Merge pull request #629 from Zokrates/remove-bellman-embeds
Remove bellman embeds, upgrade stdlib to u32
This commit is contained in:
Thibaut Schaeffer
GitHub
commit
28ae999264
75 changed files with 1692 additions and 1347 deletions
73
Cargo.lock
generated
73
Cargo.lock
generated
|
|
@ -27,15 +27,6 @@ dependencies = [
|
|||
"winapi",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "arrayvec"
|
||||
version = "0.4.12"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cd9fd44efafa8690358b7408d253adf110036b88f55672a933f01d616ad9b1b9"
|
||||
dependencies = [
|
||||
"nodrop",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "assert_cli"
|
||||
version = "0.5.4"
|
||||
|
|
@ -120,17 +111,6 @@ version = "1.2.1"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
|
||||
|
||||
[[package]]
|
||||
name = "blake2-rfc_bellman_edition"
|
||||
version = "0.0.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "fdc60350286c7c3db13b98e91dbe5c8b6830a6821bc20af5b0c310ce94d74915"
|
||||
dependencies = [
|
||||
"arrayvec",
|
||||
"byteorder",
|
||||
"constant_time_eq",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "block-buffer"
|
||||
version = "0.7.3"
|
||||
|
|
@ -261,12 +241,6 @@ dependencies = [
|
|||
"wasm-bindgen",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "constant_time_eq"
|
||||
version = "0.1.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc"
|
||||
|
||||
[[package]]
|
||||
name = "crossbeam"
|
||||
version = "0.7.3"
|
||||
|
|
@ -338,12 +312,6 @@ dependencies = [
|
|||
"lazy_static",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "crunchy"
|
||||
version = "0.2.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7"
|
||||
|
||||
[[package]]
|
||||
name = "csv"
|
||||
version = "1.1.3"
|
||||
|
|
@ -802,12 +770,6 @@ dependencies = [
|
|||
"autocfg",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "nodrop"
|
||||
version = "0.1.14"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "72ef4a56884ca558e5ddb05a1d1e7e1bfd9a68d9ed024c21704cc98872dae1bb"
|
||||
|
||||
[[package]]
|
||||
name = "num"
|
||||
version = "0.1.42"
|
||||
|
|
@ -1245,23 +1207,6 @@ dependencies = [
|
|||
"winapi-util",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "sapling-crypto_ce"
|
||||
version = "0.1.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1c4ff5309ec3e4bd800ad4ab3f71e9b76e9ea81c9f0eda6efa16008afbe440b3"
|
||||
dependencies = [
|
||||
"bellman_ce",
|
||||
"blake2-rfc_bellman_edition",
|
||||
"byteorder",
|
||||
"digest",
|
||||
"rand 0.4.6",
|
||||
"serde",
|
||||
"serde_derive",
|
||||
"sha2",
|
||||
"tiny-keccak",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "scoped-tls"
|
||||
version = "1.0.0"
|
||||
|
|
@ -1470,15 +1415,6 @@ dependencies = [
|
|||
"lazy_static",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "tiny-keccak"
|
||||
version = "2.0.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2c9d3793400a45f954c52e73d068316d76b6f4e36977e3fcebb13a2721e80237"
|
||||
dependencies = [
|
||||
"crunchy",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "typed-arena"
|
||||
version = "1.7.0"
|
||||
|
|
@ -1790,7 +1726,6 @@ dependencies = [
|
|||
"typed-arena",
|
||||
"wasm-bindgen-test",
|
||||
"zokrates_common",
|
||||
"zokrates_embed",
|
||||
"zokrates_field",
|
||||
"zokrates_pest_ast",
|
||||
]
|
||||
|
|
@ -1803,14 +1738,6 @@ dependencies = [
|
|||
"zokrates_test",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "zokrates_embed"
|
||||
version = "0.1.1"
|
||||
dependencies = [
|
||||
"bellman_ce",
|
||||
"sapling-crypto_ce",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "zokrates_field"
|
||||
version = "0.3.6"
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ members = [
|
|||
"zokrates_cli",
|
||||
"zokrates_fs_resolver",
|
||||
"zokrates_stdlib",
|
||||
"zokrates_embed",
|
||||
"zokrates_abi",
|
||||
"zokrates_test",
|
||||
"zokrates_core_test",
|
||||
|
|
|
|||
|
|
@ -19,19 +19,44 @@ npm install zokrates-js
|
|||
|
||||
## Usage
|
||||
|
||||
### Importing
|
||||
|
||||
Bundlers
|
||||
```js
|
||||
import { initialize } from 'zokrates-js';
|
||||
```
|
||||
|
||||
function importResolver(location, path) {
|
||||
Node
|
||||
```js
|
||||
const { initialize } = require('zokrates-js/node');
|
||||
```
|
||||
|
||||
### Example
|
||||
```js
|
||||
function importResolver(currentLocation, importLocation) {
|
||||
// implement your resolving logic here
|
||||
return {
|
||||
source: "def main() -> (): return",
|
||||
location: path
|
||||
return {
|
||||
source: "def main() -> (): return",
|
||||
location: importLocation
|
||||
};
|
||||
}
|
||||
|
||||
initialize().then((zokratesProvider) => {
|
||||
// we have to initialize the wasm module before calling api functions
|
||||
zokratesProvider.compile("def main(private field a) -> (field): return a", "main", importResolver)
|
||||
const source = "def main(private field a) -> (field): return a * a";
|
||||
|
||||
// compilation
|
||||
const artifacts = zokratesProvider.compile(source, "main", importResolver);
|
||||
|
||||
// computation
|
||||
const { witness, output } = zokratesProvider.computeWitness(artifacts, ["2"]);
|
||||
|
||||
// run setup
|
||||
const keypair = zokratesProvider.setup(artifacts.program);
|
||||
|
||||
// generate proof
|
||||
const proof = zokratesProvider.generateProof(artifacts.program, witness, keypair.pk);
|
||||
|
||||
// export solidity verifier
|
||||
const verifier = zokratesProvider.exportSolidityVerifier(keypair.vk, "v1");
|
||||
});
|
||||
```
|
||||
|
|
|
|||
|
|
@ -6,14 +6,15 @@ import "hashes/utils/256bitsDirectionHelper" as multiplex
|
|||
|
||||
// Merke-Tree inclusion proof for tree depth 3 using SNARK efficient pedersen hashes
|
||||
// directionSelector=> 1/true if current digest is on the rhs of the hash
|
||||
def main(bool[256] rootDigest, private bool[256] leafDigest, private bool[3] directionSelector, bool[256] PathDigest0, private bool[256] PathDigest1, private bool[256] PathDigest2) -> ():
|
||||
|
||||
def main(u32[8] rootDigest, private u32[8] leafDigest, private bool[3] directionSelector, u32[8] PathDigest0, private u32[8] PathDigest1, private u32[8] PathDigest2) -> ():
|
||||
BabyJubJubParams context = context()
|
||||
|
||||
//Setup
|
||||
bool[256] currentDigest = leafDigest
|
||||
u32[8] currentDigest = leafDigest
|
||||
|
||||
//Loop up the tree
|
||||
bool[512] preimage = multiplex(directionSelector[0], currentDigest, PathDigest0)
|
||||
u32[16] preimage = multiplex(directionSelector[0], currentDigest, PathDigest0)
|
||||
currentDigest = hash(preimage)
|
||||
|
||||
preimage = multiplex(directionSelector[1], currentDigest, PathDigest1)
|
||||
|
|
|
|||
|
|
@ -3,17 +3,17 @@ import "utils/multiplexer/256bit" as multiplex
|
|||
|
||||
// Merkle-Tree inclusion proof for tree depth 3
|
||||
|
||||
def main(field treeDepth, bool[256] rootDigest, private bool[256] leafDigest, private bool[2] directionSelector, bool[256] PathDigest0, private bool[256] PathDigest1) -> ():
|
||||
def main(field treeDepth, u32[8] rootDigest, private u32[8] leafDigest, private bool[2] directionSelector, u32[8] PathDigest0, private u32[8] PathDigest1) -> ():
|
||||
|
||||
//Setup
|
||||
bool[256] currentDigest = leafDigest
|
||||
u32[8] currentDigest = leafDigest
|
||||
field counter = 1
|
||||
bool currentDirection = false
|
||||
|
||||
//Loop up the tree
|
||||
currentDirection = directionSelector[0]
|
||||
bool[256] lhs = multiplex(currentDirection, currentDigest, PathDigest0)
|
||||
bool[256] rhs = multiplex(!currentDirection, currentDigest, PathDigest0)
|
||||
u32[8] lhs = multiplex(currentDirection, currentDigest, PathDigest0)
|
||||
u32[8] rhs = multiplex(!currentDirection, currentDigest, PathDigest0)
|
||||
currentDigest = sha256(lhs, rhs)
|
||||
counter = counter + 1
|
||||
|
||||
|
|
|
|||
|
|
@ -1,260 +0,0 @@
|
|||
[
|
||||
[
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
true
|
||||
]
|
||||
]
|
||||
|
|
@ -1 +0,0 @@
|
|||
~out_0 1
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
import "EMBED/sha256round" as sha256
|
||||
|
||||
def main(private bool[256] expected) -> (field):
|
||||
|
||||
bool[256] a = [false; 256]
|
||||
bool[256] b = [false; 256]
|
||||
b[253] = true
|
||||
b[255] = true
|
||||
|
||||
bool[256] IV = [false, true, true, false, true, false, true, false, false, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, false, true, true, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, true, true, true, false, true, false, false, false, false, true, false, true, false, false, true, true, true, true, false, false, false, true, true, false, true, true, true, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false, true, false, true, false, false, true, false, true, false, true, false, false, true, true, true, true, true, true, true, true, false, true, false, true, false, false, true, true, true, false, true, false, false, true, false, true, false, false, false, true, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, true, true, true, true, true, true, true, false, false, true, true, false, true, true, false, false, false, false, false, true, false, true, false, true, true, false, true, false, false, false, true, false, false, false, true, true, false, false, false, false, false, true, true, true, true, true, true, false, false, false, false, false, true, true, true, true, false, true, true, false, false, true, true, false, true, false, true, false, true, true, false, true, false, true, true, false, true, true, true, true, true, false, false, false, false, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, false, true]
|
||||
|
||||
assert(expected == sha256([...a, ...b], IV))
|
||||
|
||||
return 1
|
||||
|
|
@ -9,7 +9,7 @@ build = "build.rs"
|
|||
[features]
|
||||
default = ["bellman_ce/nolog"]
|
||||
libsnark = ["cc", "cmake", "git2"]
|
||||
wasm = ["bellman_ce/wasm", "zokrates_embed/wasm"]
|
||||
wasm = ["bellman_ce/wasm"]
|
||||
multicore = ["bellman_ce/multicore"]
|
||||
|
||||
[dependencies]
|
||||
|
|
@ -29,7 +29,6 @@ pairing_ce = "^0.21"
|
|||
ff_ce = "^0.9"
|
||||
zokrates_field = { version = "0.3.0", path = "../zokrates_field" }
|
||||
zokrates_pest_ast = { version = "0.1.0", path = "../zokrates_pest_ast" }
|
||||
zokrates_embed = { path = "../zokrates_embed" }
|
||||
zokrates_common = { path = "../zokrates_common" }
|
||||
rand = "0.4"
|
||||
csv = "1"
|
||||
|
|
|
|||
|
|
@ -1,19 +1,16 @@
|
|||
use crate::solvers::Solver;
|
||||
use bellman::pairing::ff::ScalarEngine;
|
||||
use flat_absy::{
|
||||
FlatDirective, FlatExpression, FlatExpressionList, FlatFunction, FlatParameter, FlatStatement,
|
||||
FlatVariable,
|
||||
};
|
||||
use std::collections::HashMap;
|
||||
use typed_absy::types::{FunctionKey, Signature, Type};
|
||||
use zokrates_embed::{generate_sha256_round_constraints, BellmanConstraint};
|
||||
use zokrates_field::Field;
|
||||
|
||||
/// A low level function that contains non-deterministic introduction of variables. It is carried out as is until
|
||||
/// the flattening step when it can be inlined.
|
||||
#[derive(Debug, Clone, PartialEq, Hash)]
|
||||
pub enum FlatEmbed {
|
||||
Sha256Round,
|
||||
Unpack(usize),
|
||||
U8ToBits,
|
||||
U16ToBits,
|
||||
|
|
@ -26,12 +23,6 @@ pub enum FlatEmbed {
|
|||
impl FlatEmbed {
|
||||
pub fn signature(&self) -> Signature {
|
||||
match self {
|
||||
FlatEmbed::Sha256Round => Signature::new()
|
||||
.inputs(vec![
|
||||
Type::array(Type::Boolean, 512),
|
||||
Type::array(Type::Boolean, 256),
|
||||
])
|
||||
.outputs(vec![Type::array(Type::Boolean, 256)]),
|
||||
FlatEmbed::Unpack(bitwidth) => Signature::new()
|
||||
.inputs(vec![Type::FieldElement])
|
||||
.outputs(vec![Type::array(Type::Boolean, *bitwidth)]),
|
||||
|
|
@ -62,7 +53,6 @@ impl FlatEmbed {
|
|||
|
||||
pub fn id(&self) -> &'static str {
|
||||
match self {
|
||||
FlatEmbed::Sha256Round => "_SHA256_ROUND",
|
||||
FlatEmbed::Unpack(_) => "_UNPACK",
|
||||
FlatEmbed::U8ToBits => "_U8_TO_BITS",
|
||||
FlatEmbed::U16ToBits => "_U16_TO_BITS",
|
||||
|
|
@ -76,144 +66,12 @@ impl FlatEmbed {
|
|||
/// Actually get the `FlatFunction` that this `FlatEmbed` represents
|
||||
pub fn synthetize<T: Field>(&self) -> FlatFunction<T> {
|
||||
match self {
|
||||
FlatEmbed::Sha256Round => sha256_round(),
|
||||
FlatEmbed::Unpack(bitwidth) => unpack_to_bitwidth(*bitwidth),
|
||||
_ => unreachable!(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// util to convert a vector of `(variable_id, coefficient)` to a flat_expression
|
||||
// we build a binary tree of additions by splitting the vector recursively
|
||||
fn flat_expression_from_vec<T: Field>(
|
||||
v: &[(usize, <<T as Field>::BellmanEngine as ScalarEngine>::Fr)],
|
||||
) -> FlatExpression<T> {
|
||||
match v.len() {
|
||||
0 => FlatExpression::Number(T::zero()),
|
||||
1 => {
|
||||
let (key, val) = v[0].clone();
|
||||
FlatExpression::Mult(
|
||||
box FlatExpression::Number(T::from_bellman(val)),
|
||||
box FlatExpression::Identifier(FlatVariable::new(key)),
|
||||
)
|
||||
}
|
||||
n => {
|
||||
let (u, v) = v.split_at(n / 2);
|
||||
FlatExpression::Add(
|
||||
box flat_expression_from_vec(u),
|
||||
box flat_expression_from_vec(v),
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<T: Field> From<BellmanConstraint<T::BellmanEngine>> for FlatStatement<T> {
|
||||
fn from(c: zokrates_embed::BellmanConstraint<T::BellmanEngine>) -> FlatStatement<T> {
|
||||
let rhs_a = flat_expression_from_vec(&c.a);
|
||||
let rhs_b = flat_expression_from_vec(&c.b);
|
||||
let lhs = flat_expression_from_vec(&c.c);
|
||||
|
||||
FlatStatement::Condition(lhs, FlatExpression::Mult(box rhs_a, box rhs_b))
|
||||
}
|
||||
}
|
||||
|
||||
/// Returns a flat function which computes a sha256 round
|
||||
///
|
||||
/// # Remarks
|
||||
///
|
||||
/// The variables inside the function are set in this order:
|
||||
/// - constraint system variables
|
||||
/// - arguments
|
||||
pub fn sha256_round<T: Field>() -> FlatFunction<T> {
|
||||
// Define iterators for all indices at hand
|
||||
let (r1cs, input_indices, current_hash_indices, output_indices) =
|
||||
generate_sha256_round_constraints::<T::BellmanEngine>();
|
||||
|
||||
// indices of the input
|
||||
let input_indices = input_indices.into_iter();
|
||||
// indices of the current hash
|
||||
let current_hash_indices = current_hash_indices.into_iter();
|
||||
// indices of the output
|
||||
let output_indices = output_indices.into_iter();
|
||||
|
||||
let variable_count = r1cs.aux_count + 1; // auxiliary and ONE
|
||||
|
||||
// indices of the sha256round constraint system variables
|
||||
let cs_indices = (0..variable_count).into_iter();
|
||||
|
||||
// indices of the arguments to the function
|
||||
// apply an offset of `variable_count` to get the indice of our dummy `input` argument
|
||||
let input_argument_indices = input_indices
|
||||
.clone()
|
||||
.into_iter()
|
||||
.map(|i| i + variable_count);
|
||||
// apply an offset of `variable_count` to get the indice of our dummy `current_hash` argument
|
||||
let current_hash_argument_indices = current_hash_indices
|
||||
.clone()
|
||||
.into_iter()
|
||||
.map(|i| i + variable_count);
|
||||
|
||||
// define parameters to the function based on the variables
|
||||
let arguments = input_argument_indices
|
||||
.clone()
|
||||
.chain(current_hash_argument_indices.clone())
|
||||
.map(|i| FlatParameter {
|
||||
id: FlatVariable::new(i),
|
||||
private: true,
|
||||
})
|
||||
.collect();
|
||||
|
||||
// define a binding of the first variable in the constraint system to one
|
||||
let one_binding_statement = FlatStatement::Condition(
|
||||
FlatVariable::new(0).into(),
|
||||
FlatExpression::Number(T::from(1)),
|
||||
);
|
||||
|
||||
let input_binding_statements =
|
||||
// bind input and current_hash to inputs
|
||||
input_indices.clone().chain(current_hash_indices).zip(input_argument_indices.clone().chain(current_hash_argument_indices.clone())).map(|(cs_index, argument_index)| {
|
||||
FlatStatement::Condition(
|
||||
FlatVariable::new(cs_index).into(),
|
||||
FlatVariable::new(argument_index).into(),
|
||||
)
|
||||
});
|
||||
|
||||
// insert flattened statements to represent constraints
|
||||
let constraint_statements = r1cs.constraints.into_iter().map(|c| c.into());
|
||||
|
||||
// define which subset of the witness is returned
|
||||
let outputs: Vec<FlatExpression<T>> = output_indices
|
||||
.map(|o| FlatExpression::Identifier(FlatVariable::new(o)))
|
||||
.collect();
|
||||
|
||||
// insert a directive to set the witness based on the bellman gadget and inputs
|
||||
let directive_statement = FlatStatement::Directive(FlatDirective {
|
||||
outputs: cs_indices.map(|i| FlatVariable::new(i)).collect(),
|
||||
inputs: input_argument_indices
|
||||
.chain(current_hash_argument_indices)
|
||||
.map(|i| FlatVariable::new(i).into())
|
||||
.collect(),
|
||||
solver: Solver::Sha256Round,
|
||||
});
|
||||
|
||||
// insert a statement to return the subset of the witness
|
||||
let return_statement = FlatStatement::Return(FlatExpressionList {
|
||||
expressions: outputs,
|
||||
});
|
||||
|
||||
let statements = std::iter::once(directive_statement)
|
||||
.chain(std::iter::once(one_binding_statement))
|
||||
.chain(input_binding_statements)
|
||||
.chain(constraint_statements)
|
||||
.chain(std::iter::once(return_statement))
|
||||
.collect();
|
||||
|
||||
FlatFunction {
|
||||
arguments,
|
||||
statements,
|
||||
}
|
||||
}
|
||||
|
||||
fn use_variable(
|
||||
layout: &mut HashMap<String, FlatVariable>,
|
||||
name: String,
|
||||
|
|
@ -361,86 +219,4 @@ mod tests {
|
|||
);
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod sha256 {
|
||||
use super::*;
|
||||
use ir::Interpreter;
|
||||
|
||||
#[test]
|
||||
fn generate_sha256_constraints() {
|
||||
let compiled = sha256_round();
|
||||
|
||||
// function should have 768 inputs
|
||||
assert_eq!(compiled.arguments.len(), 768,);
|
||||
|
||||
// function should return 256 values
|
||||
assert_eq!(
|
||||
compiled
|
||||
.statements
|
||||
.iter()
|
||||
.filter_map(|s| match s {
|
||||
FlatStatement::Return(v) => Some(v),
|
||||
_ => None,
|
||||
})
|
||||
.next()
|
||||
.unwrap()
|
||||
.expressions
|
||||
.len(),
|
||||
256,
|
||||
);
|
||||
|
||||
// directive should take 768 inputs and return n_var outputs
|
||||
let directive = compiled
|
||||
.statements
|
||||
.iter()
|
||||
.filter_map(|s| match s {
|
||||
FlatStatement::Directive(d) => Some(d.clone()),
|
||||
_ => None,
|
||||
})
|
||||
.next()
|
||||
.unwrap();
|
||||
assert_eq!(directive.inputs.len(), 768);
|
||||
assert_eq!(directive.outputs.len(), 26935);
|
||||
// function input should be offset by variable_count
|
||||
assert_eq!(
|
||||
compiled.arguments[0].id,
|
||||
FlatVariable::new(directive.outputs.len() + 1)
|
||||
);
|
||||
|
||||
// bellman variable #0: index 0 should equal 1
|
||||
assert_eq!(
|
||||
compiled.statements[1],
|
||||
FlatStatement::Condition(
|
||||
FlatVariable::new(0).into(),
|
||||
FlatExpression::Number(Bn128Field::from(1))
|
||||
)
|
||||
);
|
||||
|
||||
// bellman input #0: index 1 should equal zokrates input #0: index v_count
|
||||
assert_eq!(
|
||||
compiled.statements[2],
|
||||
FlatStatement::Condition(
|
||||
FlatVariable::new(1).into(),
|
||||
FlatVariable::new(26936).into()
|
||||
)
|
||||
);
|
||||
|
||||
let f = crate::ir::Function::from(compiled);
|
||||
let prog = crate::ir::Prog {
|
||||
main: f,
|
||||
private: vec![true; 768],
|
||||
};
|
||||
|
||||
let input = (0..512)
|
||||
.map(|_| 0)
|
||||
.chain((0..256).map(|_| 1))
|
||||
.map(|i| Bn128Field::from(i))
|
||||
.collect();
|
||||
|
||||
let interpreter = Interpreter::default();
|
||||
|
||||
interpreter.execute(&prog, &input).unwrap();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -149,17 +149,6 @@ impl Importer {
|
|||
// handle the case of special bellman and packing imports
|
||||
if import.source.starts_with("EMBED") {
|
||||
match import.source.to_str().unwrap() {
|
||||
"EMBED/sha256round" => {
|
||||
let alias = alias.unwrap_or("sha256round");
|
||||
|
||||
symbols.push(
|
||||
SymbolDeclaration {
|
||||
id: &alias,
|
||||
symbol: Symbol::Flat(FlatEmbed::Sha256Round),
|
||||
}
|
||||
.start_end(pos.0, pos.1),
|
||||
);
|
||||
}
|
||||
"EMBED/unpack" => {
|
||||
let alias = alias.unwrap_or("unpack");
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ use ir::Directive;
|
|||
use solvers::Solver;
|
||||
use std::collections::BTreeMap;
|
||||
use std::fmt;
|
||||
use zokrates_embed::generate_sha256_round_witness;
|
||||
use zokrates_field::Field;
|
||||
|
||||
pub type ExecutionResult<T> = Result<Witness<T>, Error>;
|
||||
|
|
@ -186,17 +185,6 @@ impl Interpreter {
|
|||
vec![a * (b - c.clone()) + c]
|
||||
}
|
||||
Solver::Div => vec![inputs[0].clone() / inputs[1].clone()],
|
||||
Solver::Sha256Round => {
|
||||
let i = &inputs[0..512];
|
||||
let h = &inputs[512..];
|
||||
let i: Vec<_> = i.iter().map(|x| x.clone().into_bellman()).collect();
|
||||
let h: Vec<_> = h.iter().map(|x| x.clone().into_bellman()).collect();
|
||||
assert!(h.len() == 256);
|
||||
generate_sha256_round_witness::<T::BellmanEngine>(&i, &h)
|
||||
.into_iter()
|
||||
.map(|x| T::from_bellman(x))
|
||||
.collect()
|
||||
}
|
||||
};
|
||||
|
||||
assert_eq!(res.len(), expected_output_count);
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ extern crate lazy_static;
|
|||
extern crate pairing_ce as pairing;
|
||||
extern crate regex;
|
||||
extern crate zokrates_common;
|
||||
extern crate zokrates_embed;
|
||||
extern crate zokrates_field;
|
||||
extern crate zokrates_pest_ast;
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ pub enum Solver {
|
|||
ConditionEq,
|
||||
Bits(usize),
|
||||
Div,
|
||||
Sha256Round,
|
||||
Xor,
|
||||
Or,
|
||||
ShaAndXorAndXorAnd,
|
||||
|
|
@ -25,7 +24,6 @@ impl Solver {
|
|||
Solver::ConditionEq => (1, 2),
|
||||
Solver::Bits(bit_width) => (1, *bit_width),
|
||||
Solver::Div => (2, 1),
|
||||
Solver::Sha256Round => (768, 26935),
|
||||
Solver::Xor => (2, 1),
|
||||
Solver::Or => (2, 1),
|
||||
Solver::ShaAndXorAndXorAnd => (3, 1),
|
||||
|
|
|
|||
|
|
@ -1,232 +0,0 @@
|
|||
use crate::flat_absy::{FlatExpression, FlatExpressionList, FlatFunction, FlatStatement};
|
||||
use crate::flat_absy::{FlatParameter, FlatVariable};
|
||||
use crate::helpers::{DirectiveStatement, Helper, RustHelper};
|
||||
use crate::types::{Signature, Type};
|
||||
use bellman::pairing::ff::ScalarEngine;
|
||||
use reduce::Reduce;
|
||||
use zokrates_embed::{generate_sha256_round_constraints, BellmanConstraint};
|
||||
use zokrates_field::Field;
|
||||
|
||||
// util to convert a vector of `(variable_id, coefficient)` to a flat_expression
|
||||
fn flat_expression_from_vec<T: Field>(
|
||||
v: Vec<(usize, <<T as Field>::BellmanEngine as ScalarEngine>::Fr)>,
|
||||
) -> FlatExpression<T> {
|
||||
match v
|
||||
.into_iter()
|
||||
.map(|(key, val)| {
|
||||
FlatExpression::Mult(
|
||||
box FlatExpression::Number(T::from_bellman(val)),
|
||||
box FlatExpression::Identifier(FlatVariable::new(key)),
|
||||
)
|
||||
})
|
||||
.reduce(|acc, e| FlatExpression::Add(box acc, box e))
|
||||
{
|
||||
Some(e @ FlatExpression::Mult(..)) => {
|
||||
FlatExpression::Add(box FlatExpression::Number(T::zero()), box e)
|
||||
} // the R1CS serializer only recognizes Add
|
||||
Some(e) => e,
|
||||
None => FlatExpression::Number(T::zero()),
|
||||
}
|
||||
}
|
||||
|
||||
impl<T: Field> From<BellmanConstraint<T::BellmanEngine>> for FlatStatement<T> {
|
||||
fn from(c: zokrates_embed::BellmanConstraint<T::BellmanEngine>) -> FlatStatement<T> {
|
||||
let rhs_a = flat_expression_from_vec(c.a);
|
||||
let rhs_b = flat_expression_from_vec(c.b);
|
||||
let lhs = flat_expression_from_vec(c.c);
|
||||
|
||||
FlatStatement::Condition(lhs, FlatExpression::Mult(box rhs_a, box rhs_b))
|
||||
}
|
||||
}
|
||||
|
||||
/// Returns a flat function which computes a sha256 round
|
||||
///
|
||||
/// # Remarks
|
||||
///
|
||||
/// The variables inside the function are set in this order:
|
||||
/// - constraint system variables
|
||||
/// - arguments
|
||||
pub fn sha_round<T: Field>() -> FlatFunction<T> {
|
||||
// Define iterators for all indices at hand
|
||||
let (r1cs, input_indices, current_hash_indices, output_indices) =
|
||||
generate_sha256_round_constraints::<T::BellmanEngine>();
|
||||
|
||||
// indices of the input
|
||||
let input_indices = input_indices.into_iter();
|
||||
// indices of the current hash
|
||||
let current_hash_indices = current_hash_indices.into_iter();
|
||||
// indices of the output
|
||||
let output_indices = output_indices.into_iter();
|
||||
|
||||
let variable_count = r1cs.aux_count + 1; // auxiliary and ONE
|
||||
|
||||
// indices of the sha256round constraint system variables
|
||||
let cs_indices = (0..variable_count).into_iter();
|
||||
|
||||
// indices of the arguments to the function
|
||||
// apply an offset of `variable_count` to get the indice of our dummy `input` argument
|
||||
let input_argument_indices = input_indices
|
||||
.clone()
|
||||
.into_iter()
|
||||
.map(|i| i + variable_count);
|
||||
// apply an offset of `variable_count` to get the indice of our dummy `current_hash` argument
|
||||
let current_hash_argument_indices = current_hash_indices
|
||||
.clone()
|
||||
.into_iter()
|
||||
.map(|i| i + variable_count);
|
||||
|
||||
// define the signature of the resulting function
|
||||
let signature = Signature {
|
||||
inputs: vec![
|
||||
Type::array(Type::FieldElement, input_indices.len()),
|
||||
Type::array(Type::FieldElement, current_hash_indices.len()),
|
||||
],
|
||||
outputs: vec![Type::array(Type::FieldElement, output_indices.len())],
|
||||
};
|
||||
|
||||
// define parameters to the function based on the variables
|
||||
let arguments = input_argument_indices
|
||||
.clone()
|
||||
.chain(current_hash_argument_indices.clone())
|
||||
.map(|i| FlatParameter {
|
||||
id: FlatVariable::new(i),
|
||||
private: true,
|
||||
})
|
||||
.collect();
|
||||
|
||||
// define a binding of the first variable in the constraint system to one
|
||||
let one_binding_statement = FlatStatement::Condition(
|
||||
FlatVariable::new(0).into(),
|
||||
FlatExpression::Number(T::from(1)),
|
||||
);
|
||||
|
||||
let input_binding_statements =
|
||||
// bind input and current_hash to inputs
|
||||
input_indices.clone().chain(current_hash_indices).zip(input_argument_indices.clone().chain(current_hash_argument_indices.clone())).map(|(cs_index, argument_index)| {
|
||||
FlatStatement::Condition(
|
||||
FlatVariable::new(cs_index).into(),
|
||||
FlatVariable::new(argument_index).into(),
|
||||
)
|
||||
});
|
||||
|
||||
// insert flattened statements to represent constraints
|
||||
let constraint_statements = r1cs.constraints.into_iter().map(|c| c.into());
|
||||
|
||||
// define which subset of the witness is returned
|
||||
let outputs: Vec<FlatExpression<T>> = output_indices
|
||||
.map(|o| FlatExpression::Identifier(FlatVariable::new(o)))
|
||||
.collect();
|
||||
|
||||
// insert a directive to set the witness based on the bellman gadget and inputs
|
||||
let directive_statement = FlatStatement::Directive(DirectiveStatement {
|
||||
outputs: cs_indices.map(|i| FlatVariable::new(i)).collect(),
|
||||
inputs: input_argument_indices
|
||||
.chain(current_hash_argument_indices)
|
||||
.map(|i| FlatVariable::new(i).into())
|
||||
.collect(),
|
||||
helper: Helper::Rust(RustHelper::Sha256Round),
|
||||
});
|
||||
|
||||
// insert a statement to return the subset of the witness
|
||||
let return_statement = FlatStatement::Return(FlatExpressionList {
|
||||
expressions: outputs,
|
||||
});
|
||||
|
||||
let statements = std::iter::once(directive_statement)
|
||||
.chain(std::iter::once(one_binding_statement))
|
||||
.chain(input_binding_statements)
|
||||
.chain(constraint_statements)
|
||||
.chain(std::iter::once(return_statement))
|
||||
.collect();
|
||||
|
||||
FlatFunction {
|
||||
id: "main".to_owned(),
|
||||
arguments,
|
||||
statements,
|
||||
signature,
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use zokrates_field::Bn128Field;
|
||||
|
||||
#[test]
|
||||
fn generate_sha256_constraints() {
|
||||
let compiled = sha_round();
|
||||
|
||||
// function should have a signature of 768 inputs and 256 outputs
|
||||
assert_eq!(
|
||||
compiled.signature,
|
||||
Signature::new()
|
||||
.inputs(vec![
|
||||
Type::array(Type::FieldElement, 512),
|
||||
Type::array(Type::FieldElement, 256)
|
||||
])
|
||||
.outputs(vec![Type::array(Type::FieldElement, 256)])
|
||||
);
|
||||
|
||||
// function should have 768 inputs
|
||||
assert_eq!(compiled.arguments.len(), 768,);
|
||||
|
||||
// function should return 256 values
|
||||
assert_eq!(
|
||||
compiled
|
||||
.statements
|
||||
.iter()
|
||||
.filter_map(|s| match s {
|
||||
FlatStatement::Return(v) => Some(v),
|
||||
_ => None,
|
||||
})
|
||||
.next()
|
||||
.unwrap()
|
||||
.expressions
|
||||
.len(),
|
||||
256,
|
||||
);
|
||||
|
||||
// directive should take 768 inputs and return n_var outputs
|
||||
let directive = compiled
|
||||
.statements
|
||||
.iter()
|
||||
.filter_map(|s| match s {
|
||||
FlatStatement::Directive(d) => Some(d.clone()),
|
||||
_ => None,
|
||||
})
|
||||
.next()
|
||||
.unwrap();
|
||||
assert_eq!(directive.inputs.len(), 768);
|
||||
assert_eq!(directive.outputs.len(), 26935);
|
||||
// function input should be offset by variable_count
|
||||
assert_eq!(
|
||||
compiled.arguments[0].id,
|
||||
FlatVariable::new(directive.outputs.len() + 1)
|
||||
);
|
||||
|
||||
// bellman variable #0: index 0 should equal 1
|
||||
assert_eq!(
|
||||
compiled.statements[1],
|
||||
FlatStatement::Condition(
|
||||
FlatVariable::new(0).into(),
|
||||
FlatExpression::Number(Bn128Field::from(1))
|
||||
)
|
||||
);
|
||||
|
||||
// bellman input #0: index 1 should equal zokrates input #0: index v_count
|
||||
assert_eq!(
|
||||
compiled.statements[2],
|
||||
FlatStatement::Condition(FlatVariable::new(1).into(), FlatVariable::new(26936).into())
|
||||
);
|
||||
|
||||
let f = crate::ir::Function::from(compiled);
|
||||
let prog = crate::ir::Prog {
|
||||
main: f,
|
||||
private: vec![true; 768],
|
||||
};
|
||||
|
||||
let input = (0..512).map(|_| 0).chain((0..256).map(|_| 1)).collect();
|
||||
|
||||
prog.execute(&input).unwrap();
|
||||
}
|
||||
}
|
||||
|
|
@ -104,10 +104,6 @@ impl<'ast, T: Field> Inliner<'ast, T> {
|
|||
let unpack = crate::embed::FlatEmbed::Unpack(T::get_required_bits());
|
||||
let unpack_key = unpack.key::<T>();
|
||||
|
||||
// define a function in the main module for the `sha256_round` embed
|
||||
let sha256_round = crate::embed::FlatEmbed::Sha256Round;
|
||||
let sha256_round_key = sha256_round.key::<T>();
|
||||
|
||||
// define a function in the main module for the `u32_to_bits` embed
|
||||
let u32_to_bits = crate::embed::FlatEmbed::U32ToBits;
|
||||
let u32_to_bits_key = u32_to_bits.key::<T>();
|
||||
|
|
@ -140,7 +136,6 @@ impl<'ast, T: Field> Inliner<'ast, T> {
|
|||
TypedModule {
|
||||
functions: vec![
|
||||
(unpack_key, TypedFunctionSymbol::Flat(unpack)),
|
||||
(sha256_round_key, TypedFunctionSymbol::Flat(sha256_round)),
|
||||
(u32_from_bits_key, TypedFunctionSymbol::Flat(u32_from_bits)),
|
||||
(u16_from_bits_key, TypedFunctionSymbol::Flat(u16_from_bits)),
|
||||
(u8_from_bits_key, TypedFunctionSymbol::Flat(u8_from_bits)),
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
import "utils/pack/nonStrictUnpack256.zok" as unpack256
|
||||
import "utils/pack/bool/nonStrictUnpack256.zok" as unpack256
|
||||
|
||||
def main(field[2] inputs) -> (bool[512]):
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"entry_point": "./tests/tests/uint/sha256.zok",
|
||||
"max_constraint_count": 43000,
|
||||
"max_constraint_count": 30000,
|
||||
"tests": [
|
||||
{
|
||||
"input": {
|
||||
|
|
|
|||
|
|
@ -1,14 +0,0 @@
|
|||
[package]
|
||||
name = "zokrates_embed"
|
||||
version = "0.1.1"
|
||||
authors = ["schaeff <thibaut@schaeff.fr>"]
|
||||
edition = "2018"
|
||||
|
||||
[features]
|
||||
default = ["bellman_ce/nolog"]
|
||||
wasm = ["bellman_ce/wasm", "sapling-crypto_ce/wasm"]
|
||||
multicore = ["bellman_ce/multicore", "sapling-crypto_ce/multicore"]
|
||||
|
||||
[dependencies]
|
||||
bellman_ce = { version = "^0.3", default-features = false}
|
||||
sapling-crypto_ce = { version = "0.1.3", default-features = false }
|
||||
|
|
@ -1,319 +0,0 @@
|
|||
extern crate sapling_crypto_ce as sapling_crypto;
|
||||
use sapling_crypto::bellman;
|
||||
|
||||
use bellman::{
|
||||
pairing::{ff::Field, Engine},
|
||||
ConstraintSystem, Index, LinearCombination, SynthesisError, Variable,
|
||||
};
|
||||
use sapling_crypto::circuit::{
|
||||
boolean::{AllocatedBit, Boolean},
|
||||
sha256::sha256_compression_function,
|
||||
uint32::UInt32,
|
||||
};
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct BellmanR1CS<E: Engine> {
|
||||
pub aux_count: usize,
|
||||
pub constraints: Vec<BellmanConstraint<E>>,
|
||||
}
|
||||
|
||||
impl<E: Engine> BellmanR1CS<E> {
|
||||
pub fn new() -> Self {
|
||||
BellmanR1CS {
|
||||
aux_count: 0,
|
||||
constraints: vec![],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct BellmanWitness<E: Engine> {
|
||||
pub values: Vec<E::Fr>,
|
||||
}
|
||||
|
||||
#[derive(Debug, PartialEq)]
|
||||
pub struct BellmanConstraint<E: Engine> {
|
||||
pub a: Vec<(usize, E::Fr)>,
|
||||
pub b: Vec<(usize, E::Fr)>,
|
||||
pub c: Vec<(usize, E::Fr)>,
|
||||
}
|
||||
|
||||
fn sha256_round<E: Engine, CS: ConstraintSystem<E>>(
|
||||
mut cs: CS,
|
||||
input: &Vec<Option<E::Fr>>,
|
||||
current_hash: &Vec<Option<E::Fr>>,
|
||||
) -> Result<(Vec<usize>, Vec<usize>, Vec<usize>), SynthesisError> {
|
||||
// Allocate bits for `input`
|
||||
let input_bits = input
|
||||
.iter()
|
||||
.enumerate()
|
||||
.map(|(index, i)| {
|
||||
AllocatedBit::alloc::<E, _>(
|
||||
&mut cs.namespace(|| format!("input_{}", index)),
|
||||
Some(*i == Some(<E::Fr as Field>::one())),
|
||||
)
|
||||
.unwrap()
|
||||
})
|
||||
.collect::<Vec<_>>();
|
||||
|
||||
// Define Booleans whose values are the defined bits
|
||||
let input = input_bits
|
||||
.iter()
|
||||
.map(|i| Boolean::Is(i.clone()))
|
||||
.collect::<Vec<_>>();
|
||||
|
||||
// Allocate bits for `current_hash`
|
||||
let current_hash_bits = current_hash
|
||||
.iter()
|
||||
.enumerate()
|
||||
.map(|(index, i)| {
|
||||
AllocatedBit::alloc::<E, _>(
|
||||
&mut cs.namespace(|| format!("current_hash_{}", index)),
|
||||
Some(*i == Some(<E::Fr as Field>::one())),
|
||||
)
|
||||
.unwrap()
|
||||
})
|
||||
.collect::<Vec<_>>();
|
||||
|
||||
// Define Booleans whose values are the defined bits
|
||||
let current_hash = current_hash_bits
|
||||
.chunks(32)
|
||||
.map(|chunk| {
|
||||
UInt32::from_bits_be(
|
||||
&chunk
|
||||
.into_iter()
|
||||
.map(|i| Boolean::Is(i.clone()))
|
||||
.collect::<Vec<_>>(),
|
||||
)
|
||||
})
|
||||
.collect::<Vec<_>>();
|
||||
|
||||
// Apply the compression function, returning the 8 bytes of outputs
|
||||
let res = sha256_compression_function::<E, _>(&mut cs, &input, ¤t_hash).unwrap();
|
||||
|
||||
// Extract the 256 bits of output out of the 8 bytes
|
||||
let output_bits = res
|
||||
.into_iter()
|
||||
.flat_map(|u| u.into_bits_be())
|
||||
.map(|b| b.get_variable().unwrap().clone())
|
||||
.collect::<Vec<_>>();
|
||||
|
||||
// Return indices of `input`, `current_hash` and `output` in the CS
|
||||
Ok((
|
||||
input_bits
|
||||
.into_iter()
|
||||
.map(|b| var_to_index(b.get_variable()))
|
||||
.collect(),
|
||||
current_hash_bits
|
||||
.into_iter()
|
||||
.map(|b| var_to_index(b.get_variable()))
|
||||
.collect(),
|
||||
output_bits
|
||||
.into_iter()
|
||||
.map(|b| var_to_index(b.get_variable()))
|
||||
.collect(),
|
||||
))
|
||||
}
|
||||
|
||||
impl<E: Engine> ConstraintSystem<E> for BellmanWitness<E> {
|
||||
type Root = Self;
|
||||
|
||||
fn alloc<F, A, AR>(&mut self, _: A, f: F) -> Result<Variable, SynthesisError>
|
||||
where
|
||||
F: FnOnce() -> Result<E::Fr, SynthesisError>,
|
||||
A: FnOnce() -> AR,
|
||||
AR: Into<String>,
|
||||
{
|
||||
let index = self.values.len();
|
||||
let var = Variable::new_unchecked(Index::Aux(index));
|
||||
self.values.push(f().unwrap());
|
||||
Ok(var)
|
||||
}
|
||||
|
||||
fn alloc_input<F, A, AR>(&mut self, _: A, _: F) -> Result<Variable, SynthesisError>
|
||||
where
|
||||
F: FnOnce() -> Result<E::Fr, SynthesisError>,
|
||||
A: FnOnce() -> AR,
|
||||
AR: Into<String>,
|
||||
{
|
||||
unreachable!("Bellman helpers are not allowed to allocate public variables")
|
||||
}
|
||||
|
||||
fn enforce<A, AR, LA, LB, LC>(&mut self, _: A, _: LA, _: LB, _: LC)
|
||||
where
|
||||
A: FnOnce() -> AR,
|
||||
AR: Into<String>,
|
||||
LA: FnOnce(LinearCombination<E>) -> LinearCombination<E>,
|
||||
LB: FnOnce(LinearCombination<E>) -> LinearCombination<E>,
|
||||
LC: FnOnce(LinearCombination<E>) -> LinearCombination<E>,
|
||||
{
|
||||
// do nothing
|
||||
}
|
||||
|
||||
fn push_namespace<NR, N>(&mut self, _: N)
|
||||
where
|
||||
NR: Into<String>,
|
||||
N: FnOnce() -> NR,
|
||||
{
|
||||
// do nothing
|
||||
}
|
||||
|
||||
fn pop_namespace(&mut self) {
|
||||
// do nothing
|
||||
}
|
||||
|
||||
fn get_root(&mut self) -> &mut Self::Root {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
impl<E: Engine> ConstraintSystem<E> for BellmanR1CS<E> {
|
||||
type Root = Self;
|
||||
|
||||
fn alloc<F, A, AR>(&mut self, _: A, _: F) -> Result<Variable, SynthesisError>
|
||||
where
|
||||
F: FnOnce() -> Result<E::Fr, SynthesisError>,
|
||||
A: FnOnce() -> AR,
|
||||
AR: Into<String>,
|
||||
{
|
||||
// we don't care about the value as we're only generating the CS
|
||||
let index = self.aux_count;
|
||||
let var = Variable::new_unchecked(Index::Aux(index));
|
||||
self.aux_count += 1;
|
||||
Ok(var)
|
||||
}
|
||||
|
||||
fn alloc_input<F, A, AR>(&mut self, _: A, _: F) -> Result<Variable, SynthesisError>
|
||||
where
|
||||
F: FnOnce() -> Result<E::Fr, SynthesisError>,
|
||||
A: FnOnce() -> AR,
|
||||
AR: Into<String>,
|
||||
{
|
||||
unreachable!("Bellman helpers are not allowed to allocate public variables")
|
||||
}
|
||||
|
||||
fn enforce<A, AR, LA, LB, LC>(&mut self, _: A, a: LA, b: LB, c: LC)
|
||||
where
|
||||
A: FnOnce() -> AR,
|
||||
AR: Into<String>,
|
||||
LA: FnOnce(LinearCombination<E>) -> LinearCombination<E>,
|
||||
LB: FnOnce(LinearCombination<E>) -> LinearCombination<E>,
|
||||
LC: FnOnce(LinearCombination<E>) -> LinearCombination<E>,
|
||||
{
|
||||
let a = a(LinearCombination::zero());
|
||||
let b = b(LinearCombination::zero());
|
||||
let c = c(LinearCombination::zero());
|
||||
|
||||
let a = a
|
||||
.as_ref()
|
||||
.into_iter()
|
||||
.map(|(variable, coefficient)| (var_to_index(*variable), *coefficient))
|
||||
.collect();
|
||||
let b = b
|
||||
.as_ref()
|
||||
.into_iter()
|
||||
.map(|(variable, coefficient)| (var_to_index(*variable), *coefficient))
|
||||
.collect();
|
||||
let c = c
|
||||
.as_ref()
|
||||
.into_iter()
|
||||
.map(|(variable, coefficient)| (var_to_index(*variable), *coefficient))
|
||||
.collect();
|
||||
|
||||
self.constraints.push(BellmanConstraint { a, b, c });
|
||||
}
|
||||
|
||||
fn push_namespace<NR, N>(&mut self, _: N)
|
||||
where
|
||||
NR: Into<String>,
|
||||
N: FnOnce() -> NR,
|
||||
{
|
||||
// do nothing
|
||||
}
|
||||
|
||||
fn pop_namespace(&mut self) {
|
||||
// do nothing
|
||||
}
|
||||
|
||||
fn get_root(&mut self) -> &mut Self::Root {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
pub fn generate_sha256_round_constraints<E: Engine>(
|
||||
) -> (BellmanR1CS<E>, Vec<usize>, Vec<usize>, Vec<usize>) {
|
||||
let mut cs = BellmanR1CS::new();
|
||||
|
||||
let (input_bits, current_hash_bits, output_bits) =
|
||||
sha256_round(&mut cs, &vec![None; 512], &vec![None; 256]).unwrap();
|
||||
|
||||
// res is now the allocated bits for `input`, `current_hash` and `sha256_output`
|
||||
|
||||
(cs, input_bits, current_hash_bits, output_bits)
|
||||
}
|
||||
|
||||
pub fn generate_sha256_round_witness<E: Engine>(
|
||||
input: &[E::Fr],
|
||||
current_hash: &[E::Fr],
|
||||
) -> Vec<E::Fr> {
|
||||
assert_eq!(input.len(), 512);
|
||||
assert_eq!(current_hash.len(), 256);
|
||||
|
||||
let mut cs: BellmanWitness<E> = BellmanWitness {
|
||||
values: vec![<E::Fr as Field>::one()],
|
||||
};
|
||||
|
||||
sha256_round(
|
||||
&mut cs,
|
||||
&input.iter().map(|x| Some(x.clone())).collect(),
|
||||
¤t_hash.iter().map(|x| Some(x.clone())).collect(),
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
cs.values
|
||||
}
|
||||
|
||||
fn var_to_index(v: Variable) -> usize {
|
||||
match v.get_unchecked() {
|
||||
Index::Aux(i) => i + 1,
|
||||
Index::Input(0) => 0,
|
||||
_ => unreachable!("No public variables should have been allocated"),
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use bellman::pairing::bn256::{Bn256, Fr};
|
||||
|
||||
#[test]
|
||||
fn generate_constraints() {
|
||||
let (_c, input, current_hash, output) = generate_sha256_round_constraints::<Bn256>();
|
||||
assert_eq!(input.len(), 512);
|
||||
assert_eq!(current_hash.len(), 256);
|
||||
assert_eq!(output.len(), 256);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn generate_witness() {
|
||||
let witness =
|
||||
generate_sha256_round_witness::<Bn256>(&vec![Fr::one(); 512], &vec![Fr::zero(); 256]);
|
||||
assert_eq!(witness.len(), 26935);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_cs() {
|
||||
use sapling_crypto::circuit::test::TestConstraintSystem;
|
||||
|
||||
let mut cs: TestConstraintSystem<Bn256> = TestConstraintSystem::new();
|
||||
|
||||
let _ = sha256_round(
|
||||
&mut cs,
|
||||
&vec![Some(Fr::zero()); 512],
|
||||
&vec![Some(Fr::one()); 256],
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
assert!(cs.is_satisfied());
|
||||
}
|
||||
}
|
||||
1105
zokrates_js/Cargo.lock
generated
Normal file
1105
zokrates_js/Cargo.lock
generated
Normal file
File diff suppressed because it is too large
Load diff
|
|
@ -42,8 +42,10 @@ function importResolver(currentLocation, importLocation) {
|
|||
}
|
||||
|
||||
initialize().then((zokratesProvider) => {
|
||||
const source = "def main(private field a) -> (field): return a * a";
|
||||
|
||||
// compilation
|
||||
const artifacts = zokratesProvider.compile("def main(private field a) -> (field): return a * a", "main", importResolver);
|
||||
const artifacts = zokratesProvider.compile(source, "main", importResolver);
|
||||
|
||||
// computation
|
||||
const { witness, output } = zokratesProvider.computeWitness(artifacts, ["2"]);
|
||||
|
|
|
|||
|
|
@ -25,7 +25,10 @@ describe('tests', function() {
|
|||
|
||||
it('should resolve stdlib module', function() {
|
||||
assert.doesNotThrow(() => {
|
||||
const code = 'import "hashes/sha256/512bit" as sha256\ndef main() -> (): return';
|
||||
const code = `
|
||||
def main() -> ():
|
||||
return
|
||||
`;
|
||||
this.zokrates.compile(code, "main");
|
||||
})
|
||||
});
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
const getAbsolutePath = (basePath, relativePath) => {
|
||||
if (relativePath[0] !== '.') {
|
||||
return relativePath;
|
||||
}
|
||||
var stack = basePath.split('/');
|
||||
var chunks = relativePath.split('/');
|
||||
stack.pop();
|
||||
|
|
@ -17,7 +20,7 @@ const getAbsolutePath = (basePath, relativePath) => {
|
|||
|
||||
const getImportPath = (currentLocation, importLocation) => {
|
||||
let path = getAbsolutePath(currentLocation, importLocation);
|
||||
const extension = importLocation.slice((path.lastIndexOf(".") - 1 >>> 0) + 2);
|
||||
const extension = path.slice((path.lastIndexOf(".") - 1 >>> 0) + 2);
|
||||
return extension ? path : path.concat('.zok');
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
import "utils/pack/nonStrictUnpack256" as unpack256
|
||||
import "utils/pack/bool/nonStrictUnpack256" as unpack256
|
||||
|
||||
// Compress JubJub Curve Point to 256bit array using big endianness bit order
|
||||
// Python reference code from pycrypto:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
import "ecc/edwardsAdd" as add
|
||||
import "ecc/edwardsScalarMult" as multiply
|
||||
import "utils/pack/nonStrictUnpack256" as unpack256
|
||||
import "utils/pack/bool/nonStrictUnpack256" as unpack256
|
||||
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||
|
||||
// Verifies that the point is not one of the low-order points.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
import "ecc/edwardsAdd" as add
|
||||
import "ecc/edwardsScalarMult" as multiply
|
||||
import "utils/pack/nonStrictUnpack256" as unpack256
|
||||
import "utils/pack/bool/nonStrictUnpack256" as unpack256
|
||||
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||
|
||||
/// Verifies match of a given public/private keypair.
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@ import "ecc/babyjubjubParams" as context
|
|||
import "ecc/edwardsAdd" as add
|
||||
import "ecc/edwardsCompress" as edwardsCompress
|
||||
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||
import "EMBED/u32_to_bits" as to_bits
|
||||
import "EMBED/u32_from_bits" as from_bits
|
||||
|
||||
// Code to export generators used in this example:
|
||||
// import bitstring
|
||||
|
|
@ -16,7 +18,27 @@ from "ecc/babyjubjubParams" import BabyJubJubParams
|
|||
// print(hasher.dsl_code)
|
||||
|
||||
// 512bit to 256bit Pedersen hash using compression of the field elements
|
||||
def main(bool[512] e) -> (bool[256]):
|
||||
def main(u32[16] input) -> (u32[8]):
|
||||
|
||||
bool[512] e = [ \
|
||||
...to_bits(input[0]),
|
||||
...to_bits(input[1]),
|
||||
...to_bits(input[2]),
|
||||
...to_bits(input[3]),
|
||||
...to_bits(input[4]),
|
||||
...to_bits(input[5]),
|
||||
...to_bits(input[6]),
|
||||
...to_bits(input[7]),
|
||||
...to_bits(input[8]),
|
||||
...to_bits(input[9]),
|
||||
...to_bits(input[10]),
|
||||
...to_bits(input[11]),
|
||||
...to_bits(input[12]),
|
||||
...to_bits(input[13]),
|
||||
...to_bits(input[14]),
|
||||
...to_bits(input[15])
|
||||
]
|
||||
|
||||
BabyJubJubParams context = context()
|
||||
field[2] a = context.INFINITY //Infinity
|
||||
//Round 0
|
||||
|
|
@ -705,4 +727,14 @@ def main(bool[512] e) -> (bool[256]):
|
|||
a = add(a, [cx, cy], context)
|
||||
|
||||
bool[256] aC = edwardsCompress(a)
|
||||
return aC
|
||||
|
||||
return [\
|
||||
from_bits(aC[0..32]),
|
||||
from_bits(aC[32..64]),
|
||||
from_bits(aC[64..96]),
|
||||
from_bits(aC[96..128]),
|
||||
from_bits(aC[128..160]),
|
||||
from_bits(aC[160..192]),
|
||||
from_bits(aC[192..224]),
|
||||
from_bits(aC[224..256])
|
||||
]
|
||||
|
|
|
|||
|
|
@ -1,13 +1,12 @@
|
|||
import "./IVconstants" as IVconstants
|
||||
import "./shaRoundNoBoolCheck" as sha256
|
||||
import "./shaRound" as sha256
|
||||
|
||||
// A function that takes 4 bool[256] arrays as inputs
|
||||
// and applies 2 rounds of sha256 compression.
|
||||
// It returns an array of 256 bool.
|
||||
def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d) -> (bool[256]):
|
||||
def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> (u32[8]):
|
||||
|
||||
bool[256] IV = IVconstants()
|
||||
bool[256] digest1 = sha256(a, b, IV)
|
||||
bool[256] digest2 = sha256(c, d, digest1)
|
||||
u32[8] IV = IVconstants()
|
||||
u32[8] digest1 = sha256([...a, ...b], IV)
|
||||
u32[8] digest2 = sha256([...c, ...d], digest1)
|
||||
|
||||
return digest2
|
||||
|
|
@ -1,15 +1,31 @@
|
|||
import "./1536bit" as sha256
|
||||
// Take two bool[256] arrays as input
|
||||
// and returns their sha256 full round output as an array of 256 bool.
|
||||
def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d) -> (bool[256]):
|
||||
def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> (u32[8]):
|
||||
|
||||
// Hash is computed on the full 1024bit block size
|
||||
// padding does not fit in the first two blocks
|
||||
// add dummy block (single "1" followed by "0" + total length)
|
||||
bool[256] dummyblock1 = [true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]
|
||||
// total length of message is 1024 bits: 0b10000000000
|
||||
bool[256] dummyblock2 = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, false, false, false, false, false, false, false, false, false]
|
||||
u32[8] dummyblock1 = [ \
|
||||
0x80000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000
|
||||
]
|
||||
|
||||
bool[256] digest = sha256(a, b, c, d, dummyblock1, dummyblock2)
|
||||
u32[8] dummyblock2 = [ \
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000400
|
||||
]
|
||||
|
||||
return digest
|
||||
return sha256(a, b, c, d, dummyblock1, dummyblock2)
|
||||
|
|
|
|||
|
|
@ -1,14 +1,14 @@
|
|||
import "./IVconstants" as IVconstants
|
||||
import "./shaRoundNoBoolCheck" as sha256
|
||||
import "./shaRound" as sha256
|
||||
|
||||
// A function that takes 6 bool[256] arrays as inputs
|
||||
// A function that takes 6 u32[8] arrays as inputs
|
||||
// and applies 3 rounds of sha256 compression.
|
||||
// It returns an array of 256 bool.
|
||||
def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d, bool[256] e, bool[256] f) -> (bool[256]):
|
||||
def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d, u32[8] e, u32[8] f) -> (u32[8]):
|
||||
|
||||
bool[256] IV = IVconstants()
|
||||
bool[256] digest1 = sha256(a, b, IV)
|
||||
bool[256] digest2 = sha256(c, d, digest1)
|
||||
bool[256] digest3 = sha256(e, f, digest2)
|
||||
u32[8] IV = IVconstants()
|
||||
u32[8] digest1 = sha256([...a, ...b], IV)
|
||||
u32[8] digest2 = sha256([...c, ...d], digest1)
|
||||
u32[8] digest3 = sha256([...e, ...f], digest2)
|
||||
|
||||
return digest3
|
||||
|
|
@ -2,29 +2,20 @@ import "./512bit" as sha256
|
|||
|
||||
// A function that takes 1 bool[256] array as input
|
||||
// and returns the sha256 full round output as an array of 256 bool.
|
||||
def main(bool[256] a) -> (bool[256]):
|
||||
def main(u32[8] a) -> (u32[8]):
|
||||
|
||||
// Hash is computed on 256 bits of input
|
||||
// padding fits in the remaining 256 bits of the first block
|
||||
// add dummy block (single "1" followed by "0" + total length)
|
||||
bool[256] dummyblock1 = [ \
|
||||
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \
|
||||
0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0]
|
||||
u32[8] dummyblock1 = [ \
|
||||
0x80000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000100
|
||||
]
|
||||
|
||||
digest = sha256(a, dummyblock1)
|
||||
|
||||
return digest
|
||||
return sha256(a, dummyblock1)
|
||||
|
|
|
|||
|
|
@ -1,15 +1,9 @@
|
|||
import "./IVconstants" as IVconstants
|
||||
import "./shaRoundNoBoolCheck" as sha256
|
||||
import "./shaRound" as sha256
|
||||
|
||||
// A function that takes 2 bool[256] arrays as inputs
|
||||
// and returns their sha256 compression function as an array of 256 bool.
|
||||
// In contrast to full_round.zok no padding is being applied
|
||||
def main(bool[256] a, bool[256] b) -> (bool[256]):
|
||||
// A function that takes 2 u32[8] arrays as inputs
|
||||
// and returns their sha256 compression function as an array of 8 u32.
|
||||
|
||||
// a and b is NOT checked to be of type bool
|
||||
def main(u32[8] a, u32[8] b) -> (u32[8]):
|
||||
|
||||
bool[256] IV = IVconstants()
|
||||
bool[256] digest = sha256(a, b, IV)
|
||||
//digest is constraint to be of type bool
|
||||
|
||||
return digest
|
||||
return sha256([...a, ...b], IVconstants())
|
||||
|
|
|
|||
|
|
@ -1,22 +1,19 @@
|
|||
import "../../utils/pack/pack128" as pack128
|
||||
import "../../utils/pack/unpack128" as unpack128
|
||||
import "../../utils/pack/u32/pack128" as pack128
|
||||
import "../../utils/pack/u32/unpack128" as unpack128
|
||||
import "./512bitPadded" as sha256
|
||||
// A function that takes an array of 4 field elements as inputs, unpacks each of them to 128
|
||||
// bits (big endian), concatenates them and applies sha256.
|
||||
// It then returns an array of two field elements, each representing 128 bits of the result.
|
||||
def main(field[4] preimage) -> (field[2]):
|
||||
|
||||
bool[128] a = unpack128(preimage[0])
|
||||
bool[128] b = unpack128(preimage[1])
|
||||
bool[128] c = unpack128(preimage[2])
|
||||
bool[128] d = unpack128(preimage[3])
|
||||
u32[4] a_bits = unpack128(preimage[0])
|
||||
u32[4] b_bits = unpack128(preimage[1])
|
||||
u32[4] c_bits = unpack128(preimage[2])
|
||||
u32[4] d_bits = unpack128(preimage[3])
|
||||
|
||||
bool[256] lhs = [...a, ...b]
|
||||
bool[256] rhs = [...c, ...d]
|
||||
u32[8] lhs = [...a_bits, ...b_bits]
|
||||
u32[8] rhs = [...c_bits, ...d_bits]
|
||||
|
||||
bool[256] r = sha256(lhs, rhs)
|
||||
u32[8] r = sha256(lhs, rhs)
|
||||
|
||||
field res0 = pack128(r[..128])
|
||||
field res1 = pack128(r[128..])
|
||||
|
||||
return [res0, res1]
|
||||
return [pack128(r[0..4]), pack128(r[4..8])]
|
||||
|
|
@ -2,16 +2,31 @@ import "./1024bit" as sha256
|
|||
|
||||
// A function that takes 2 bool[256] arrays as inputs
|
||||
// and returns their sha256 full round output as an array of 256 bool.
|
||||
def main(bool[256] a, bool[256] b) -> (bool[256]):
|
||||
def main(u32[8] a, u32[8] b) -> (u32[8]):
|
||||
|
||||
// Hash is computed on the full 512bit block size
|
||||
// padding does not fit in the primary block
|
||||
// add dummy block (single "1" followed by "0" + total length)
|
||||
bool[256] dummyblock1 = [true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]
|
||||
u32[8] dummyblock1 = [ \
|
||||
0x80000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000
|
||||
]
|
||||
|
||||
// total length of message is 512 bits: 0b1000000000
|
||||
bool[256] dummyblock2 = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, false, false, false, false, false, false, false, false]
|
||||
u32[8] dummyblock2 = [ \
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000000,
|
||||
0x00000200
|
||||
]
|
||||
|
||||
bool[256] digest = sha256(a, b, dummyblock1, dummyblock2)
|
||||
|
||||
return digest
|
||||
return sha256(a, b, dummyblock1, dummyblock2)
|
||||
|
|
@ -1,15 +1,4 @@
|
|||
// SHA-256 is specified in FIPS 180-3 and initial values are listed in section 5.3.3
|
||||
// https://csrc.nist.gov/csrc/media/publications/fips/180/3/archive/2008-10-31/documents/fips180-3_final.pdf
|
||||
def main() -> (bool[256]):
|
||||
bool[32] h0 = [false, true, true, false, true, false, true, false, false, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, true, true, false, false, true, true, true]
|
||||
bool[32] h1 = [true, false, true, true, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, true, true, true, false, true, false, false, false, false, true, false, true]
|
||||
bool[32] h2 = [false, false, true, true, true, true, false, false, false, true, true, false, true, true, true, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false]
|
||||
bool[32] h3 = [true, false, true, false, false, true, false, true, false, true, false, false, true, true, true, true, true, true, true, true, false, true, false, true, false, false, true, true, true, false, true, false]
|
||||
bool[32] h4 = [false, true, false, true, false, false, false, true, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, true, true, true, true, true, true]
|
||||
bool[32] h5 = [true, false, false, true, true, false, true, true, false, false, false, false, false, true, false, true, false, true, true, false, true, false, false, false, true, false, false, false, true, true, false, false]
|
||||
bool[32] h6 = [false, false, false, true, true, true, true, true, true, false, false, false, false, false, true, true, true, true, false, true, true, false, false, true, true, false, true, false, true, false, true, true]
|
||||
bool[32] h7 = [false, true, false, true, true, false, true, true, true, true, true, false, false, false, false, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, false, true]
|
||||
|
||||
bool[256] IV = [...h0, ...h1, ...h2, ...h3, ...h4, ...h5, ...h6, ...h7]
|
||||
|
||||
return IV
|
||||
def main() -> (u32[8]):
|
||||
return [0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19]
|
||||
|
|
|
|||
126
zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok
Normal file
126
zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok
Normal file
|
|
@ -0,0 +1,126 @@
|
|||
import "EMBED/u32_to_bits" as to_bits
|
||||
import "EMBED/u32_from_bits" as from_bits
|
||||
import "./IVconstants.zok"
|
||||
|
||||
def right_rotate_2(u32 e) -> (u32):
|
||||
bool[32] b = to_bits(e)
|
||||
return from_bits([...b[30..], ...b[..30]])
|
||||
|
||||
def right_rotate_6(u32 e) -> (u32):
|
||||
bool[32] b = to_bits(e)
|
||||
return from_bits([...b[26..], ...b[..26]])
|
||||
|
||||
def right_rotate_7(u32 e) -> (u32):
|
||||
bool[32] b = to_bits(e)
|
||||
return from_bits([...b[25..], ...b[..25]])
|
||||
|
||||
def right_rotate_11(u32 e) -> (u32):
|
||||
bool[32] b = to_bits(e)
|
||||
return from_bits([...b[21..], ...b[..21]])
|
||||
|
||||
def right_rotate_13(u32 e) -> (u32):
|
||||
bool[32] b = to_bits(e)
|
||||
return from_bits([...b[19..], ...b[..19]])
|
||||
|
||||
def right_rotate_17(u32 e) -> (u32):
|
||||
bool[32] b = to_bits(e)
|
||||
return from_bits([...b[15..], ...b[..15]])
|
||||
|
||||
def right_rotate_18(u32 e) -> (u32):
|
||||
bool[32] b = to_bits(e)
|
||||
return from_bits([...b[14..], ...b[..14]])
|
||||
|
||||
def right_rotate_19(u32 e) -> (u32):
|
||||
bool[32] b = to_bits(e)
|
||||
return from_bits([...b[13..], ...b[..13]])
|
||||
|
||||
def right_rotate_22(u32 e) -> (u32):
|
||||
bool[32] b = to_bits(e)
|
||||
return from_bits([...b[10..], ...b[..10]])
|
||||
|
||||
def right_rotate_25(u32 e) -> (u32):
|
||||
bool[32] b = to_bits(e)
|
||||
return from_bits([...b[7..], ...b[..7]])
|
||||
|
||||
def extend(u32[64] w, field i) -> (u32):
|
||||
u32 s0 = right_rotate_7(w[i-15]) ^ right_rotate_18(w[i-15]) ^ (w[i-15] >> 3)
|
||||
u32 s1 = right_rotate_17(w[i-2]) ^ right_rotate_19(w[i-2]) ^ (w[i-2] >> 10)
|
||||
return w[i-16] + s0 + w[i-7] + s1
|
||||
|
||||
def temp1(u32 e, u32 f, u32 g, u32 h, u32 k, u32 w) -> (u32):
|
||||
// ch := (e and f) xor ((not e) and g)
|
||||
u32 ch = (e & f) ^ ((!e) & g)
|
||||
|
||||
// S1 := (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25)
|
||||
u32 S1 = right_rotate_6(e) ^ right_rotate_11(e) ^ right_rotate_25(e)
|
||||
|
||||
// temp1 := h + S1 + ch + k + w
|
||||
return h + S1 + ch + k + w
|
||||
|
||||
def temp2(u32 a, u32 b, u32 c) -> (u32):
|
||||
// maj := (a and b) xor (a and c) xor (b and c)
|
||||
u32 maj = (a & b) ^ (a & c) ^ (b & c)
|
||||
|
||||
// S0 := (a rightrotate 2) xor (a rightrotate 13) xor (a rightrotate 22)
|
||||
u32 S0 = right_rotate_2(a) ^ right_rotate_13(a) ^ right_rotate_22(a)
|
||||
|
||||
// temp2 := S0 + maj
|
||||
return S0 + maj
|
||||
|
||||
def main(u32[16] input, u32[8] current) -> (u32[8]):
|
||||
|
||||
u32 h0 = current[0]
|
||||
u32 h1 = current[1]
|
||||
u32 h2 = current[2]
|
||||
u32 h3 = current[3]
|
||||
u32 h4 = current[4]
|
||||
u32 h5 = current[5]
|
||||
u32 h6 = current[6]
|
||||
u32 h7 = current[7]
|
||||
|
||||
u32[64] k = [0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2]
|
||||
|
||||
u32[64] w = [...input, ...[0x00000000; 48]]
|
||||
|
||||
for field i in 16..64 do
|
||||
u32 r = extend(w, i)
|
||||
w[i] = r
|
||||
endfor
|
||||
|
||||
u32 a = h0
|
||||
u32 b = h1
|
||||
u32 c = h2
|
||||
u32 d = h3
|
||||
u32 e = h4
|
||||
u32 f = h5
|
||||
u32 g = h6
|
||||
u32 h = h7
|
||||
|
||||
for field i in 0..64 do
|
||||
|
||||
u32 t1 = temp1(e, f, g, h, k[i], w[i])
|
||||
|
||||
u32 t2 = temp2(a, b, c)
|
||||
|
||||
h = g
|
||||
g = f
|
||||
f = e
|
||||
e = d + t1
|
||||
d = c
|
||||
c = b
|
||||
b = a
|
||||
a = t1 + t2
|
||||
|
||||
endfor
|
||||
|
||||
h0 = h0 + a
|
||||
h1 = h1 + b
|
||||
h2 = h2 + c
|
||||
h3 = h3 + d
|
||||
h4 = h4 + e
|
||||
h5 = h5 + f
|
||||
h6 = h6 + g
|
||||
h7 = h7 + h
|
||||
|
||||
return [h0, h1, h2, h3, h4, h5, h6, h7]
|
||||
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
import "EMBED/sha256round" as sha256round
|
||||
// a and b is NOT checked to be 0 or 1
|
||||
// the return value is checked to be 0 or 1
|
||||
// IV vector is checked to be of type bool
|
||||
def main(bool[256] a, bool[256] b, bool[256] IV) -> (bool[256]):
|
||||
return sha256round([...a, ...b], IV)
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
def main(bool selector, bool[256] lhs, bool[256] rhs) -> (bool[512]):
|
||||
def main(bool selector, u32[8] lhs, u32[8] rhs) -> (u32[16]):
|
||||
return if selector then [...rhs, ...lhs] else [...lhs, ...rhs] fi
|
||||
|
|
@ -1,10 +1,12 @@
|
|||
import "hashes/sha256/1024bitPadded" as sha256
|
||||
import "ecc/edwardsScalarMult" as scalarMult
|
||||
import "ecc/edwardsAdd" as add
|
||||
import "utils/pack/nonStrictUnpack256" as unpack256
|
||||
import "utils/pack/bool/nonStrictUnpack256" as unpack256bool
|
||||
import "utils/pack/u32/nonStrictUnpack256" as unpack256u
|
||||
import "ecc/edwardsOnCurve" as onCurve
|
||||
import "ecc/edwardsOrderCheck" as orderCheck
|
||||
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||
import "utils/casts/u32_8_to_bool_256"
|
||||
|
||||
/// Verifies an EdDSA Signature.
|
||||
///
|
||||
|
|
@ -27,7 +29,7 @@ from "ecc/babyjubjubParams" import BabyJubJubParams
|
|||
///
|
||||
/// Returns:
|
||||
/// Return true for S being a valid EdDSA Signature, false otherwise.
|
||||
def main(private field[2] R, private field S, field[2] A, bool[256] M0, bool[256] M1, BabyJubJubParams context) -> (bool):
|
||||
def main(private field[2] R, private field S, field[2] A, u32[8] M0, u32[8] M1, BabyJubJubParams context) -> (bool):
|
||||
|
||||
field[2] G = [context.Gu, context.Gv]
|
||||
|
||||
|
|
@ -35,11 +37,11 @@ def main(private field[2] R, private field S, field[2] A, bool[256] M0, bool[256
|
|||
assert(onCurve(R, context)) // throws if R is not on curve
|
||||
assert(orderCheck(R, context))
|
||||
|
||||
bool[256] Rx = unpack256(R[0])
|
||||
bool[256] Ax = unpack256(A[0])
|
||||
bool[256] hRAM = sha256(Rx, Ax, M0, M1)
|
||||
u32[8] Rx = unpack256u(R[0])
|
||||
u32[8] Ax = unpack256u(A[0])
|
||||
bool[256] hRAM = u32_8_to_bool_256(sha256(Rx, Ax, M0, M1))
|
||||
|
||||
bool[256] sBits = unpack256(S)
|
||||
bool[256] sBits = unpack256bool(S)
|
||||
field[2] lhs = scalarMult(sBits, G, context)
|
||||
|
||||
field[2] AhRAM = scalarMult(hRAM, A, context)
|
||||
|
|
|
|||
4
zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok
Normal file
4
zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
import "EMBED/u32_from_bits" as from_bits
|
||||
|
||||
def main(bool[128] bits) -> (u32[4]):
|
||||
return [from_bits(bits[0..32]), from_bits(bits[32..64]), from_bits(bits[64..96]), from_bits(bits[96..128])]
|
||||
4
zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok
Normal file
4
zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
import "EMBED/u32_from_bits" as from_bits
|
||||
|
||||
def main(bool[256] bits) -> (u32[8]):
|
||||
return [from_bits(bits[0..32]), from_bits(bits[32..64]), from_bits(bits[64..96]), from_bits(bits[96..128]), from_bits(bits[128..160]), from_bits(bits[160..192]), from_bits(bits[192..224]), from_bits(bits[224..256])]
|
||||
4
zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok
Normal file
4
zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
import "EMBED/u32_to_bits" as to_bits
|
||||
|
||||
def main(u32[4] input) -> (bool[128]):
|
||||
return [...to_bits(input[0]), ...to_bits(input[1]), ...to_bits(input[2]), ...to_bits(input[3])]
|
||||
4
zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok
Normal file
4
zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
import "EMBED/u32_to_bits" as to_bits
|
||||
|
||||
def main(u32[8] input) -> (bool[256]):
|
||||
return [...to_bits(input[0]), ...to_bits(input[1]), ...to_bits(input[2]), ...to_bits(input[3]), ...to_bits(input[4]), ...to_bits(input[5]), ...to_bits(input[6]), ...to_bits(input[7])]
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
def main(bool selector, bool[256] lhs, bool[256] rhs) -> (bool[256]):
|
||||
def main(bool selector, u32[8] lhs, u32[8] rhs) -> (u32[8]):
|
||||
return if selector then rhs else lhs fi
|
||||
|
|
@ -10,4 +10,4 @@ def main(field i) -> (bool[256]):
|
|||
|
||||
bool[254] b = unpack(i)
|
||||
|
||||
return [false, false, ...b]
|
||||
return [false, false, ...b]
|
||||
|
|
@ -1,9 +1,13 @@
|
|||
#pragma curve bn128
|
||||
|
||||
def main(bool[128] bits) -> (field):
|
||||
|
||||
field out = 0
|
||||
|
||||
for field j in 0..128 do
|
||||
field i = 128 - (j + 1)
|
||||
field len = 128
|
||||
|
||||
for field j in 0..len do
|
||||
field i = len - (j + 1)
|
||||
out = out + if bits[i] then (2 ** j) else 0 fi
|
||||
endfor
|
||||
|
||||
14
zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok
Normal file
14
zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
#pragma curve bn128
|
||||
|
||||
def main(bool[256] input) -> (field):
|
||||
|
||||
field out = 0
|
||||
|
||||
field len = 256
|
||||
|
||||
for field j in 0..len do
|
||||
field i = len - (j + 1)
|
||||
out = out + if bits[i] then (2 ** j) else 0 fi
|
||||
endfor
|
||||
|
||||
return out
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
def main(bool[256] bits) -> (field):
|
||||
|
||||
field out = 0
|
||||
|
||||
for field j in 0..256 do
|
||||
field i = 256 - (j + 1)
|
||||
out = out + if bits[i] then (2 ** j) else 0 fi
|
||||
endfor
|
||||
|
||||
return out
|
||||
12
zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok
Normal file
12
zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
#pragma curve bn128
|
||||
|
||||
// Non-strict version:
|
||||
// Note that this does not strongly enforce that the commitment is
|
||||
// in the field.
|
||||
|
||||
import "../bool/nonStrictUnpack256" as unpack
|
||||
import "../../casts/bool_256_to_u32_8" as from_bits
|
||||
|
||||
def main(field i) -> (u32[8]):
|
||||
|
||||
return from_bits(unpack(i))
|
||||
10
zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok
Normal file
10
zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
#pragma curve bn128
|
||||
|
||||
import "EMBED/u32_to_bits" as to_bits
|
||||
import "../bool/pack128"
|
||||
|
||||
def main(u32[4] input) -> (field):
|
||||
|
||||
bool[128] bits = [...to_bits(input[0]), ...to_bits(input[1]), ...to_bits(input[2]), ...to_bits(input[3])]
|
||||
|
||||
return pack128(bits)
|
||||
10
zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok
Normal file
10
zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
#pragma curve bn128
|
||||
|
||||
import "EMBED/u32_to_bits" as to_bits
|
||||
import "../bool/pack256"
|
||||
|
||||
def main(u32[8] input) -> (field):
|
||||
|
||||
bool[256] bits = [...to_bits(input[0]), ...to_bits(input[1]), ...to_bits(input[2]), ...to_bits(input[3]), ...to_bits(input[4]), ...to_bits(input[5]), ...to_bits(input[6]), ...to_bits(input[7])]
|
||||
|
||||
return pack256(bits)
|
||||
7
zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok
Normal file
7
zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
#pragma curve bn128
|
||||
|
||||
import "../bool/unpack128" as unpack
|
||||
import "../../casts/bool_128_to_u32_4" as from_bits
|
||||
|
||||
def main(field i) -> (u32[4]):
|
||||
return from_bits(unpack(i))
|
||||
|
|
@ -2,7 +2,6 @@ import "ecc/babyjubjubParams" as context
|
|||
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||
import "ecc/proofOfOwnership" as proofOfOwnership
|
||||
import "ecc/edwardsScalarMult" as multiply
|
||||
import "utils/pack/nonStrictUnpack256" as unpack256
|
||||
|
||||
// Code to create test cases:
|
||||
// https://github.com/Zokrates/pycrypto
|
||||
|
|
|
|||
|
|
@ -16,10 +16,10 @@ import "hashes/pedersen/512bit" as pedersen
|
|||
|
||||
def main() -> ():
|
||||
|
||||
bool[512] e = [false, false, false, true, false, true, true, true, true, true, false, true, false, false, true, false, true, true, true, false, false, true, true, false, true, true, false, true, true, false, false, true, false, true, false, true, true, true, false, false, false, true, true, true, false, true, false, false, true, true, true, false, true, false, false, true, false, true, true, true, true, true, false, false, false, true, false, false, true, false, true, true, true, true, true, true, false, true, true, false, false, false, false, false, true, true, false, false, true, true, false, false, false, false, false, false, true, true, false, false, false, true, true, false, true, false, true, false, false, true, true, false, true, false, true, true, false, true, false, false, false, false, false, true, false, true, true, true, true, false, true, true, true, false, true, false, true, true, true, true, true, true, false, false, false, true, false, true, false, true, false, false, true, true, true, false, true, false, false, true, false, false, true, false, false, false, false, false, false, true, false, true, true, true, false, false, true, false, false, false, false, false, false, false, true, false, false, false, false, false, false, false, false, false, true, false, false, true, true, false, false, false, false, true, true, true, true, true, false, true, false, false, false, false, true, false, false, true, false, false, false, true, false, false, true, false, false, true, false, true, true, false, false, false, true, true, false, true, false, false, true, true, false, true, false, true, true, false, true, true, false, true, true, true, true, true, true, false, false, false, true, true, true, false, false, true, true, true, true, true, true, true, false, true, false, true, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, false, true, false, true, false, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, true, false, false, true, true, true, true, false, false, false, true, true, true, false, true, true, true, false, false, false, false, false, true, true, false, false, false, false, false, true, true, true, false, false, false, true, true, false, false, false, true, true, true, true, false, false, true, false, false, false, true, true, true, false, false, true, false, false, false, true, true, true, true, false, true, false, true, true, false, true, false, true, true, true, false, true, true, true, false, true, false, false, true, true, true, true, false, true, true, false, false, true, false, true, false, false, false, true, true, false, false, true, true, false, false, true, false, false, false, false, true, false, false, false, false, false, false, false, false, true, true, true, true, false, false, false, true, true, false, false, false, true, false, false, true, true, true, false, false, true, false, false, true, false, true, true, false, true, false, true, true, false, false, false, false, false, false, true, false, true, false, false, false, true, false, false, false, true, true, false, false, false, true, true, false, true, false, true, true, false, false, false, true, false, true, false, true, false, false, false, false, false, false, false, true, true, true, true, true]
|
||||
u32[16] e = [0x17d2e6d9, 0x5c74e97c, 0x4bf60cc0, 0xc6a6b417, 0xbafc54e9, 0x205c8080, 0x261f4244, 0x9634d6df, 0x8e7f5e06, 0x6a296ecf, 0x1dc1838c, 0x791c8f5a, 0xee9eca33, 0x2100f189, 0xc96b0288, 0xc6b1501f]
|
||||
|
||||
bool[256] d = pedersen(e)
|
||||
u32[8] d = pedersen(e)
|
||||
|
||||
assert(d == [false, false, false, false, false, true, true, false, true, true, false, true, true, true, true, true, true, false, true, false, true, true, false, false, true, false, true, false, false, false, false, false, true, true, false, true, true, false, false, false, false, false, true, false, true, true, false, false, false, false, false, false, false, true, true, true, true, false, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, true, true, true, true, false, false, false, false, true, true, true, true, false, true, true, false, false, true, false, true, true, true, true, false, true, true, false, false, true, true, false, false, true, false, true, false, false, true, true, false, false, false, true, true, false, false, false, false, false, false, false, false, false, true, false, true, false, false, true, true, true, true, true, false, true, true, true, true, false, false, false, true, false, false, true, true, true, true, true, false, false, false, true, false, true, true, false, true, false, false, false, true, false, false, true, false, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, false, false, true, false, false, true, true, false, false, false, true, false, true, false, false, true, true, true, true, true, false, false, false, true, false, true, false, false, true, true, false, true, false, true, true, true, false, false, false, false, false, false, true, false, true, false, true, false, false, false, true, false, true, false, false, false, false, false, true, false, true, false, false, false, false, false, false, false, true, false, true, true])
|
||||
assert(d == [0x06dfaca0, 0xd82c07ae, 0x33787b2f, 0x66531802, 0x9f789f16, 0x89218926, 0x29f14d70, 0x2a28280b])
|
||||
|
||||
return
|
||||
|
|
@ -17,13 +17,13 @@
|
|||
import "hashes/sha256/1024bitPadded" as sha256
|
||||
def main() -> ():
|
||||
|
||||
bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]
|
||||
bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]
|
||||
bool[256] c = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]
|
||||
bool[256] d = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]
|
||||
u32[8] a = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]
|
||||
u32[8] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]
|
||||
u32[8] c = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]
|
||||
u32[8] d = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]
|
||||
|
||||
bool[256] digest = sha256(a, b, c, d)
|
||||
u32[8] digest = sha256(a, b, c, d)
|
||||
|
||||
assert(digest == [true, true, true, false, true, true, true, true, true, false, true, false, false, true, false, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, false, true, false, false, true, false, true, true, true, false, false, false, true, true, true, false, true, true, false, true, false, true, true, false, true, false, false, true, false, false, true, false, true, false, true, true, true, false, true, false, true, false, true, false, true, false, true, true, true, false, true, true, true, true, true, true, true, false, true, true, false, true, true, true, true, true, true, true, false, false, true, false, false, false, true, false, true, true, true, false, true, false, true, false, false, true, true, false, false, true, false, false, false, false, false, false, true, false, false, false, false, false, false, false, true, false, false, true, false, true, true, false, false, true, true, true, true, false, false, true, false, false, false, false, false, false, false, false, true, false, false, true, false, false, false, true, false, true, true, false, false, true, true, true, false, false, false, true, true, true, false, true, false, true, true, false, false, false, true, true, false, false, false, false, true, true, true, false, false, true, true, true, false, true, false, true, false, true, false, false, true, true, false, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, false, false, false, true, true, false, true, true, false, false, false, true, true, true, false, false, false, true, false, false, false, false, false, true, true])
|
||||
assert(digest == [0xefa41ca4, 0xa5c76b49, 0x5d55dfdb, 0xf9175320, 0x404b3c80, 0x48b38eb1, 0x873aa663, 0x3a363883])
|
||||
|
||||
return
|
||||
|
|
@ -1,11 +1,11 @@
|
|||
import "hashes/sha256/512bit" as sha256
|
||||
def main() -> ():
|
||||
|
||||
bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]
|
||||
bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]
|
||||
u32[8] a = [0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89]
|
||||
u32[8] b = [0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917]
|
||||
|
||||
bool[256] digest = sha256(a, b)
|
||||
u32[8] digest = sha256(a, b)
|
||||
|
||||
assert(digest == [false, false, false, true, true, true, true, true, false, false, true, true, true, false, true, true, true, false, false, false, true, false, true, true, true, false, false, true, true, false, false, false, true, true, false, false, false, false, true, false, false, false, false, true, true, true, true, false, true, false, true, true, true, false, false, false, true, false, false, true, false, true, false, false, false, false, true, true, true, true, false, false, true, false, false, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, false, false, true, false, true, true, false, false, false, false, false, true, false, true, false, false, false, false, false, true, false, true, false, false, true, false, true, true, false, true, true, false, false, false, false, true, false, false, false, false, false, true, false, true, false, true, false, true, false, true, true, false, false, false, true, false, false, true, true, false, false, false, false, true, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, true, true, false, true, false, true, true, true, true, false, true, true, true, true, false, false, false, true, false, false, true, true, true, false, true, false, false, false, false, false, false, true, true, true, true, false, true, true, true, true, true, false, true, false, true, false, true, true, false, false, true, true, false, false, false, false, true, true, true, true, false, true, false, false, true, false, true, true, false, true])
|
||||
assert(digest == [0xcf0ae4eb, 0x67d38ffe, 0xb9406898, 0x4b22abde, 0x4e92bc54, 0x8d14585e, 0x48dca888, 0x2d7b09ce])
|
||||
|
||||
return
|
||||
|
|
@ -15,12 +15,11 @@
|
|||
import "hashes/sha256/512bitPadded" as sha256
|
||||
def main() -> ():
|
||||
|
||||
bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]
|
||||
bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]
|
||||
u32[8] a = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]
|
||||
u32[8] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]
|
||||
|
||||
bool[256] digest = sha256(a, b)
|
||||
|
||||
assert(digest == [true, true, false, false, false, true, true, false, false, true, false, false, true, false, false, false, false, false, false, true, true, true, true, false, false, false, true, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, true, true, true, true, true, true, false, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, true, false, true, false, true, true, true, true, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, true, true, false, false, false, true, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, true, true, true, true, false, true, false, false, false, true, true, true, false, true, true, false, true, false, false, true, true, false, false, false, true, false, false, true, false, false, false, false, false, true, true, true, false, true, true, true, false, true, true, true, true, true, true, true, true, true, false, false, false, true, false, false, true, true, true, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, false, false, true, true, true, true, true, false, false, false, true, false, false, true, false, true, false, false, true, true, false, true, true, true, true, true, false, true, false, true, false, true, false, true, false, true, false, true, true, true, false, false, false, false, false, false, true, false, true, true, false, false, true, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, false])
|
||||
u32[8] digest = sha256(a, b)
|
||||
|
||||
assert(digest == [0xc6481e22, 0xc5ff4164, 0xaf680b8c, 0xfaa5e8ed, 0x3120eeff, 0x89c4f307, 0xc4a6faaa, 0xe059ce10])
|
||||
|
||||
return
|
||||
|
|
@ -16,20 +16,20 @@ import "hashes/utils/256bitsDirectionHelper" as direction
|
|||
|
||||
def left() -> (bool):
|
||||
|
||||
bool[256] a = [false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false]
|
||||
bool[256] b = [false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true]
|
||||
u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38]
|
||||
u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]
|
||||
|
||||
bool[512] out = direction(false, a, b)
|
||||
assert(out == [false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true])
|
||||
u32[16] out = direction(false, a, b)
|
||||
assert(out == [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38, 0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557])
|
||||
return true
|
||||
|
||||
def right() -> (bool):
|
||||
|
||||
bool[256] a = [false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false]
|
||||
bool[256] b = [false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true]
|
||||
u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38]
|
||||
u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]
|
||||
|
||||
bool[512] out = direction(true, a, b)
|
||||
assert(out == [false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true, false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false])
|
||||
u32[16] out = direction(true, a, b)
|
||||
assert(out == [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557, 0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38])
|
||||
return true
|
||||
|
||||
def main() -> ():
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ def main() -> ():
|
|||
// Private Key
|
||||
field[2] A = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174]
|
||||
|
||||
bool[256] M0 = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]
|
||||
bool[256] M1 = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]
|
||||
u32[8] M0 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]
|
||||
u32[8] M1 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]
|
||||
|
||||
bool isVerified = verifyEddsa(R, S, A, M0, M1, context)
|
||||
assert(isVerified)
|
||||
|
|
|
|||
|
|
@ -3,11 +3,11 @@ import "utils/multiplexer/256bit" as multiplex
|
|||
def left() -> (bool):
|
||||
bool bit = false //left
|
||||
|
||||
bool[256] a = [false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false]
|
||||
u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38]
|
||||
|
||||
bool[256] b = [false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true]
|
||||
u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]
|
||||
|
||||
bool[256] output = [false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false]
|
||||
u32[8] output = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38]
|
||||
assert(output == multiplex(bit, a, b))
|
||||
|
||||
return true
|
||||
|
|
@ -15,11 +15,11 @@ def left() -> (bool):
|
|||
def right() -> (bool):
|
||||
bool bit = true //right
|
||||
|
||||
bool[256] a = [false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false]
|
||||
u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38]
|
||||
|
||||
bool[256] b = [false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true]
|
||||
u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]
|
||||
|
||||
bool[256] output = [false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true]
|
||||
u32[8] output = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]
|
||||
assert(output == multiplex(bit, a, b))
|
||||
|
||||
return true
|
||||
|
|
|
|||
|
|
@ -0,0 +1,16 @@
|
|||
{
|
||||
"entry_point": "./tests/tests/utils/pack/bool/nonStrictUnpack256.zok",
|
||||
"curves": ["Bn128"],
|
||||
"tests": [
|
||||
{
|
||||
"input": {
|
||||
"values": []
|
||||
},
|
||||
"output": {
|
||||
"Ok": {
|
||||
"values": []
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
import "utils/pack/nonStrictUnpack256" as unpack256
|
||||
import "utils/pack/bool/nonStrictUnpack256" as unpack256
|
||||
|
||||
def testFive() -> (bool):
|
||||
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"entry_point": "./tests/tests/utils/pack/unpack128.zok",
|
||||
"entry_point": "./tests/tests/utils/pack/bool/pack128.zok",
|
||||
"curves": ["Bn128"],
|
||||
"tests": [
|
||||
{
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
import "utils/pack/pack128" as pack128
|
||||
import "utils/pack/bool/pack128" as pack128
|
||||
|
||||
def testFive() -> (bool):
|
||||
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"entry_point": "./tests/tests/utils/pack/nonStrictUnpack256.zok",
|
||||
"entry_point": "./tests/tests/utils/pack/bool/unpack128.zok",
|
||||
"curves": ["Bn128"],
|
||||
"tests": [
|
||||
{
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
import "utils/pack/unpack128" as unpack128
|
||||
import "utils/pack/bool/unpack128" as unpack128
|
||||
|
||||
def testFive() -> (bool):
|
||||
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
{
|
||||
"entry_point": "./tests/tests/utils/pack/u32/nonStrictUnpack256.zok",
|
||||
"curves": ["Bn128"],
|
||||
"tests": [
|
||||
{
|
||||
"input": {
|
||||
"values": []
|
||||
},
|
||||
"output": {
|
||||
"Ok": {
|
||||
"values": []
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
import "utils/pack/u32/nonStrictUnpack256" as unpack256
|
||||
|
||||
def testFive() -> (bool):
|
||||
|
||||
u32[8] b = unpack256(5)
|
||||
|
||||
assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005])
|
||||
|
||||
return true
|
||||
|
||||
def testZero() -> (bool):
|
||||
|
||||
u32[8] b = unpack256(0)
|
||||
|
||||
assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000])
|
||||
|
||||
return true
|
||||
|
||||
def testLarge() -> (bool):
|
||||
|
||||
u32[8] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991)
|
||||
|
||||
assert(b == [0x1fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff])
|
||||
|
||||
return true
|
||||
|
||||
def testMax() -> (bool):
|
||||
|
||||
u32[8] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616)
|
||||
|
||||
assert(b == [0x30644e72, 0xe131a029, 0xb85045b6, 0x8181585d, 0x2833e848, 0x79b97091, 0x43e1f593, 0xf0000000])
|
||||
|
||||
return true
|
||||
|
||||
def main() -> ():
|
||||
|
||||
assert(testFive())
|
||||
assert(testMax())
|
||||
assert(testZero())
|
||||
assert(testLarge())
|
||||
return
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"entry_point": "./tests/tests/utils/pack/pack128.zok",
|
||||
"entry_point": "./tests/tests/utils/pack/u32/pack128.zok",
|
||||
"curves": ["Bn128"],
|
||||
"tests": [
|
||||
{
|
||||
36
zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok
Normal file
36
zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
import "utils/pack/u32/pack128" as pack128
|
||||
|
||||
def testFive() -> (bool):
|
||||
|
||||
u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000005]
|
||||
field n = pack128(b)
|
||||
|
||||
assert(5 == n)
|
||||
|
||||
return true
|
||||
|
||||
def testZero() -> (bool):
|
||||
|
||||
u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000]
|
||||
field n = pack128(b)
|
||||
|
||||
assert(0 == n)
|
||||
|
||||
return true
|
||||
|
||||
def testMax() -> (bool):
|
||||
|
||||
u32[4] b = [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]
|
||||
field n = pack128(b)
|
||||
|
||||
assert(2**128 - 1 == n)
|
||||
|
||||
return true
|
||||
|
||||
def main() -> ():
|
||||
|
||||
assert(testFive())
|
||||
assert(testMax())
|
||||
assert(testZero())
|
||||
|
||||
return
|
||||
16
zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json
Normal file
16
zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
{
|
||||
"entry_point": "./tests/tests/utils/pack/u32/unpack128.zok",
|
||||
"curves": ["Bn128"],
|
||||
"tests": [
|
||||
{
|
||||
"input": {
|
||||
"values": []
|
||||
},
|
||||
"output": {
|
||||
"Ok": {
|
||||
"values": []
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
33
zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok
Normal file
33
zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
import "utils/pack/u32/unpack128" as unpack128
|
||||
|
||||
def testFive() -> (bool):
|
||||
|
||||
u32[4] b = unpack128(5)
|
||||
|
||||
assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000005])
|
||||
|
||||
return true
|
||||
|
||||
def testZero() -> (bool):
|
||||
|
||||
u32[4] b = unpack128(0)
|
||||
|
||||
assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000])
|
||||
|
||||
return true
|
||||
|
||||
def testMax() -> (bool):
|
||||
|
||||
u32[4] b = unpack128(2**128 - 1)
|
||||
|
||||
assert(b == [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff])
|
||||
|
||||
return true
|
||||
|
||||
def main() -> ():
|
||||
|
||||
assert(testFive())
|
||||
assert(testMax())
|
||||
assert(testZero())
|
||||
|
||||
return
|
||||
|
|
@ -108,12 +108,14 @@ fn compile_and_run<T: Field>(t: Tests) {
|
|||
code,
|
||||
t.entry_point.clone(),
|
||||
Some(&resolver),
|
||||
&CompileConfig::default().with_is_release(true),
|
||||
&CompileConfig::default(),
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
let bin = artifacts.prog();
|
||||
|
||||
println!("NOTE: We do not compile in release mode here, so the metrics below are conservative");
|
||||
|
||||
match t.max_constraint_count {
|
||||
Some(target_count) => {
|
||||
let count = bin.constraint_count();
|
||||
|
|
|
|||
Loading…
Reference in a new issue