field[256] r = sha256(lhs, rhs)
res0 = pack128(r[..128])
res1 = pack128(r[128..])
return [res0, res1]
return [res0, res1]

10
zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok
View file

@ -1,16 +1,16 @@
import "./1024bit" as sha256
import "./1024bit" as sha256
// A function that takes 2 field[256] arrays as inputs
// A function that takes 2 field[256] arrays as inputs
// and returns their sha256 full round output as an array of 256 field elements.
def main(field[256] a, field[256] b) -> (field[256]):
// Hash is computed on the full 512bit block size
// Hash is computed on the full 512bit block size
// padding does not fit in the primary block
// add dummy block (single "1" followed by "0" + total length)
// add dummy block (single "1" followed by "0" + total length)
field[256] dummyblock1 = [1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
// total length of message is 512 bits: 0b1000000000
field[256] dummyblock2 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0]
digest = sha256(a, b, dummyblock1, dummyblock2)
return digest
return digest

8
zokrates_stdlib/stdlib/signatures/verifyEddsa.zok
View file

@ -1,5 +1,5 @@
import "hashes/sha256/1024bitPadded" as sha256
import "ecc/edwardsScalarMult" as scalarMult
import "ecc/edwardsScalarMult" as scalarMult
import "ecc/edwardsAdd" as add
import "utils/pack/nonStrictUnpack256" as unpack256
import "ecc/edwardsOnCurve" as onCurve
@ -30,13 +30,13 @@ def main(private field[2] R, private field S, field[2] A, field[256] M0, field[2
field[2] G = [context[4], context[5]]
// Check if R is on curve and if it is not in a small subgroup. A is public input and can be checked offline
// Check if R is on curve and if it is not in a small subgroup. A is public input and can be checked offline
field isOnCurve = onCurve(R, context) // throws if R is not on curve
field isPrimeOrder = orderCheck(R, context)
1 == isPrimeOrder
field[256] Rx = unpack256(R[0])
field[256] Ax = unpack256(A[0])
field[256] Ax = unpack256(A[0])
field[256] hRAM = sha256(Rx, Ax, M0, M1)
field[256] sBits = unpack256(S)
@ -47,4 +47,4 @@ def main(private field[2] R, private field S, field[2] A, field[256] M0, field[2
field out = if rhs[0] == lhs[0] && rhs[1] == lhs[1] then 1 else 0 fi
return out
return out

2
zokrates_stdlib/stdlib/utils/casts/1024to256array.zok
View file

@ -1,3 +1,3 @@
def main(field[1024] input) -> (field[256], field[256], field[256], field[256]):
return input[0..256], input[256..512], input[512..768], input[768..1024]
return input[0..256], input[256..512], input[512..768], input[768..1024]

2
zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok
View file

@ -5,7 +5,7 @@ import "./lookup2bit" as lookup
// */
def main(field[3] b, field[4] c) -> (field):
field alpha = lookup([b[0], b[1]], c)
field alpha = lookup([b[0], b[1]], c)
field out = alpha - 2*b[2]*alpha
return out

2
zokrates_stdlib/stdlib/utils/pack/pack128.zok
View file

@ -7,4 +7,4 @@ def main(field[128] bits) -> (field):
out = out + bits[i] * (2 ** j)
endfor
return out
return out

2
zokrates_stdlib/stdlib/utils/pack/pack256.zok
View file

@ -7,4 +7,4 @@ def main(field[256] bits) -> (field):
out = out + bits[i] * (2 ** j)
endfor
return out
return out

4
zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok
View file

@ -1,9 +1,9 @@
import "ecc/edwardsAdd" as add
import "ecc/edwardsNegate" as neg
import "ecc/edwardsNegate" as neg
import "ecc/babyjubjubParams" as context
// Code to create test cases:
// https://github.com/Zokrates/pycrypto
// https://github.com/Zokrates/pycrypto
def testDoubleViaAdd() -> (field):
context = context()
field[2] G = [context[4], context[5]]

4
zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok
View file

@ -1,8 +1,8 @@
import "ecc/edwardsCompress" as edwardsCompress
import "ecc/edwardsCompress" as edwardsCompress
import "ecc/babyjubjubParams" as context
// Code to create test cases:
// https://github.com/Zokrates/pycrypto
// https://github.com/Zokrates/pycrypto
def testCompress() -> (field):
context = context()

2
zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok
View file

@ -2,7 +2,7 @@ import "ecc/babyjubjubParams" as context
import "ecc/edwardsOnCurve" as onCurve
// Code to create test cases:
// https://github.com/Zokrates/pycrypto
// https://github.com/Zokrates/pycrypto
def testOnCurveTrue() -> (field):
context = context()

2
zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok
View file

@ -2,7 +2,7 @@ import "ecc/edwardsOrderCheck" as orderCheck
import "ecc/babyjubjubParams" as context
// Code to create test cases:
// https://github.com/Zokrates/pycrypto
// https://github.com/Zokrates/pycrypto
def testOrderCheckTrue() -> (field):
context = context()

12
zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok
View file

@ -2,7 +2,7 @@ import "ecc/babyjubjubParams" as context
import "ecc/edwardsScalarMult" as mul
// Code to create test cases:
// https://github.com/Zokrates/pycrypto
// https://github.com/Zokrates/pycrypto
def testCyclic() -> (field):
context = context()
field[2] G = [context[4], context[5]]
@ -19,7 +19,7 @@ def testMul2() -> (field):
context = context()
field[2] G = [context[4], context[5]]
// exp == 2
// exp == 2
field[256] exp = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0]
field[2] out = mul(exp, G, context)
@ -33,9 +33,9 @@ def testAssociativity() -> (field):
field[2] G = [context[4], context[5]]
// a = 1234
field[256] a = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0]
field[256] a = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0]
// b = 5678
field[256] b = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0]
field[256] b = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0]
// c = 7890
field[256] c = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0]
@ -62,7 +62,7 @@ def testMultiplicative() -> (field):
field[2] G = [context[4], context[5]]
// a = 1234
field[256] a = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0]
field[256] a = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0]
// b = 5678
field[256] b = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0]
// ab = a*b = 7006652
@ -80,7 +80,7 @@ def testMultiplicative() -> (field):
Gba == Gmab
Gab == Gmab
return 1
return 1
def main() -> (field):
1 == testMul2()

14
zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok
View file

@ -4,7 +4,7 @@ import "ecc/edwardsScalarMult" as multiply
import "utils/pack/nonStrictUnpack256" as unpack256
// Code to create test cases:
// https://github.com/Zokrates/pycrypto
// https://github.com/Zokrates/pycrypto
def testOwnershipTrue() -> (field):
context = context()
field[2] G = [context[4], context[5]]
@ -12,24 +12,24 @@ def testOwnershipTrue() -> (field):
field[2] Pk = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174]
field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025
field out = proofOfOwnership(Pk, sk, context)
field out = proofOfOwnership(Pk, sk, context)
out == 1
return 1
return 1
def testtOwnershipFalse() -> (field):
context = context()
field[2] Pk = [16328093915569409528980874702678312730273137210288183490878184636452430630129, 9377227749598842756429258362864743065769435972445705966557343775367597326529]
field[2] Pk = [16328093915569409528980874702678312730273137210288183490878184636452430630129, 9377227749598842756429258362864743065769435972445705966557343775367597326529]
field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025
field out = proofOfOwnership(Pk, sk, context)
field out = proofOfOwnership(Pk, sk, context)
out == 0
return 1
def main() -> (field):
1 == testOwnershipTrue()
1 == testtOwnershipFalse()
1 == testOwnershipTrue()
1 == testtOwnershipFalse()
return 1

2
zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok
View file

@ -16,7 +16,7 @@ import "hashes/pedersen/512bit" as pedersen
def main() -> (field):
field[512] e = [0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1]
field[512] e = [0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1]
field[256] d = pedersen(e)
d == [0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1]

2
zokrates_stdlib/tests/tests/hashes/pedersen/6bit.zok
View file

@ -2,7 +2,7 @@
//
// from zokrates.gadgets.pedersenHasher import PedersenHasher
// import bitstring
// hasher = PedersenHasher("test", 2)
// hasher = PedersenHasher("test", 2)
// bs = bitstring.BitArray('0b110000')
// hasher.hash_bits(bs)

6
zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok
View file

@ -1,13 +1,13 @@
// Python code used to create test vector:
// import hashlib
// import hashlib
// preimage = bytes.fromhex('00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\
// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05')
// bin(int(preimage.hex(), 16))
// bin(int(preimage.hex(), 16))
// # '0b101'
// digest = hashlib.sha256(preimage).hexdigest()
// digest = hashlib.sha256(preimage).hexdigest()
// # digest = 'c6481e22c5ff4164af680b8cfaa5e8ed3120eeff89c4f307c4a6faaae059ce10'
// int(digest[:32], 16)

6
zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok
View file

@ -1,13 +1,13 @@
// Python code used to create test vector:
// import hashlib
// import hashlib
// preimage = bytes.fromhex('00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\
// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05')
// bin(int(preimage.hex(), 16))
// bin(int(preimage.hex(), 16))
// # '0b101'
// digest = hashlib.sha256(preimage).hexdigest()
// digest = hashlib.sha256(preimage).hexdigest()
// # digest = 'c6481e22c5ff4164af680b8cfaa5e8ed3120eeff89c4f307c4a6faaae059ce10'
// bin(int(digest, 16))

8
zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok
View file

@ -2,18 +2,18 @@ import "signatures/verifyEddsa" as verifyEddsa
import "ecc/babyjubjubParams" as context
// Code to create test case:
// https://github.com/Zokrates/pycrypto
// https://github.com/Zokrates/pycrypto
def main() -> (field):
context = context()
field[2] R = [20197911405516193152560090893341588680064377398162745404177962124159545390767, 9171190326927340493105240100684097896571028312802691203521747450053192554927]
field[2] R = [20197911405516193152560090893341588680064377398162745404177962124159545390767, 9171190326927340493105240100684097896571028312802691203521747450053192554927]
field S = 6050429445242986634735172402304257690628456074852538287769363221635064371045
// Private Key
field[2] A = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174]
field[2] A = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174]
field[256] M0 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
field[256] M0 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
field[256] M1 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1]
field isVerified = verifyEddsa(R, S, A, M0, M1, context)

6
zokrates_stdlib/tests/tests/utils/multiplexer/256bit.zok
View file

@ -5,10 +5,10 @@ def left() -> (field):
field[256] a = [0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0]
field[256] b = [0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1]
field[256] output = [0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0]
field[256] output = [0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0]
output == multiplex(bit, a, b)
return 1
return 1
def right() -> (field):
field bit = 1 //right
@ -19,7 +19,7 @@ def right() -> (field):
field[256] output = [0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1]
output == multiplex(bit, a, b)
return 1
return 1
def main() -> (field):

4
zokrates_stdlib/tests/tests/utils/multiplexer/2bit.zok
View file

@ -8,7 +8,7 @@ def left() -> (field):
field[2] output = [0, 1]
output == multiplex(bit, a, b)
return 1
return 1
def right() -> (field):
field bit = 1 //right
@ -18,7 +18,7 @@ def right() -> (field):
field[2] output = [1, 0]
output == multiplex(bit, a, b)
return 1
return 1
def main() -> (field):

6
zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.zok
View file

@ -1,4 +1,4 @@
import "utils/multiplexer/lookup1bit" as lookup
import "utils/multiplexer/lookup1bit" as lookup
def left() -> (field):
field sel = 0 //left
@ -6,7 +6,7 @@ def left() -> (field):
0 == lookup(sel, t)
return 1
return 1
def right() -> (field):
field sel = 1 //right
@ -14,7 +14,7 @@ def right() -> (field):
1 == lookup(sel, t)
return 1
return 1
def main() -> (field):

18
zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.zok
View file

@ -1,36 +1,36 @@
import "utils/multiplexer/lookup2bit" as lookup
import "utils/multiplexer/lookup2bit" as lookup
def first() -> (field):
field[2] sel = [0,0]
field[2] sel = [0,0]
field[4] t = [0, 1, 2 , 3]
0 == lookup(sel, t)
return 1
return 1
def second() -> (field):
field[2] sel = [1,0]
field[2] sel = [1,0]
field[4] t = [0, 1, 2 , 3]
1 == lookup(sel, t)
return 1
return 1
def thrid() -> (field):
field[2] sel = [0,1]
field[2] sel = [0,1]
field[4] t = [0, 1, 2 , 3]
2 == lookup(sel, t)
return 1
return 1
def fourth() -> (field):
field[2] sel = [1,1]
field[2] sel = [1,1]
field[4] t = [0, 1, 2 , 3]
3 == lookup(sel, t)
return 1
return 1
def main() -> (field):

28
zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.zok
View file

@ -1,15 +1,15 @@
import "utils/multiplexer/lookup3bitSigned" as lookup
import "utils/multiplexer/lookup3bitSigned" as lookup
def first() -> (field):
field[3] sel = [0,0,0]
field[3] sel = [0,0,0]
field[4] t = [0, 1, 2 , 3]
0 == lookup(sel, t)
return 1
return 1
def firstNeg() -> (field):
field[3] sel = [0,0,1]
field[3] sel = [0,0,1]
field[4] t = [0, 1, 2 , 3]
0 == lookup(sel, t)
@ -17,32 +17,32 @@ def firstNeg() -> (field):
return 1
def second() -> (field):
field[3] sel = [1,0,0]
field[3] sel = [1,0,0]
field[4] t = [0, 1, 2 , 3]
1 == lookup(sel, t)
return 1
return 1
def secondNeg() -> (field):
field[3] sel = [1,0,1]
field[3] sel = [1,0,1]
field[4] t = [0, 1, 2 , 3]
field out = 0 - 1
out == lookup(sel, t)
return 1
return 1
def thrid() -> (field):
field[3] sel = [0,1,0]
field[3] sel = [0,1,0]
field[4] t = [0, 1, 2 , 3]
2 == lookup(sel, t)
return 1
return 1
def thridNeg() -> (field):
field[3] sel = [0,1,1]
field[3] sel = [0,1,1]
field[4] t = [0, 1, 2 , 3]
field out = 0 - 2
@ -51,7 +51,7 @@ def thridNeg() -> (field):
return 1
def fourth() -> (field):
field[3] sel = [1,1,0]
field[3] sel = [1,1,0]
field[4] t = [0, 1, 2 , 3]
3 == lookup(sel, t)
@ -59,13 +59,13 @@ def fourth() -> (field):
return 1
def fourthNeg() -> (field):
field[3] sel = [1,1,1]
field[3] sel = [1,1,1]
field[4] t = [0, 1, 2 , 3]
field out = 0 - 3
out == lookup(sel, t)
return 1
return 1
def main() -> (field):

2
zokrates_stdlib/tests/tests/utils/pack/pack128.zok
View file

@ -20,7 +20,7 @@ def testZero() -> (field):
def testMax() -> (field):
field[128] b = [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
field[128] b = [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
field n = pack128(b)
340282366920938463463374607431768211455 == n

2
zokrates_stdlib/tests/tests/utils/pack/unpack128.zok
View file

@ -20,7 +20,7 @@ def testMax() -> (field):
field[128] b = unpack128(340282366920938463463374607431768211455)
b == [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
b == [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
return 1