github-mig/ZoKrates
github-mig/ZoKrates
1
0
Fork 0
mirror of synced 2025-09-23 12:18:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #221 from Zokrates/add-sharound

Browse source 
Simplify SHA gadgets and add a stdlib
This commit is contained in:
Thibaut Schaeffer 2019-02-01 17:42:40 +01:00 committed by GitHub
commit 718158717f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
63 changed files with 752 additions and 1243 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.circleci/config.yml
View file

@ -20,7 +20,7 @@ jobs:
command: LIBSNARK_SOURCE_PATH=$HOME/libsnark ./build_libsnark.sh
- run:
name: Build
command: WITH_LIBSNARK=1 LIBSNARK_SOURCE_PATH=$HOME/libsnark RUSTFLAGS="-D warnings" ./build.sh
command: ZOKRATES_HOME=$(pwd)/stdlib/ WITH_LIBSNARK=1 LIBSNARK_SOURCE_PATH=$HOME/libsnark RUSTFLAGS="-D warnings" ./build.sh
- save_cache:
paths:
- /usr/local/cargo/registry
@ -50,10 +50,10 @@ jobs:
command: LIBSNARK_SOURCE_PATH=$HOME/libsnark ./build_libsnark.sh
- run:
name: Build
command: WITH_LIBSNARK=1 LIBSNARK_SOURCE_PATH=$HOME/libsnark RUSTFLAGS="-D warnings" ./build.sh
command: ZOKRATES_HOME=$(pwd)/stdlib/ WITH_LIBSNARK=1 LIBSNARK_SOURCE_PATH=$HOME/libsnark RUSTFLAGS="-D warnings" ./build.sh
- run:
name: Run tests
command: WITH_LIBSNARK=1 LIBSNARK_SOURCE_PATH=$HOME/libsnark RUSTFLAGS="-D warnings" cargo test --release -- --test-threads=1
command: ZOKRATES_HOME=$(pwd)/stdlib/ WITH_LIBSNARK=1 LIBSNARK_SOURCE_PATH=$HOME/libsnark RUSTFLAGS="-D warnings" cargo test --release -- --test-threads=1
- run:
name: Generate code coverage report
command: ./scripts/cov.sh
@ -93,10 +93,10 @@ jobs:
- v4-cargo-cache-{{ arch }}-{{ checksum "Cargo.lock" }}
- run:
name: Build libsnark
command: LIBSNARK_SOURCE_PATH=$HOME/libsnark ./build_libsnark.sh
command: ZOKRATES_HOME=$(pwd)/stdlib/ LIBSNARK_SOURCE_PATH=$HOME/libsnark ./build_libsnark.sh
- run:
name: Run integration tests
command: WITH_LIBSNARK=1 LIBSNARK_SOURCE_PATH=$HOME/libsnark RUSTFLAGS="-D warnings" cargo test --release -- --ignored
command: ZOKRATES_HOME=$(pwd)/stdlib/ WITH_LIBSNARK=1 LIBSNARK_SOURCE_PATH=$HOME/libsnark RUSTFLAGS="-D warnings" cargo test --release -- --ignored
deploy:
docker:
- image: circleci/python

4
stdlib/fortytwo.code
View file

@ -1,4 +0,0 @@
// just as an example, to be removed
def main() -> (field):
return 42

13
stdlib/hashes/sha256/1024bit.code Normal file
View file

@ -0,0 +1,13 @@
import "./IVconstants.code" as IVconstants
import "./shaRoundNoBoolCheck.code" as sha256
// A function that takes 4 field[256] arrays as inputs
// and applies 2 rounds of sha256 compression.
// It returns an array of 256 field elements.
def main(field[256] a, field[256] b, field[256] c, field[256] d) -> (field[256]):
IV = IVconstants()
digest1 = sha256(a, b, IV)
digest2 = sha256(c, d, digest1)
return digest2

14
stdlib/hashes/sha256/1536bit.code Normal file
View file

@ -0,0 +1,14 @@
import "./IVconstants.code" as IVconstants
import "./shaRoundNoBoolCheck.code" as sha256
// A function that takes 6 field[256] arrays as inputs
// and applies 3 rounds of sha256 compression.
// It returns an array of 256 field elements.
def main(field[256] a, field[256] b, field[256] c, field[256] d, field[256] e, field[256] f) -> (field[256]):
IV = IVconstants()
digest1 = sha256(a, b, IV)
digest2 = sha256(c, d, digest1)
digest3 = sha256(e, f, digest2)
return digest3

15
stdlib/hashes/sha256/512bit.code Normal file
View file

@ -0,0 +1,15 @@
import "./IVconstants.code" as IVconstants
import "./shaRoundNoBoolCheck.code" as sha256
// A function that takes 2 field[256] arrays as inputs
// and returns their sha256 compression function as an array of 256 field elements.
// In contrast to full_round.code no padding is being applied
def main(field[256] a, field[256] b) -> (field[256]):
// a and b is NOT checked to be of type bool
IV = IVconstants()
digest = sha256(a, b, IV)
//digest is constraint to be of type bool
return digest

22
stdlib/hashes/sha256/512bitPacked.code Normal file
View file

@ -0,0 +1,22 @@
import "PACKING/pack128" as pack128
import "PACKING/unpack128" as unpack128
import "./512bit.code" as sha256
// A function that takes an array of 4 field elements as inputs, unpacks each of them to 128
// bits (big endian), concatenates them and applies sha256.
// It then returns an array of two field elements, each representing 128 bits of the result.
def main(field[4] preimage) -> (field[2]):
a0, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20, a21, a22, a23, a24, a25, a26, a27, a28, a29, a30, a31, a32, a33, a34, a35, a36, a37, a38, a39, a40, a41, a42, a43, a44, a45, a46, a47, a48, a49, a50, a51, a52, a53, a54, a55, a56, a57, a58, a59, a60, a61, a62, a63, a64, a65, a66, a67, a68, a69, a70, a71, a72, a73, a74, a75, a76, a77, a78, a79, a80, a81, a82, a83, a84, a85, a86, a87, a88, a89, a90, a91, a92, a93, a94, a95, a96, a97, a98, a99, a100, a101, a102, a103, a104, a105, a106, a107, a108, a109, a110, a111, a112, a113, a114, a115, a116, a117, a118, a119, a120, a121, a122, a123, a124, a125, a126, a127 = unpack128(preimage[0])
b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, b10, b11, b12, b13, b14, b15, b16, b17, b18, b19, b20, b21, b22, b23, b24, b25, b26, b27, b28, b29, b30, b31, b32, b33, b34, b35, b36, b37, b38, b39, b40, b41, b42, b43, b44, b45, b46, b47, b48, b49, b50, b51, b52, b53, b54, b55, b56, b57, b58, b59, b60, b61, b62, b63, b64, b65, b66, b67, b68, b69, b70, b71, b72, b73, b74, b75, b76, b77, b78, b79, b80, b81, b82, b83, b84, b85, b86, b87, b88, b89, b90, b91, b92, b93, b94, b95, b96, b97, b98, b99, b100, b101, b102, b103, b104, b105, b106, b107, b108, b109, b110, b111, b112, b113, b114, b115, b116, b117, b118, b119, b120, b121, b122, b123, b124, b125, b126, b127 = unpack128(preimage[1])
c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26, c27, c28, c29, c30, c31, c32, c33, c34, c35, c36, c37, c38, c39, c40, c41, c42, c43, c44, c45, c46, c47, c48, c49, c50, c51, c52, c53, c54, c55, c56, c57, c58, c59, c60, c61, c62, c63, c64, c65, c66, c67, c68, c69, c70, c71, c72, c73, c74, c75, c76, c77, c78, c79, c80, c81, c82, c83, c84, c85, c86, c87, c88, c89, c90, c91, c92, c93, c94, c95, c96, c97, c98, c99, c100, c101, c102, c103, c104, c105, c106, c107, c108, c109, c110, c111, c112, c113, c114, c115, c116, c117, c118, c119, c120, c121, c122, c123, c124, c125, c126, c127 = unpack128(preimage[2])
d0, d1, d2, d3, d4, d5, d6, d7, d8, d9, d10, d11, d12, d13, d14, d15, d16, d17, d18, d19, d20, d21, d22, d23, d24, d25, d26, d27, d28, d29, d30, d31, d32, d33, d34, d35, d36, d37, d38, d39, d40, d41, d42, d43, d44, d45, d46, d47, d48, d49, d50, d51, d52, d53, d54, d55, d56, d57, d58, d59, d60, d61, d62, d63, d64, d65, d66, d67, d68, d69, d70, d71, d72, d73, d74, d75, d76, d77, d78, d79, d80, d81, d82, d83, d84, d85, d86, d87, d88, d89, d90, d91, d92, d93, d94, d95, d96, d97, d98, d99, d100, d101, d102, d103, d104, d105, d106, d107, d108, d109, d110, d111, d112, d113, d114, d115, d116, d117, d118, d119, d120, d121, d122, d123, d124, d125, d126, d127 = unpack128(preimage[3])
field[256] lhs = [a0, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20, a21, a22, a23, a24, a25, a26, a27, a28, a29, a30, a31, a32, a33, a34, a35, a36, a37, a38, a39, a40, a41, a42, a43, a44, a45, a46, a47, a48, a49, a50, a51, a52, a53, a54, a55, a56, a57, a58, a59, a60, a61, a62, a63, a64, a65, a66, a67, a68, a69, a70, a71, a72, a73, a74, a75, a76, a77, a78, a79, a80, a81, a82, a83, a84, a85, a86, a87, a88, a89, a90, a91, a92, a93, a94, a95, a96, a97, a98, a99, a100, a101, a102, a103, a104, a105, a106, a107, a108, a109, a110, a111, a112, a113, a114, a115, a116, a117, a118, a119, a120, a121, a122, a123, a124, a125, a126, a127, b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, b10, b11, b12, b13, b14, b15, b16, b17, b18, b19, b20, b21, b22, b23, b24, b25, b26, b27, b28, b29, b30, b31, b32, b33, b34, b35, b36, b37, b38, b39, b40, b41, b42, b43, b44, b45, b46, b47, b48, b49, b50, b51, b52, b53, b54, b55, b56, b57, b58, b59, b60, b61, b62, b63, b64, b65, b66, b67, b68, b69, b70, b71, b72, b73, b74, b75, b76, b77, b78, b79, b80, b81, b82, b83, b84, b85, b86, b87, b88, b89, b90, b91, b92, b93, b94, b95, b96, b97, b98, b99, b100, b101, b102, b103, b104, b105, b106, b107, b108, b109, b110, b111, b112, b113, b114, b115, b116, b117, b118, b119, b120, b121, b122, b123, b124, b125, b126, b127]
field[256] rhs = [c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25, c26, c27, c28, c29, c30, c31, c32, c33, c34, c35, c36, c37, c38, c39, c40, c41, c42, c43, c44, c45, c46, c47, c48, c49, c50, c51, c52, c53, c54, c55, c56, c57, c58, c59, c60, c61, c62, c63, c64, c65, c66, c67, c68, c69, c70, c71, c72, c73, c74, c75, c76, c77, c78, c79, c80, c81, c82, c83, c84, c85, c86, c87, c88, c89, c90, c91, c92, c93, c94, c95, c96, c97, c98, c99, c100, c101, c102, c103, c104, c105, c106, c107, c108, c109, c110, c111, c112, c113, c114, c115, c116, c117, c118, c119, c120, c121, c122, c123, c124, c125, c126, c127, d0, d1, d2, d3, d4, d5, d6, d7, d8, d9, d10, d11, d12, d13, d14, d15, d16, d17, d18, d19, d20, d21, d22, d23, d24, d25, d26, d27, d28, d29, d30, d31, d32, d33, d34, d35, d36, d37, d38, d39, d40, d41, d42, d43, d44, d45, d46, d47, d48, d49, d50, d51, d52, d53, d54, d55, d56, d57, d58, d59, d60, d61, d62, d63, d64, d65, d66, d67, d68, d69, d70, d71, d72, d73, d74, d75, d76, d77, d78, d79, d80, d81, d82, d83, d84, d85, d86, d87, d88, d89, d90, d91, d92, d93, d94, d95, d96, d97, d98, d99, d100, d101, d102, d103, d104, d105, d106, d107, d108, d109, d110, d111, d112, d113, d114, d115, d116, d117, d118, d119, d120, d121, d122, d123, d124, d125, d126, d127]
field[256] r = sha256(lhs, rhs)
res0 = pack128(r[0], r[1], r[2], r[3], r[4], r[5], r[6], r[7], r[8], r[9], r[10], r[11], r[12], r[13], r[14], r[15], r[16], r[17], r[18], r[19], r[20], r[21], r[22], r[23], r[24], r[25], r[26], r[27], r[28], r[29], r[30], r[31], r[32], r[33], r[34], r[35], r[36], r[37], r[38], r[39], r[40], r[41], r[42], r[43], r[44], r[45], r[46], r[47], r[48], r[49], r[50], r[51], r[52], r[53], r[54], r[55], r[56], r[57], r[58], r[59], r[60], r[61], r[62], r[63], r[64], r[65], r[66], r[67], r[68], r[69], r[70], r[71], r[72], r[73], r[74], r[75], r[76], r[77], r[78], r[79], r[80], r[81], r[82], r[83], r[84], r[85], r[86], r[87], r[88], r[89], r[90], r[91], r[92], r[93], r[94], r[95], r[96], r[97], r[98], r[99], r[100], r[101], r[102], r[103], r[104], r[105], r[106], r[107], r[108], r[109], r[110], r[111], r[112], r[113], r[114], r[115], r[116], r[117], r[118], r[119], r[120], r[121], r[122], r[123], r[124], r[125], r[126], r[127])
res1 = pack128(r[128], r[129], r[130], r[131], r[132], r[133], r[134], r[135], r[136], r[137], r[138], r[139], r[140], r[141], r[142], r[143], r[144], r[145], r[146], r[147], r[148], r[149], r[150], r[151], r[152], r[153], r[154], r[155], r[156], r[157], r[158], r[159], r[160], r[161], r[162], r[163], r[164], r[165], r[166], r[167], r[168], r[169], r[170], r[171], r[172], r[173], r[174], r[175], r[176], r[177], r[178], r[179], r[180], r[181], r[182], r[183], r[184], r[185], r[186], r[187], r[188], r[189], r[190], r[191], r[192], r[193], r[194], r[195], r[196], r[197], r[198], r[199], r[200], r[201], r[202], r[203], r[204], r[205], r[206], r[207], r[208], r[209], r[210], r[211], r[212], r[213], r[214], r[215], r[216], r[217], r[218], r[219], r[220], r[221], r[222], r[223], r[224], r[225], r[226], r[227], r[228], r[229], r[230], r[231], r[232], r[233], r[234], r[235], r[236], r[237], r[238], r[239], r[240], r[241], r[242], r[243], r[244], r[245], r[246], r[247], r[248], r[249], r[250], r[251], r[252], r[253], r[254], r[255])
return [res0, res1]

16
stdlib/hashes/sha256/512bitPadded.code Normal file
View file

@ -0,0 +1,16 @@
import "./1024bit.code" as sha256
// A function that takes 2 field[256] arrays as inputs
// and returns their sha256 full round output as an array of 256 field elements.
def main(field[256] a, field[256] b) -> (field[256]):
// Hash is computed on the full 512bit block size
// padding does not fit in the primary block
// add dummy block (single "1" followed by "0" + total length)
field[256] dummyblock1 = [1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
// total length of message is 512 bits: 0b1000000000
field[256] dummyblock2 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0]
digest = sha256(a, b, dummyblock1, dummyblock2)
return digest

14
stdlib/hashes/sha256/IVconstants.code Normal file
View file

@ -0,0 +1,14 @@
// SHA2 initial values are taken from here: https://en.wikipedia.org/wiki/SHA-2
def main() -> (field[256]):
field[32] h0 = [0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1]
field[32] h1 = [1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1]
field[32] h2 = [0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0]
field[32] h3 = [1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0]
field[32] h4 = [0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1]
field[32] h5 = [1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0]
field[32] h6 = [0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1]
field[32] h7 = [0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1]
field[256] IV = [h0[0], h0[1], h0[2], h0[3], h0[4], h0[5], h0[6], h0[7], h0[8], h0[9], h0[10], h0[11], h0[12], h0[13], h0[14], h0[15], h0[16], h0[17], h0[18], h0[19], h0[20], h0[21], h0[22], h0[23], h0[24], h0[25], h0[26], h0[27], h0[28], h0[29], h0[30], h0[31], h1[0], h1[1], h1[2], h1[3], h1[4], h1[5], h1[6], h1[7], h1[8], h1[9], h1[10], h1[11], h1[12], h1[13], h1[14], h1[15], h1[16], h1[17], h1[18], h1[19], h1[20], h1[21], h1[22], h1[23], h1[24], h1[25], h1[26], h1[27], h1[28], h1[29], h1[30], h1[31], h2[0], h2[1], h2[2], h2[3], h2[4], h2[5], h2[6], h2[7], h2[8], h2[9], h2[10], h2[11], h2[12], h2[13], h2[14], h2[15], h2[16], h2[17], h2[18], h2[19], h2[20], h2[21], h2[22], h2[23], h2[24], h2[25], h2[26], h2[27], h2[28], h2[29], h2[30], h2[31], h3[0], h3[1], h3[2], h3[3], h3[4], h3[5], h3[6], h3[7], h3[8], h3[9], h3[10], h3[11], h3[12], h3[13], h3[14], h3[15], h3[16], h3[17], h3[18], h3[19], h3[20], h3[21], h3[22], h3[23], h3[24], h3[25], h3[26], h3[27], h3[28], h3[29], h3[30], h3[31], h4[0], h4[1], h4[2], h4[3], h4[4], h4[5], h4[6], h4[7], h4[8], h4[9], h4[10], h4[11], h4[12], h4[13], h4[14], h4[15], h4[16], h4[17], h4[18], h4[19], h4[20], h4[21], h4[22], h4[23], h4[24], h4[25], h4[26], h4[27], h4[28], h4[29], h4[30], h4[31], h5[0], h5[1], h5[2], h5[3], h5[4], h5[5], h5[6], h5[7], h5[8], h5[9], h5[10], h5[11], h5[12], h5[13], h5[14], h5[15], h5[16], h5[17], h5[18], h5[19], h5[20], h5[21], h5[22], h5[23], h5[24], h5[25], h5[26], h5[27], h5[28], h5[29], h5[30], h5[31], h6[0], h6[1], h6[2], h6[3], h6[4], h6[5], h6[6], h6[7], h6[8], h6[9], h6[10], h6[11], h6[12], h6[13], h6[14], h6[15], h6[16], h6[17], h6[18], h6[19], h6[20], h6[21], h6[22], h6[23], h6[24], h6[25], h6[26], h6[27], h6[28], h6[29], h6[30], h6[31], h7[0], h7[1], h7[2], h7[3], h7[4], h7[5], h7[6], h7[7], h7[8], h7[9], h7[10], h7[11], h7[12], h7[13], h7[14], h7[15], h7[16], h7[17], h7[18], h7[19], h7[20], h7[21], h7[22], h7[23], h7[24], h7[25], h7[26], h7[27], h7[28], h7[29], h7[30], h7[31]]
return IV

11
stdlib/hashes/sha256/shaRoundNoBoolCheck.code Normal file
View file

File diff suppressed because one or more lines are too long

0
zokrates_cli/examples/sha256/binary/and.code → stdlib/utils/binary/and.code
View file

3
stdlib/utils/binary/isbool.code Normal file
View file

@ -0,0 +1,3 @@
def main(field a) -> (field):
0 == (a-1)*a
return 1

0
zokrates_cli/examples/sha256/binary/not.code → stdlib/utils/binary/not.code
View file

0
zokrates_cli/examples/sha256/binary/or.code → stdlib/utils/binary/or.code
View file

0
zokrates_cli/examples/sha256/binary/xor.code → stdlib/utils/binary/xor.code
View file

5
stdlib/utils/casts/128to256array.code Normal file
View file

@ -0,0 +1,5 @@
def main(field[128] a, field[128] b) -> (field[256]):
field[256] out = [a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], a[14], a[15], a[16], a[17], a[18], a[19], a[20], a[21], a[22], a[23], a[24], a[25], a[26], a[27], a[28], a[29], a[30], a[31], a[32], a[33], a[34], a[35], a[36], a[37], a[38], a[39], a[40], a[41], a[42], a[43], a[44], a[45], a[46], a[47], a[48], a[49], a[50], a[51], a[52], a[53], a[54], a[55], a[56], a[57], a[58], a[59], a[60], a[61], a[62], a[63], a[64], a[65], a[66], a[67], a[68], a[69], a[70], a[71], a[72], a[73], a[74], a[75], a[76], a[77], a[78], a[79], a[80], a[81], a[82], a[83], a[84], a[85], a[86], a[87], a[88], a[89], a[90], a[91], a[92], a[93], a[94], a[95], a[96], a[97], a[98], a[99], a[100], a[101], a[102], a[103], a[104], a[105], a[106], a[107], a[108], a[109], a[110], a[111], a[112], a[113], a[114], a[115], a[116], a[117], a[118], a[119], a[120], a[121], a[122], a[123], a[124], a[125], a[126], a[127], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[32], b[33], b[34], b[35], b[36], b[37], b[38], b[39], b[40], b[41], b[42], b[43], b[44], b[45], b[46], b[47], b[48], b[49], b[50], b[51], b[52], b[53], b[54], b[55], b[56], b[57], b[58], b[59], b[60], b[61], b[62], b[63], b[64], b[65], b[66], b[67], b[68], b[69], b[70], b[71], b[72], b[73], b[74], b[75], b[76], b[77], b[78], b[79], b[80], b[81], b[82], b[83], b[84], b[85], b[86], b[87], b[88], b[89], b[90], b[91], b[92], b[93], b[94], b[95], b[96], b[97], b[98], b[99], b[100], b[101], b[102], b[103], b[104], b[105], b[106], b[107], b[108], b[109], b[110], b[111], b[112], b[113], b[114], b[115], b[116], b[117], b[118], b[119], b[120], b[121], b[122], b[123], b[124], b[125], b[126], b[127]]
return out

6
stdlib/utils/casts/256to128array.code Normal file
View file

@ -0,0 +1,6 @@
def main(field[256] a) -> (field[128], field[128]):
field[128] out1 = [a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], a[14], a[15], a[16], a[17], a[18], a[19], a[20], a[21], a[22], a[23], a[24], a[25], a[26], a[27], a[28], a[29], a[30], a[31], a[32], a[33], a[34], a[35], a[36], a[37], a[38], a[39], a[40], a[41], a[42], a[43], a[44], a[45], a[46], a[47], a[48], a[49], a[50], a[51], a[52], a[53], a[54], a[55], a[56], a[57], a[58], a[59], a[60], a[61], a[62], a[63], a[64], a[65], a[66], a[67], a[68], a[69], a[70], a[71], a[72], a[73], a[74], a[75], a[76], a[77], a[78], a[79], a[80], a[81], a[82], a[83], a[84], a[85], a[86], a[87], a[88], a[89], a[90], a[91], a[92], a[93], a[94], a[95], a[96], a[97], a[98], a[99], a[100], a[101], a[102], a[103], a[104], a[105], a[106], a[107], a[108], a[109], a[110], a[111], a[112], a[113], a[114], a[115], a[116], a[117], a[118], a[119], a[120], a[121], a[122], a[123], a[124], a[125], a[126], a[127]]
field[128] out2 = [a[128], a[129], a[130], a[131], a[132], a[133], a[134], a[135], a[136], a[137], a[138], a[139], a[140], a[141], a[142], a[143], a[144], a[145], a[146], a[147], a[148], a[149], a[150], a[151], a[152], a[153], a[154], a[155], a[156], a[157], a[158], a[159], a[160], a[161], a[162], a[163], a[164], a[165], a[166], a[167], a[168], a[169], a[170], a[171], a[172], a[173], a[174], a[175], a[176], a[177], a[178], a[179], a[180], a[181], a[182], a[183], a[184], a[185], a[186], a[187], a[188], a[189], a[190], a[191], a[192], a[193], a[194], a[195], a[196], a[197], a[198], a[199], a[200], a[201], a[202], a[203], a[204], a[205], a[206], a[207], a[208], a[209], a[210], a[211], a[212], a[213], a[214], a[215], a[216], a[217], a[218], a[219], a[220], a[221], a[222], a[223], a[224], a[225], a[226], a[227], a[228], a[229], a[230], a[231], a[232], a[233], a[234], a[235], a[236], a[237], a[238], a[239], a[240], a[241], a[242], a[243], a[244], a[245], a[246], a[247], a[248], a[249], a[250], a[251], a[252], a[253], a[254], a[255]]
return out1, out2

9
stdlib/utils/multiplexer/256bit.code Normal file
View file

@ -0,0 +1,9 @@
def main(field selector, field[256] lhs, field[256] rhs) -> (field[256]):
field[256] out = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
for field i in 0..256 do
out[i] = if selector == 0 then lhs[i] else rhs[i] fi
endfor
return out

9
stdlib/utils/multiplexer/2bit.code Normal file
View file

@ -0,0 +1,9 @@
def main(field selector, field[2] lhs, field[2] rhs) -> (field[2]):
field[2] out = [0, 0]
for field i in 0..2 do
out[i] = if selector == 0 then lhs[i] else rhs[i] fi
endfor
return out

1
zokrates_book/src/SUMMARY.md
View file

@ -9,6 +9,7 @@
- [Types](./concepts/types.md)
- [Functions](./concepts/functions.md)
- [Control flow](./concepts/control_flow.md)
- [Imports](./concepts/imports.md)
- [Comments](./concepts/comments.md)
- [Standard Library](./concepts/stdlib.md)

30
zokrates_book/src/concepts/imports.md Normal file
View file

@ -0,0 +1,30 @@
## Imports
You can separate your code into multiple ZoKrates files using `import` statements:
### Relative Imports
You can import a resource in the same folder directly, like this:
```zokrates
import "./mycode.code"
```
There also is a handy syntax to import from the parent directory:
```zokrates
import "../mycode.code"
```
Also imports further up the file-system are supported:
```zokrates
import "../../../mycode.code"
```
You can also choose to rename the imported resource, like so:
```zokrates
import "./mycode.code" as abc
```
### Absolute Imports
Absolute imports don't start with `./` or `../` in the path and are used to import components from the ZoKrates standard library. Please check the according [section](./stdlib.html) for more details.
`

33
zokrates_book/src/concepts/stdlib.md
View file

@ -1,32 +1,41 @@
## Standard library
ZoKrates comes with a number of reusable components. For now, these components are:
ZoKrates comes with a number of reusable components which are defined at `./stdlib/` in the ZoKrates root repository. In order to import the standard library as described in the [imports](./imports.html) section the `$ZOKRATES_HOME` environment variable needs to be set to the `stdlib` folder. The standard library is solely based on the ZoKrates DSL and can be easily extended.
### sha256
The following section highlights a subset of available imports:
#### sha256
```zokrates
import "LIBSNARK/sha256"
import "hashes/sha256/512Padded.code"
```
A function that takes 512 field elements as inputs, checks that they are all bits, and returns their sha256 hash as 256 field elements.
A function that takes 2 `field[256]` arrays as inputs and returns their sha256 compression function as an array of 256 field elements.
### sha256compression
#### sha256compression
```zokrates
import "LIBSNARK/sha256compression"
import "hashes/sha256/512bit.code"
```
A function that takes 512 field elements as inputs, checks that they are all bits, and returns the result of applying the sha256 compression function on them. The difference with `sha256` is that no padding is added at the end of the message, which makes it more efficient but also less compatible with Solidity.
A function that takes 2 `field[256]` arrays as inputs and returns their sha256 compression function as an array of 256 field elements.
The difference with `sha256` is that no padding is added at the end of the message, which makes it more efficient but also less compatible with Solidity.
### sha256packed
There also is support for 2 round (1024bit input) and and 3 round (1536bit input) variants, using `hashes/1024bit.code` or `hashes/1536bit.code` respectively.
#### sha256packed
```zokrates
import "LIBSNARK/sha256packed"
import "hashes/sha256/512bitPacked.code"
```
A function that takes 4 field elements as inputs, unpacks each of them to 128 bits (big endian), concatenates them and applies sha256. It then returns two field elements, each representing 128 bits of the result.
A function that takes an array of 4 field elements as inputs, unpacks each of them to 128 bits (big endian), concatenates them and applies sha256. It then returns an array of 2 field elements, each representing 128 bits of the result.
### pack128
### Direct imports
Some components of the standard library cannot yet be efficiently represented in the ZoKrates DSL language. Those functions are injected at compile-time and are available by default.
#### pack128
```zokrates
import "PACKING/pack128"
@ -34,7 +43,7 @@ import "PACKING/pack128"
Packs 128 field elements as one.
### unpack128
#### unpack128
```zokrates
import "PACKING/unpack128"

11
zokrates_cli/examples/TestStdlib/hashes/sha256/test512bit.code Normal file
View file

@ -0,0 +1,11 @@
import "hashes/sha256/512bit.code" as sha256
def main() -> (field):
field[256] a = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
field[256] b = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1]
field[256] digest = sha256(a, b)
digest == [0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,1 ,0 ,0 ,1 ,1 ,0 ,0 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,0 ,1 ,0 ,1 ,1 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,1 ,0 ,1 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,0 ,0 ,0 ,1 ,1 ,0 ,0 ,1 ,1 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,0 ,0 ,1 ,0 ,1 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,0 ,1 ,0 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,0 ,0 ,1 ,1 ,1 ,0 ,0 ,1 ,1 ,1 ,0 ,0 ,1 ,1 ,1 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,1 ,1 ,0 ,1 ,0 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,1 ,1 ,1 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,0 ,1 ,0 ,1 ,1 ,0 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,0 ,1 ,0 ,0 ,1 ,0 ,1 ,1 ,0 ,1]
return 1

31
zokrates_cli/examples/TestStdlib/hashes/sha256/test512bitPacked.code Normal file
View file

@ -0,0 +1,31 @@
// Python code used to create test vector:
// import hashlib
// preimage = bytes.fromhex('00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\
// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05')
// bin(int(preimage.hex(), 16))
// # '0b101'
// digest = hashlib.sha256(preimage).hexdigest()
// # digest = 'c6481e22c5ff4164af680b8cfaa5e8ed3120eeff89c4f307c4a6faaae059ce10'
// int(digest[:32], 16)
// # 263561599766550617289250058199814760685
// int(digest[32:], 16)
// # 65303172752238645975888084098459749904
import "hashes/sha256/512bitPacked.code" as sha256packed
def main() -> (field):
field a = 0
field b = 0
field c = 0
field d = 5
h = sha256packed([a, b, c, d])
h[0] == 263561599766550617289250058199814760685
h[1] == 65303172752238645975888084098459749904
return 1

25
zokrates_cli/examples/TestStdlib/hashes/sha256/test512bitPadded.code Normal file
View file

@ -0,0 +1,25 @@
// Python code used to create test vector:
// import hashlib
// preimage = bytes.fromhex('00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\
// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05')
// bin(int(preimage.hex(), 16))
// # '0b101'
// digest = hashlib.sha256(preimage).hexdigest()
// # digest = 'c6481e22c5ff4164af680b8cfaa5e8ed3120eeff89c4f307c4a6faaae059ce10'
// bin(int(digest, 16))
// # '0b1100011001001000000111100010001011000101111111110100000101100100101011110110100000001011100011001111101010100101111010001110110100110001001000001110111011111111100010011100010011110011000001111100010010100110111110101010101011100000010110011100111000010000'
import "hashes/sha256/512bitPadded.code" as sha256
def main() -> (field):
field[256] a = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
field[256] b = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1]
field[256] digest = sha256(a, b)
digest == [1 ,1 ,0 ,0 ,0 ,1 ,1 ,0 ,0 ,1 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,0 ,0 ,1 ,0 ,0 ,1 ,0 ,1 ,0 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,1 ,0 ,0 ,0 ,1 ,1 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,0 ,1 ,0 ,1 ,0 ,0 ,1 ,0 ,1 ,1 ,1 ,1 ,0 ,1 ,0 ,0 ,0 ,1 ,1 ,1 ,0 ,1 ,1 ,0 ,1 ,0 ,0 ,1 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,1 ,1 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,1 ,0 ,1 ,0 ,0 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,0 ,1 ,0 ,1 ,0 ,1 ,0 ,1 ,0 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,0 ,0 ,1 ,1 ,1 ,0 ,0 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0]
return 1

12
zokrates_cli/examples/TestStdlib/utils/multiplexer/test2bit.code Normal file
View file

@ -0,0 +1,12 @@
import "utils/multiplexer/2bit.code" as multiplex
def main() -> (field[2]):
field bit = 1
field[2] output = [0, 0]
field[2] a = [0, 1]
field[2] b = [1, 0]
output == multiplex(bit, a, b)
return output

8
zokrates_cli/examples/book/hashexample.code
View file

@ -1,5 +1,5 @@
import "LIBSNARK/sha256packed"
import "hashes/sha256/512bitPacked.code" as sha256packed
def main(private field a, private field b, private field c, private field d) -> (field, field):
h0, h1 = sha256packed(a, b, c, d)
return h0, h1
def main(private field a, private field b, private field c, private field d) -> (field[2]):
h = sha256packed([a, b, c, d])
return h

8
zokrates_cli/examples/book/hashexample_updated.code
View file

@ -1,7 +1,7 @@
import "LIBSNARK/sha256packed"
import "hashes/sha256/512bitPacked.code" as sha256packed
def main(private field a, private field b, private field c, private field d) -> (field):
h0, h1 = sha256packed(a, b, c, d)
h0 == 263561599766550617289250058199814760685
h1 == 65303172752238645975888084098459749904
h = sha256packed([a, b, c, d])
h[0] == 263561599766550617289250058199814760685
h[1] == 65303172752238645975888084098459749904
return 1

31
zokrates_cli/examples/merkleTree/sha256PathProof3.code Normal file
View file

@ -0,0 +1,31 @@
import "hashes/sha256/512bit.code" as sha256
import "utils/multiplexer/256bit.code" as multiplex
import "utils/binary/not.code" as NOT
// Merke-Tree inclusion proof for tree depth 3
def main(field treeDepth, field[256] rootDigest, private field[256] leafDigest, private field[2] directionSelector, field[256] PathDigest0, private field[256] PathDigest1) -> (field):
//Setup
field[256] currentDigest = leafDigest
field counter = 1
field currentDirection = 0
//Loop up the tree
currentDirection = directionSelector[0]
lhs = multiplex(currentDirection, currentDigest, PathDigest0)
rhs = multiplex(NOT(currentDirection), currentDigest, PathDigest0)
currentDigest = sha256(lhs, rhs)
counter = counter + 1
currentDirection = directionSelector[1]
lhs = multiplex(currentDirection, currentDigest, PathDigest1)
rhs = multiplex(NOT(currentDirection), currentDigest, PathDigest1)
currentDigest = sha256(lhs, rhs)
counter = counter + 1
//Asserts
counter == treeDepth
rootDigest == currentDigest
return 1 //return true in success

13
zokrates_cli/examples/merkleTree/testsha256PathProof3.code Normal file
View file

@ -0,0 +1,13 @@
import "./sha256PathProof3.code" as merkleTreeProof
def main() -> (field):
field treeDepth = 3
field[256] rootDigest = [1 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,0 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,1 ,0 ,1 ,0 ,1 ,0 ,0 ,1 ,1 ,0 ,0 ,0 ,1 ,1 ,0 ,1 ,0 ,1 ,1 ,0 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,1 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,1 ,0 ,0 ,1 ,0 ,1 ,1 ,1 ,0 ,1 ,0 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,1 ,1 ,0 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,0 ,1 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,1 ,0 ,0 ,1 ,1 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,1 ,0]
field[256] leafDigest = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1]
field[2] directionSelector = [0, 0]
field[256] PathDigest0 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1]
field[256] PathDigest1 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1]
field out = merkleTreeProof(treeDepth,rootDigest,leafDigest,directionSelector,PathDigest0,PathDigest1)
return 1

4
zokrates_cli/examples/sha256/binary/andxorandxorand.code
View file

@ -1,7 +1,7 @@
// ANDXORANDXORAND
import "./xor.code" as XOR
import "./and.code" as AND
import "utils/binary/xor.code" as XOR
import "utils/binary/and.code" as AND
def main(field a, field b, field c) -> (field):
return XOR(XOR(AND(a, b), AND(a, c)), AND(b, c))

6
zokrates_cli/examples/sha256/binary/andxornotand.code
View file

@ -1,8 +1,8 @@
// ANDXORNOTAND
import "./and.code" as AND
import "./xor.code" as XOR
import "./not.code" as NOT
import "utils/binary/and.code" as AND
import "utils/binary/xor.code" as XOR
import "utils/binary/not.code" as NOT
def main(field a, field b, field c) -> (field):
return XOR(AND(a, b), AND(NOT(a), c))

2
zokrates_cli/examples/sha256/binary/fulladd.code
View file

@ -1,7 +1,7 @@
// FULLADD
import "./halfadd.code" as HALFADD
import "./or.code" as OR
import "utils/binary/or.code" as OR
def main(field a, field b, field car) -> (field, field):
out1, car1 = HALFADD(a, b)

4
zokrates_cli/examples/sha256/binary/halfadd.code
View file

@ -1,7 +1,7 @@
// HALFADD
import "./xor.code" as XOR
import "./and.code" as AND
import "utils/binary/xor.code" as XOR
import "utils/binary/and.code" as AND
def main(field a, field b) -> (field, field):
return XOR(a, b), AND(a, b)

2
zokrates_cli/examples/sha256/bitwise/32/and.code
View file

@ -1,6 +1,6 @@
// AND
import "./../../binary/and.code" as AND
import "utils/binary/and.code" as AND
def main(field[32] b, field[32] c) -> (field[32]):
field[32] result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

4
zokrates_cli/examples/sha256/bitwise/32/copy.code
View file

@ -1,4 +0,0 @@
// COPY
def main(field[32] b) -> (field[32]):
return b

2
zokrates_cli/examples/sha256/bitwise/32/not.code
View file

@ -1,6 +1,6 @@
// NOT
import "./../../binary/not.code" as NOT
import "utils/binary/not.code" as NOT
def main(field[32] b) -> (field[32]):
field[32] result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

2
zokrates_cli/examples/sha256/bitwise/32/xor.code
View file

@ -1,6 +1,6 @@
// XOR
import "./../../binary/xor.code" as XOR
import "utils/binary/xor.code" as XOR
def main(field[32] b, field[32] c) -> (field[32]):
field[32] result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

2
zokrates_cli/examples/sha256/utils/32/add.code
View file

@ -1,6 +1,6 @@
// ADD
import "./../../binary/fulladd.code" as FULLADD
import "../../binary/fulladd.code" as FULLADD
def main(field[32] b, field[32] c) -> (field[32]):
field[33] car = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

2
zokrates_cli/examples/sha256/utils/32/ar17xar19xars10.code
View file

@ -1,6 +1,6 @@
// AR17XAR19XAR10
import "./../../bitwise/32/xor.code" as XOR
import "../../bitwise/32/xor.code" as XOR
def RR17(field[32] b) -> (field[32]):
return [b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14]]

2
zokrates_cli/examples/sha256/utils/32/ar2xar13xar22.code
View file

@ -1,6 +1,6 @@
// AR2XAR13XAR22
import "./../../bitwise/32/xor.code" as XOR
import "../../bitwise/32/xor.code" as XOR
def RR2(field[32] b) -> (field[32]):
return [b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29]]

2
zokrates_cli/examples/sha256/utils/32/ar6xar11xar25.code
View file

@ -1,6 +1,6 @@
// AR6XAR11XAR25
import "./../../bitwise/32/xor.code" as XOR
import "../../bitwise/32/xor.code" as XOR
def RR6(field[32] b) -> (field[32]):
return [b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25]]

2
zokrates_cli/examples/sha256/utils/32/ar7xar18xars3.code
View file

@ -1,6 +1,6 @@
// AR7XAR18XAR3
import "./../../bitwise/32/xor.code" as XOR
import "../../bitwise/32/xor.code" as XOR
def RR7(field[32] b) -> (field[32]):
return [b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24]]

4
zokrates_cli/examples/sha256/utils/32/compression_round.code
View file

@ -2,8 +2,8 @@
import "./ar6xar11xar25.code" as AR6XAR11XAR25
import "./ar2xar13xar22.code" as AR2XAR13XAR22
import "./../../bitwise/32/andxornotand.code" as ANDXORNOTAND
import "./../../bitwise/32/andxorandxorand.code" as ANDXORANDXORAND
import "../../bitwise/32/andxornotand.code" as ANDXORNOTAND
import "../../bitwise/32/andxorandxorand.code" as ANDXORANDXORAND
import "./add.code" as ADD2
def ADD5(field[32] a, field[32] b, field[32] c, field[32] d, field[32] e) -> (field[32]):

22
zokrates_cli/tests/code/sha_ethereum_libsnark.code
View file

@ -1,22 +0,0 @@
//This example creates the equivalent output as the following solidity code:
//pragma solidity ^0.4.24;
//contract SHA256Test {
// event Success(
// bytes32 indexed _id
// );
//
// function calc_sha() public returns (bytes32) {
// bytes32 a = 0x5;
// bytes32 b = 0x0;
// bytes32 result = sha256(b,a);
// emit Success(result);
// return result;
// }
//}
//
import "LIBSNARK/sha256"
def main(field a) -> (field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field):
o255, o254, o253, o252, o251, o250, o249, o248, o247, o246, o245, o244, o243, o242, o241, o240, o239, o238, o237, o236, o235, o234, o233, o232, o231, o230, o229, o228, o227, o226, o225, o224, o223, o222, o221, o220, o219, o218, o217, o216, o215, o214, o213, o212, o211, o210, o209, o208, o207, o206, o205, o204, o203, o202, o201, o200, o199, o198, o197, o196, o195, o194, o193, o192, o191, o190, o189, o188, o187, o186, o185, o184, o183, o182, o181, o180, o179, o178, o177, o176, o175, o174, o173, o172, o171, o170, o169, o168, o167, o166, o165, o164, o163, o162, o161, o160, o159, o158, o157, o156, o155, o154, o153, o152, o151, o150, o149, o148, o147, o146, o145, o144, o143, o142, o141, o140, o139, o138, o137, o136, o135, o134, o133, o132, o131, o130, o129, o128, o127, o126, o125, o124, o123, o122, o121, o120, o119, o118, o117, o116, o115, o114, o113, o112, o111, o110, o109, o108, o107, o106, o105, o104, o103, o102, o101, o100, o99, o98, o97, o96, o95, o94, o93, o92, o91, o90, o89, o88, o87, o86, o85, o84, o83, o82, o81, o80, o79, o78, o77, o76, o75, o74, o73, o72, o71, o70, o69, o68, o67, o66, o65, o64, o63, o62, o61, o60, o59, o58, o57, o56, o55, o54, o53, o52, o51, o50, o49, o48, o47, o46, o45, o44, o43, o42, o41, o40, o39, o38, o37, o36, o35, o34, o33, o32, o31, o30, o29, o28, o27, o26, o25, o24, o23, o22, o21, o20, o19, o18, o17, o16, o15, o14, o13, o12, o11, o10, o9, o8, o7, o6, o5, o4, o3, o2, o1, o0 = sha256(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1)
return o255, o254, o253, o252, o251, o250, o249, o248, o247, o246, o245, o244, o243, o242, o241, o240, o239, o238, o237, o236, o235, o234, o233, o232, o231, o230, o229, o228, o227, o226, o225, o224, o223, o222, o221, o220, o219, o218, o217, o216, o215, o214, o213, o212, o211, o210, o209, o208, o207, o206, o205, o204, o203, o202, o201, o200, o199, o198, o197, o196, o195, o194, o193, o192, o191, o190, o189, o188, o187, o186, o185, o184, o183, o182, o181, o180, o179, o178, o177, o176, o175, o174, o173, o172, o171, o170, o169, o168, o167, o166, o165, o164, o163, o162, o161, o160, o159, o158, o157, o156, o155, o154, o153, o152, o151, o150, o149, o148, o147, o146, o145, o144, o143, o142, o141, o140, o139, o138, o137, o136, o135, o134, o133, o132, o131, o130, o129, o128, o127, o126, o125, o124, o123, o122, o121, o120, o119, o118, o117, o116, o115, o114, o113, o112, o111, o110, o109, o108, o107, o106, o105, o104, o103, o102, o101, o100, o99, o98, o97, o96, o95, o94, o93, o92, o91, o90, o89, o88, o87, o86, o85, o84, o83, o82, o81, o80, o79, o78, o77, o76, o75, o74, o73, o72, o71, o70, o69, o68, o67, o66, o65, o64, o63, o62, o61, o60, o59, o58, o57, o56, o55, o54, o53, o52, o51, o50, o49, o48, o47, o46, o45, o44, o43, o42, o41, o40, o39, o38, o37, o36, o35, o34, o33, o32, o31, o30, o29, o28, o27, o26, o25, o24, o23, o22, o21, o20, o19, o18, o17, o16, o15, o14, o13, o12, o11, o10, o9, o8, o7, o6, o5, o4, o3, o2, o1, o0

256
zokrates_cli/tests/code/sha_ethereum_libsnark.expected.witness
View file

@ -1,256 +0,0 @@
~out_255 0
~out_254 0
~out_253 0
~out_252 0
~out_251 1
~out_250 0
~out_249 0
~out_248 0
~out_247 0
~out_246 1
~out_245 1
~out_244 1
~out_243 0
~out_242 0
~out_241 1
~out_240 1
~out_239 1
~out_238 0
~out_237 0
~out_236 1
~out_235 1
~out_234 0
~out_233 1
~out_232 0
~out_231 0
~out_230 0
~out_229 0
~out_228 0
~out_227 0
~out_226 1
~out_225 1
~out_224 1
~out_223 0
~out_222 1
~out_221 0
~out_220 1
~out_219 0
~out_218 1
~out_217 0
~out_216 1
~out_215 0
~out_214 1
~out_213 0
~out_212 1
~out_211 1
~out_210 1
~out_209 1
~out_208 1
~out_207 0
~out_206 1
~out_205 1
~out_204 0
~out_203 0
~out_202 1
~out_201 0
~out_200 1
~out_199 0
~out_198 0
~out_197 1
~out_196 0
~out_195 0
~out_194 0
~out_193 1
~out_192 1
~out_191 1
~out_190 1
~out_189 1
~out_188 0
~out_187 0
~out_186 0
~out_185 0
~out_184 0
~out_183 1
~out_182 1
~out_181 0
~out_180 0
~out_179 1
~out_178 1
~out_177 1
~out_176 1
~out_175 0
~out_174 0
~out_173 1
~out_172 0
~out_171 0
~out_170 0
~out_169 1
~out_168 1
~out_167 1
~out_166 0
~out_165 0
~out_164 1
~out_163 0
~out_162 0
~out_161 0
~out_160 1
~out_159 1
~out_158 1
~out_157 1
~out_156 1
~out_155 1
~out_154 1
~out_153 1
~out_152 1
~out_151 0
~out_150 1
~out_149 1
~out_148 1
~out_147 0
~out_146 1
~out_145 1
~out_144 1
~out_143 0
~out_142 0
~out_141 0
~out_140 0
~out_139 0
~out_138 1
~out_137 0
~out_136 0
~out_135 1
~out_134 0
~out_133 0
~out_132 0
~out_131 1
~out_130 1
~out_129 0
~out_128 0
~out_127 1
~out_126 0
~out_125 1
~out_124 1
~out_123 0
~out_122 1
~out_121 1
~out_120 1
~out_119 0
~out_118 0
~out_117 0
~out_116 1
~out_115 0
~out_114 1
~out_113 1
~out_112 1
~out_111 1
~out_110 0
~out_109 1
~out_108 0
~out_107 0
~out_106 1
~out_105 0
~out_104 1
~out_103 0
~out_102 1
~out_101 0
~out_100 1
~out_99 1
~out_98 1
~out_97 1
~out_96 1
~out_95 0
~out_94 0
~out_93 1
~out_92 1
~out_91 0
~out_90 0
~out_89 0
~out_88 1
~out_87 1
~out_86 1
~out_85 0
~out_84 1
~out_83 0
~out_82 0
~out_81 0
~out_80 0
~out_79 0
~out_78 0
~out_77 0
~out_76 1
~out_75 0
~out_74 1
~out_73 1
~out_72 0
~out_71 1
~out_70 1
~out_69 1
~out_68 1
~out_67 0
~out_66 1
~out_65 0
~out_64 1
~out_63 0
~out_62 0
~out_61 1
~out_60 0
~out_59 0
~out_58 1
~out_57 1
~out_56 0
~out_55 1
~out_54 0
~out_53 0
~out_52 0
~out_51 0
~out_50 0
~out_49 1
~out_48 0
~out_47 1
~out_46 1
~out_45 1
~out_44 1
~out_43 1
~out_42 1
~out_41 1
~out_40 1
~out_39 1
~out_38 0
~out_37 1
~out_36 0
~out_35 0
~out_34 0
~out_33 1
~out_32 1
~out_31 0
~out_30 1
~out_29 0
~out_28 0
~out_27 0
~out_26 1
~out_25 0
~out_24 0
~out_23 0
~out_22 1
~out_21 1
~out_20 1
~out_19 1
~out_18 0
~out_17 0
~out_16 0
~out_15 0
~out_14 0
~out_13 0
~out_12 1
~out_11 0
~out_10 0
~out_9 1
~out_8 0
~out_7 0
~out_6 1
~out_5 1
~out_4 0
~out_3 0
~out_2 0
~out_1 1
~out_0 1

1
zokrates_cli/tests/code/sha_libsnark.arguments.json
View file

@ -1 +0,0 @@
[42]

6
zokrates_cli/tests/code/sha_libsnark.code
View file

@ -1,6 +0,0 @@
import "LIBSNARK/sha256compression"
def main(field a) -> (field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field):
o255, o254, o253, o252, o251, o250, o249, o248, o247, o246, o245, o244, o243, o242, o241, o240, o239, o238, o237, o236, o235, o234, o233, o232, o231, o230, o229, o228, o227, o226, o225, o224, o223, o222, o221, o220, o219, o218, o217, o216, o215, o214, o213, o212, o211, o210, o209, o208, o207, o206, o205, o204, o203, o202, o201, o200, o199, o198, o197, o196, o195, o194, o193, o192, o191, o190, o189, o188, o187, o186, o185, o184, o183, o182, o181, o180, o179, o178, o177, o176, o175, o174, o173, o172, o171, o170, o169, o168, o167, o166, o165, o164, o163, o162, o161, o160, o159, o158, o157, o156, o155, o154, o153, o152, o151, o150, o149, o148, o147, o146, o145, o144, o143, o142, o141, o140, o139, o138, o137, o136, o135, o134, o133, o132, o131, o130, o129, o128, o127, o126, o125, o124, o123, o122, o121, o120, o119, o118, o117, o116, o115, o114, o113, o112, o111, o110, o109, o108, o107, o106, o105, o104, o103, o102, o101, o100, o99, o98, o97, o96, o95, o94, o93, o92, o91, o90, o89, o88, o87, o86, o85, o84, o83, o82, o81, o80, o79, o78, o77, o76, o75, o74, o73, o72, o71, o70, o69, o68, o67, o66, o65, o64, o63, o62, o61, o60, o59, o58, o57, o56, o55, o54, o53, o52, o51, o50, o49, o48, o47, o46, o45, o44, o43, o42, o41, o40, o39, o38, o37, o36, o35, o34, o33, o32, o31, o30, o29, o28, o27, o26, o25, o24, o23, o22, o21, o20, o19, o18, o17, o16, o15, o14, o13, o12, o11, o10, o9, o8, o7, o6, o5, o4, o3, o2, o1, o0 = sha256compression(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,1,0,0,0,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,0,1,1,0,1,0,0,0,0,1,1,1,0,0,0,0,0,1,1,1,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,1,0,0,0,1,0,1,0,0,0,0,0,1,0,1,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,1,0,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,0,1,0,0,1,1,1,0,0,1,0,1,0,0,0,0,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,0,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,0,1,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,0,1,0,0,1,1,0,0,1,0,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,1,0,0,1,1,1,0,0,0,0,0,1,1,1,0,0,1,0,0,1,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,1,1,1,0,0,0,1,1,1,1,1,1)
return o255, o254, o253, o252, o251, o250, o249, o248, o247, o246, o245, o244, o243, o242, o241, o240, o239, o238, o237, o236, o235, o234, o233, o232, o231, o230, o229, o228, o227, o226, o225, o224, o223, o222, o221, o220, o219, o218, o217, o216, o215, o214, o213, o212, o211, o210, o209, o208, o207, o206, o205, o204, o203, o202, o201, o200, o199, o198, o197, o196, o195, o194, o193, o192, o191, o190, o189, o188, o187, o186, o185, o184, o183, o182, o181, o180, o179, o178, o177, o176, o175, o174, o173, o172, o171, o170, o169, o168, o167, o166, o165, o164, o163, o162, o161, o160, o159, o158, o157, o156, o155, o154, o153, o152, o151, o150, o149, o148, o147, o146, o145, o144, o143, o142, o141, o140, o139, o138, o137, o136, o135, o134, o133, o132, o131, o130, o129, o128, o127, o126, o125, o124, o123, o122, o121, o120, o119, o118, o117, o116, o115, o114, o113, o112, o111, o110, o109, o108, o107, o106, o105, o104, o103, o102, o101, o100, o99, o98, o97, o96, o95, o94, o93, o92, o91, o90, o89, o88, o87, o86, o85, o84, o83, o82, o81, o80, o79, o78, o77, o76, o75, o74, o73, o72, o71, o70, o69, o68, o67, o66, o65, o64, o63, o62, o61, o60, o59, o58, o57, o56, o55, o54, o53, o52, o51, o50, o49, o48, o47, o46, o45, o44, o43, o42, o41, o40, o39, o38, o37, o36, o35, o34, o33, o32, o31, o30, o29, o28, o27, o26, o25, o24, o23, o22, o21, o20, o19, o18, o17, o16, o15, o14, o13, o12, o11, o10, o9, o8, o7, o6, o5, o4, o3, o2, o1, o0

1
zokrates_cli/tests/code/sha_libsnark_null.arguments.json
View file

@ -1 +0,0 @@
[42]

6
zokrates_cli/tests/code/sha_libsnark_null.code
View file

@ -1,6 +0,0 @@
import "LIBSNARK/sha256compression"
def main(field a) -> (field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field, field):
o255, o254, o253, o252, o251, o250, o249, o248, o247, o246, o245, o244, o243, o242, o241, o240, o239, o238, o237, o236, o235, o234, o233, o232, o231, o230, o229, o228, o227, o226, o225, o224, o223, o222, o221, o220, o219, o218, o217, o216, o215, o214, o213, o212, o211, o210, o209, o208, o207, o206, o205, o204, o203, o202, o201, o200, o199, o198, o197, o196, o195, o194, o193, o192, o191, o190, o189, o188, o187, o186, o185, o184, o183, o182, o181, o180, o179, o178, o177, o176, o175, o174, o173, o172, o171, o170, o169, o168, o167, o166, o165, o164, o163, o162, o161, o160, o159, o158, o157, o156, o155, o154, o153, o152, o151, o150, o149, o148, o147, o146, o145, o144, o143, o142, o141, o140, o139, o138, o137, o136, o135, o134, o133, o132, o131, o130, o129, o128, o127, o126, o125, o124, o123, o122, o121, o120, o119, o118, o117, o116, o115, o114, o113, o112, o111, o110, o109, o108, o107, o106, o105, o104, o103, o102, o101, o100, o99, o98, o97, o96, o95, o94, o93, o92, o91, o90, o89, o88, o87, o86, o85, o84, o83, o82, o81, o80, o79, o78, o77, o76, o75, o74, o73, o72, o71, o70, o69, o68, o67, o66, o65, o64, o63, o62, o61, o60, o59, o58, o57, o56, o55, o54, o53, o52, o51, o50, o49, o48, o47, o46, o45, o44, o43, o42, o41, o40, o39, o38, o37, o36, o35, o34, o33, o32, o31, o30, o29, o28, o27, o26, o25, o24, o23, o22, o21, o20, o19, o18, o17, o16, o15, o14, o13, o12, o11, o10, o9, o8, o7, o6, o5, o4, o3, o2, o1, o0 = sha256compression(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
return o255, o254, o253, o252, o251, o250, o249, o248, o247, o246, o245, o244, o243, o242, o241, o240, o239, o238, o237, o236, o235, o234, o233, o232, o231, o230, o229, o228, o227, o226, o225, o224, o223, o222, o221, o220, o219, o218, o217, o216, o215, o214, o213, o212, o211, o210, o209, o208, o207, o206, o205, o204, o203, o202, o201, o200, o199, o198, o197, o196, o195, o194, o193, o192, o191, o190, o189, o188, o187, o186, o185, o184, o183, o182, o181, o180, o179, o178, o177, o176, o175, o174, o173, o172, o171, o170, o169, o168, o167, o166, o165, o164, o163, o162, o161, o160, o159, o158, o157, o156, o155, o154, o153, o152, o151, o150, o149, o148, o147, o146, o145, o144, o143, o142, o141, o140, o139, o138, o137, o136, o135, o134, o133, o132, o131, o130, o129, o128, o127, o126, o125, o124, o123, o122, o121, o120, o119, o118, o117, o116, o115, o114, o113, o112, o111, o110, o109, o108, o107, o106, o105, o104, o103, o102, o101, o100, o99, o98, o97, o96, o95, o94, o93, o92, o91, o90, o89, o88, o87, o86, o85, o84, o83, o82, o81, o80, o79, o78, o77, o76, o75, o74, o73, o72, o71, o70, o69, o68, o67, o66, o65, o64, o63, o62, o61, o60, o59, o58, o57, o56, o55, o54, o53, o52, o51, o50, o49, o48, o47, o46, o45, o44, o43, o42, o41, o40, o39, o38, o37, o36, o35, o34, o33, o32, o31, o30, o29, o28, o27, o26, o25, o24, o23, o22, o21, o20, o19, o18, o17, o16, o15, o14, o13, o12, o11, o10, o9, o8, o7, o6, o5, o4, o3, o2, o1, o0

256
zokrates_cli/tests/code/sha_libsnark_null.expected.witness
View file

@ -1,256 +0,0 @@
~out_0 1
~out_1 1
~out_2 0
~out_3 1
~out_4 1
~out_5 0
~out_6 1
~out_7 0
~out_8 0
~out_9 1
~out_10 0
~out_11 1
~out_12 0
~out_13 1
~out_14 1
~out_15 0
~out_16 1
~out_17 0
~out_18 0
~out_19 1
~out_20 1
~out_21 0
~out_22 0
~out_23 0
~out_24 1
~out_25 0
~out_26 1
~out_27 1
~out_28 1
~out_29 1
~out_30 1
~out_31 0
~out_32 0
~out_33 0
~out_34 0
~out_35 1
~out_36 0
~out_37 1
~out_38 1
~out_39 1
~out_40 1
~out_41 0
~out_42 1
~out_43 1
~out_44 1
~out_45 0
~out_46 0
~out_47 1
~out_48 1
~out_49 0
~out_50 1
~out_51 1
~out_52 0
~out_53 1
~out_54 0
~out_55 0
~out_56 0
~out_57 1
~out_58 1
~out_59 0
~out_60 1
~out_61 0
~out_62 0
~out_63 1
~out_64 0
~out_65 1
~out_66 1
~out_67 0
~out_68 0
~out_69 0
~out_70 1
~out_71 0
~out_72 0
~out_73 0
~out_74 1
~out_75 1
~out_76 0
~out_77 0
~out_78 1
~out_79 1
~out_80 0
~out_81 1
~out_82 0
~out_83 1
~out_84 0
~out_85 1
~out_86 1
~out_87 1
~out_88 1
~out_89 0
~out_90 0
~out_91 1
~out_92 1
~out_93 0
~out_94 0
~out_95 1
~out_96 0
~out_97 1
~out_98 1
~out_99 1
~out_100 0
~out_101 1
~out_102 1
~out_103 1
~out_104 1
~out_105 0
~out_106 0
~out_107 1
~out_108 1
~out_109 1
~out_110 1
~out_111 1
~out_112 1
~out_113 0
~out_114 1
~out_115 1
~out_116 1
~out_117 1
~out_118 1
~out_119 0
~out_120 1
~out_121 1
~out_122 0
~out_123 0
~out_124 1
~out_125 0
~out_126 1
~out_127 0
~out_128 1
~out_129 0
~out_130 0
~out_131 0
~out_132 1
~out_133 1
~out_134 0
~out_135 0
~out_136 1
~out_137 1
~out_138 1
~out_139 0
~out_140 0
~out_141 1
~out_142 0
~out_143 1
~out_144 1
~out_145 1
~out_146 0
~out_147 1
~out_148 0
~out_149 1
~out_150 0
~out_151 0
~out_152 1
~out_153 0
~out_154 0
~out_155 1
~out_156 0
~out_157 0
~out_158 0
~out_159 1
~out_160 1
~out_161 1
~out_162 0
~out_163 0
~out_164 0
~out_165 0
~out_166 0
~out_167 0
~out_168 1
~out_169 1
~out_170 0
~out_171 1
~out_172 0
~out_173 0
~out_174 1
~out_175 0
~out_176 0
~out_177 1
~out_178 1
~out_179 0
~out_180 0
~out_181 0
~out_182 1
~out_183 0
~out_184 0
~out_185 1
~out_186 0
~out_187 0
~out_188 0
~out_189 0
~out_190 1
~out_191 1
~out_192 1
~out_193 0
~out_194 1
~out_195 1
~out_196 1
~out_197 0
~out_198 1
~out_199 0
~out_200 1
~out_201 1
~out_202 1
~out_203 1
~out_204 1
~out_205 1
~out_206 1
~out_207 0
~out_208 1
~out_209 1
~out_210 1
~out_211 1
~out_212 1
~out_213 0
~out_214 0
~out_215 1
~out_216 1
~out_217 1
~out_218 1
~out_219 0
~out_220 1
~out_221 0
~out_222 1
~out_223 0
~out_224 0
~out_225 0
~out_226 0
~out_227 1
~out_228 1
~out_229 0
~out_230 0
~out_231 0
~out_232 0
~out_233 0
~out_234 1
~out_235 1
~out_236 0
~out_237 1
~out_238 1
~out_239 1
~out_240 1
~out_241 0
~out_242 1
~out_243 0
~out_244 1
~out_245 0
~out_246 0
~out_247 1
~out_248 1
~out_249 1
~out_250 0
~out_251 1
~out_252 1
~out_253 0
~out_254 0
~out_255 0

1
zokrates_cli/tests/code/sha_libsnark_packed.arguments.json
View file

@ -1 +0,0 @@
[1, 2, 3, 4]

28
zokrates_cli/tests/code/sha_libsnark_packed.code
View file

@ -1,28 +0,0 @@
// sha256 called with two 254 bits inputs, padded to 256 bits with zeros for most significant bits:
// [0, 0, a_0, ..., a_254, 0, 0, b_0, ..., b_254]
// output is truncated of the two most significant bits, and packed in a field element
// output_packed = 0 + 0 + output_2 * 2**253 + ... + output_256 * 2**0
// the behavior can be reproduced in solidity with
// pragma solidity ^0.4.24;
// contract SHA256Test {
// event Success(
// bytes32 indexed _id
// );
//
// function calc_sha() public returns (bytes32) {
// bytes32 a = 0x5;
// bytes32 b = 0x0;
// bytes32 result = sha256(b,a);
// // set two most significant bits to zero
// bytes32 r = bytes32(uint256(result) & 0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
// emit Success(r);
// return r;
// }
// }
import "LIBSNARK/sha256packed"
def main(field a, field b, field c, field d) -> (field, field):
e, f = sha256packed(a, b, c, d)
return e, f

2
zokrates_cli/tests/code/sha_libsnark_packed.expected.witness
View file

@ -1,2 +0,0 @@
~out_0 6441948221896607572742608488120559578
~out_1 146139290966201238425928859098213699460

0
zokrates_cli/tests/code/sha_ethereum_libsnark.arguments.json → zokrates_cli/tests/code/sha_round.arguments.json
View file

13
zokrates_cli/tests/code/sha_round.code Normal file
View file

File diff suppressed because one or more lines are too long

510
zokrates_cli/tests/code/sha_libsnark.expected.witness → zokrates_cli/tests/code/sha_round.expected.witness
View file

@ -1,256 +1,256 @@
~out_0 1
~out_1 1
~out_2 1
~out_3 1
~out_4 1
~out_5 1
~out_6 0
~out_7 0
~out_8 1
~out_9 0
~out_10 0
~out_11 1
~out_12 1
~out_13 0
~out_14 0
~out_15 1
~out_16 1
~out_17 0
~out_18 1
~out_19 0
~out_20 0
~out_21 0
~out_22 1
~out_23 0
~out_24 1
~out_25 1
~out_26 0
~out_27 1
~out_28 1
~out_29 1
~out_30 1
~out_31 1
~out_32 1
~out_33 0
~out_34 0
~out_35 0
~out_36 1
~out_37 0
~out_38 0
~out_39 0
~out_40 1
~out_41 1
~out_42 1
~out_43 1
~out_44 0
~out_45 1
~out_46 0
~out_47 0
~out_48 0
~out_49 0
~out_50 1
~out_51 0
~out_52 1
~out_53 0
~out_54 1
~out_55 0
~out_56 0
~out_57 1
~out_58 1
~out_59 1
~out_60 1
~out_61 0
~out_62 1
~out_63 0
~out_64 0
~out_65 1
~out_66 1
~out_67 1
~out_68 1
~out_69 0
~out_70 1
~out_71 1
~out_72 1
~out_73 0
~out_74 1
~out_75 1
~out_76 1
~out_77 0
~out_78 0
~out_79 1
~out_80 1
~out_81 1
~out_82 0
~out_83 1
~out_84 0
~out_85 0
~out_86 0
~out_87 1
~out_88 1
~out_89 0
~out_90 0
~out_91 0
~out_92 0
~out_93 0
~out_94 0
~out_95 0
~out_96 0
~out_97 0
~out_98 1
~out_99 1
~out_100 0
~out_101 0
~out_102 1
~out_103 1
~out_104 1
~out_105 1
~out_106 0
~out_107 0
~out_108 1
~out_109 1
~out_110 0
~out_111 1
~out_112 1
~out_113 1
~out_114 0
~out_115 0
~out_116 0
~out_117 1
~out_118 1
~out_119 0
~out_120 1
~out_121 0
~out_122 1
~out_123 0
~out_124 0
~out_125 0
~out_126 1
~out_127 0
~out_128 0
~out_129 0
~out_130 0
~out_131 0
~out_132 0
~out_133 0
~out_134 1
~out_135 0
~out_136 0
~out_137 1
~out_138 0
~out_139 1
~out_140 0
~out_141 1
~out_142 1
~out_143 0
~out_144 0
~out_145 1
~out_146 1
~out_147 1
~out_148 0
~out_149 1
~out_150 0
~out_151 1
~out_152 0
~out_153 1
~out_154 0
~out_155 1
~out_156 1
~out_157 1
~out_158 1
~out_159 1
~out_160 1
~out_161 0
~out_162 0
~out_163 1
~out_164 1
~out_165 1
~out_166 0
~out_167 1
~out_168 0
~out_169 1
~out_170 0
~out_171 1
~out_172 1
~out_173 0
~out_174 1
~out_175 1
~out_176 1
~out_177 0
~out_178 0
~out_179 1
~out_180 1
~out_181 0
~out_182 1
~out_183 0
~out_184 0
~out_185 1
~out_186 0
~out_187 1
~out_188 0
~out_189 0
~out_190 0
~out_191 0
~out_192 0
~out_193 1
~out_194 0
~out_195 0
~out_196 0
~out_197 1
~out_198 0
~out_199 0
~out_200 1
~out_201 0
~out_202 1
~out_203 0
~out_204 1
~out_205 0
~out_206 0
~out_207 1
~out_208 1
~out_209 1
~out_210 0
~out_211 0
~out_212 1
~out_213 1
~out_214 0
~out_215 0
~out_216 0
~out_217 0
~out_218 1
~out_219 1
~out_220 0
~out_221 0
~out_222 0
~out_223 1
~out_224 0
~out_225 1
~out_226 0
~out_227 1
~out_228 1
~out_229 0
~out_230 1
~out_231 0
~out_232 1
~out_233 0
~out_234 1
~out_235 1
~out_236 1
~out_237 1
~out_238 1
~out_239 0
~out_240 1
~out_241 0
~out_242 0
~out_243 0
~out_244 0
~out_245 1
~out_246 0
~out_247 0
~out_248 1
~out_249 0
~out_250 1
~out_251 0
~out_252 0
~out_253 1
~out_254 1
~out_255 1
~out_254 0
~out_253 1
~out_252 1
~out_251 0
~out_250 1
~out_249 0
~out_248 0
~out_247 1
~out_246 0
~out_245 1
~out_244 1
~out_243 1
~out_242 1
~out_241 0
~out_240 0
~out_239 0
~out_238 0
~out_237 1
~out_236 1
~out_235 0
~out_234 0
~out_233 1
~out_232 1
~out_231 0
~out_230 1
~out_229 0
~out_228 1
~out_227 0
~out_226 1
~out_225 1
~out_224 1
~out_223 1
~out_222 1
~out_221 0
~out_220 1
~out_219 1
~out_218 1
~out_217 1
~out_216 0
~out_215 0
~out_214 0
~out_213 0
~out_212 0
~out_211 0
~out_210 1
~out_209 0
~out_208 1
~out_207 1
~out_206 1
~out_205 0
~out_204 0
~out_203 1
~out_202 0
~out_201 0
~out_200 0
~out_199 1
~out_198 1
~out_197 1
~out_196 1
~out_195 0
~out_194 1
~out_193 1
~out_192 1
~out_191 1
~out_190 0
~out_189 1
~out_188 0
~out_187 1
~out_186 1
~out_185 0
~out_184 0
~out_183 1
~out_182 1
~out_181 1
~out_180 1
~out_179 0
~out_178 0
~out_177 0
~out_176 1
~out_175 1
~out_174 1
~out_173 0
~out_172 0
~out_171 1
~out_170 1
~out_169 1
~out_168 0
~out_167 0
~out_166 1
~out_165 1
~out_164 1
~out_163 0
~out_162 0
~out_161 1
~out_160 0
~out_159 1
~out_158 0
~out_157 0
~out_156 0
~out_155 0
~out_154 1
~out_153 1
~out_152 0
~out_151 0
~out_150 1
~out_149 0
~out_148 0
~out_147 0
~out_146 1
~out_145 1
~out_144 0
~out_143 1
~out_142 0
~out_141 1
~out_140 0
~out_139 1
~out_138 0
~out_137 1
~out_136 0
~out_135 0
~out_134 0
~out_133 0
~out_132 0
~out_131 1
~out_130 0
~out_129 0
~out_128 0
~out_127 0
~out_126 1
~out_125 1
~out_124 0
~out_123 1
~out_122 1
~out_121 0
~out_120 1
~out_119 0
~out_118 0
~out_117 1
~out_116 0
~out_115 1
~out_114 0
~out_113 0
~out_112 0
~out_111 0
~out_110 0
~out_109 1
~out_108 0
~out_107 1
~out_106 0
~out_105 0
~out_104 0
~out_103 0
~out_102 0
~out_101 1
~out_100 1
~out_99 0
~out_98 1
~out_97 0
~out_96 0
~out_95 0
~out_94 1
~out_93 0
~out_92 0
~out_91 1
~out_90 1
~out_89 0
~out_88 0
~out_87 1
~out_86 1
~out_85 0
~out_84 0
~out_83 0
~out_82 1
~out_81 1
~out_80 1
~out_79 0
~out_78 1
~out_77 1
~out_76 1
~out_75 0
~out_74 0
~out_73 0
~out_72 1
~out_71 0
~out_70 0
~out_69 1
~out_68 1
~out_67 1
~out_66 1
~out_65 0
~out_64 0
~out_63 0
~out_62 0
~out_61 1
~out_60 0
~out_59 1
~out_58 0
~out_57 0
~out_56 1
~out_55 0
~out_54 0
~out_53 0
~out_52 1
~out_51 1
~out_50 1
~out_49 0
~out_48 1
~out_47 0
~out_46 1
~out_45 1
~out_44 1
~out_43 1
~out_42 0
~out_41 0
~out_40 0
~out_39 0
~out_38 1
~out_37 0
~out_36 0
~out_35 0
~out_34 0
~out_33 1
~out_32 1
~out_31 0
~out_30 0
~out_29 0
~out_28 1
~out_27 1
~out_26 0
~out_25 0
~out_24 1
~out_23 1
~out_22 1
~out_21 0
~out_20 1
~out_19 0
~out_18 0
~out_17 0
~out_16 1
~out_15 1
~out_14 1
~out_13 0
~out_12 1
~out_11 1
~out_10 1
~out_9 0
~out_8 0
~out_7 1
~out_6 1
~out_5 1
~out_4 1
~out_3 1
~out_2 0
~out_1 0
~out_0 0

314
zokrates_core/lib/wraplibsnarkgadgets.cpp
View file

@ -42,140 +42,6 @@ vector<unsigned long> bit_list_to_ints(vector<bool> bit_list, const size_t words
}
return res;
}
class ethereum_sha256 : gadget<FieldT>
{
private:
std::shared_ptr<block_variable<FieldT>> block1;
std::shared_ptr<block_variable<FieldT>> block2;
std::shared_ptr<digest_variable<FieldT>> intermediate_hash;
public:
std::shared_ptr<sha256_compression_function_gadget<FieldT>> hasher2;
std::shared_ptr<sha256_compression_function_gadget<FieldT>> hasher1;
ethereum_sha256(
protoboard<FieldT> &pb,
pb_variable<FieldT>& ZERO,
pb_variable_array<FieldT>& a,
pb_variable_array<FieldT>& b,
std::shared_ptr<digest_variable<FieldT>> result
) : gadget<FieldT>(pb, "ethereum_sha256") {
intermediate_hash.reset(new digest_variable<FieldT>(pb, 256, "intermediate"));
// As the hash is computed on the full 512bit block size
// padding does not fit in the primary block
// => add dummy block (single "1" followed by "0" + total length)
pb_variable_array<FieldT> length_padding =
from_bits({
//dummy padding block
1,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
//total length of message (512 bits)
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,1,0,
0,0,0,0,0,0,0,0
}, ZERO);
block1.reset(new block_variable<FieldT>(pb, {
a,
b
}, "block1"));
block2.reset(new block_variable<FieldT>(pb, {
length_padding
}, "block2"));
pb_linear_combination_array<FieldT> IV = SHA256_default_IV(pb);
hasher1.reset(new sha256_compression_function_gadget<FieldT>(
pb,
IV,
block1->bits,
*intermediate_hash,
"hasher1"));
pb_linear_combination_array<FieldT> IV2(intermediate_hash->bits);
hasher2.reset(new sha256_compression_function_gadget<FieldT>(
pb,
IV2,
block2->bits,
*result,
"hasher2"));
}
void generate_r1cs_constraints() {
hasher1->generate_r1cs_constraints();
hasher2->generate_r1cs_constraints();
}
void generate_r1cs_witness() {
hasher1->generate_r1cs_witness();
hasher2->generate_r1cs_witness();
}
};
// conversion byte[32] <-> libsnark bigint.
libff::bigint<libff::alt_bn128_r_limbs> libsnarkBigintFromBytesAux(const uint8_t* _x)
{
@ -213,7 +79,7 @@ std::string r1cs_to_json(protoboard<FieldT> pb)
ss << "{\"variable_count\":";
ss << pb.num_variables() + 1; // ~one is not counted in pb.num_variables()
ss << ",\"inputs\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512], \"outputs\":[513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768],\"constraints\":[";
ss << ",\"inputs\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768], \"outputs\":[769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953,954,955,956,957,958,959,960,961,962,963,964,965,966,967,968,969,970,971,972,973,974,975,976,977,978,979,980,981,982,983,984,985,986,987,988,989,990,991,992,993,994,995,996,997,998,999,1000,1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1011,1012,1013,1014,1015,1016,1017,1018,1019,1020,1021,1022,1023,1024],\"constraints\":[";
for (size_t c = 0; c < constraints.num_constraints(); ++c)
{
@ -234,34 +100,6 @@ std::string r1cs_to_json(protoboard<FieldT> pb)
return ss.str();
}
char* _shaEth256Constraints()
{
libff::alt_bn128_pp::init_public_params();
protoboard<FieldT> pb;
pb_variable_array<FieldT> left;
left.allocate(pb, 256, "left");
pb_variable_array<FieldT> right;
right.allocate(pb, 256, "right");
std::shared_ptr<digest_variable<FieldT>> output;
output.reset(new digest_variable<FieldT>(pb, 256, "output"));
pb_variable<FieldT> ZERO;
ZERO.allocate(pb, "ZERO");
pb.val(ZERO) = 0;
ethereum_sha256 g(pb, ZERO, left, right, output);
g.generate_r1cs_constraints();
auto json = r1cs_to_json(pb);
auto result = new char[json.size()];
memcpy(result, json.c_str(), json.size() + 1);
return result;
}
std::string array_to_json(protoboard<FieldT> pb)
{
std::stringstream ss;
@ -277,13 +115,81 @@ std::string array_to_json(protoboard<FieldT> pb)
}
ss << "]}";
// std::cout << ss.rdbuf();
ss.rdbuf()->pubseekpos(0, std::ios_base::out);
return(ss.str());
}
char* _shaEth256Witness(const uint8_t* inputs, int inputs_length)
class sha256round: gadget<FieldT>
{
private:
std::shared_ptr<block_variable<FieldT>> block;
public:
std::shared_ptr<sha256_compression_function_gadget<FieldT>> hasher;
sha256round(
protoboard<FieldT> &pb,
pb_variable_array<FieldT>& myIV,
pb_variable_array<FieldT>& a,
pb_variable_array<FieldT>& b,
digest_variable<FieldT> &result
) : gadget<FieldT>(pb, "sha256round") {
block.reset(new block_variable<FieldT>(pb, {
a,
b
}, "block"));
hasher.reset(new sha256_compression_function_gadget<FieldT>(
pb,
myIV,
block->bits,
result,
"hasher"));
}
void generate_r1cs_constraints() {
hasher->generate_r1cs_constraints();
}
void generate_r1cs_witness() {
hasher->generate_r1cs_witness();
}
};
char* _sha256RoundConstraints()
{
libff::alt_bn128_pp::init_public_params();
protoboard<FieldT> pb;
pb_variable_array<FieldT> left;
left.allocate(pb, 256, "left");
pb_variable_array<FieldT> right;
right.allocate(pb, 256, "right");
digest_variable<FieldT> IV(pb, 256, "IV");
digest_variable<FieldT> output(pb, 256, "output");
IV.generate_r1cs_constraints(); //binary check for IV vector
output.generate_r1cs_constraints(); //binary check for output vector
sha256round g(pb, IV.bits, left, right, output);
g.generate_r1cs_constraints();
auto json = r1cs_to_json(pb);
auto result = new char[json.size() + 1];
memcpy(result, json.c_str(), json.size() + 1);
return result;
}
char* _sha256RoundWitness(const uint8_t* inputs, int inputs_length)
{
assert(inputs_length==768);
libff::alt_bn128_pp::init_public_params();
protoboard<FieldT> pb;
@ -293,95 +199,39 @@ char* _shaEth256Witness(const uint8_t* inputs, int inputs_length)
pb_variable_array<FieldT> right;
right.allocate(pb, 256, "right");
std::shared_ptr<digest_variable<FieldT>> output;
output.reset(new digest_variable<FieldT>(pb, 256, "output"));
digest_variable<FieldT> IV(pb, 256, "IV");
pb_variable<FieldT> ZERO;
ZERO.allocate(pb, "ZERO");
pb.val(ZERO) = 0;
digest_variable<FieldT> output(pb, 256, "output");
libff::bit_vector left_bv;
libff::bit_vector right_bv;
libff::bit_vector IV_bv;
for (int i = 0; i < inputs_length / 2; i++) {
std::cerr << libsnarkBigintFromBytesAux(inputs + i*32) << "\n";
for (int i = 0; i < 256; i++) {
left_bv.push_back(libsnarkBigintFromBytesAux(inputs + i*32) == 1);
}
for (int i = inputs_length / 2; i < inputs_length; i++) {
std::cerr << libsnarkBigintFromBytesAux(inputs + i*32) << "\n";
for (int i = 256; i < 512; i++) {
right_bv.push_back(libsnarkBigintFromBytesAux(inputs + i*32) == 1);
}
for (int i = 512; i < 768; i++) {
IV_bv.push_back(libsnarkBigintFromBytesAux(inputs + i*32) == 1);
}
left.fill_with_bits(pb, left_bv);
right.fill_with_bits(pb, right_bv);
IV.generate_r1cs_witness(IV_bv);
ethereum_sha256 g(pb, ZERO, left, right, output);
g.generate_r1cs_constraints();
sha256round g(pb, IV.bits, left, right, output);
g.generate_r1cs_witness();
assert(pb.is_satisfied());
auto json = array_to_json(pb);
auto result = new char[json.size()];
memcpy(result, json.c_str(), json.size() + 1);
return result;
}
char* _sha256Constraints()
{
libff::alt_bn128_pp::init_public_params();
protoboard<FieldT> pb;
digest_variable<FieldT> left(pb, SHA256_digest_size, "left");
digest_variable<FieldT> right(pb, SHA256_digest_size, "right");
digest_variable<FieldT> output(pb, SHA256_digest_size, "output");
sha256_two_to_one_hash_gadget<FieldT> f(pb, left, right, output, "f");
f.generate_r1cs_constraints();
auto json = r1cs_to_json(pb);
auto result = new char[json.size()];
memcpy(result, json.c_str(), json.size() + 1);
return result;
}
char* _sha256Witness(const uint8_t* inputs, int inputs_length)
{
libff::alt_bn128_pp::init_public_params();
protoboard<FieldT> pb;
digest_variable<FieldT> left(pb, SHA256_digest_size, "left");
digest_variable<FieldT> right(pb, SHA256_digest_size, "right");
digest_variable<FieldT> output(pb, SHA256_digest_size, "output");
sha256_two_to_one_hash_gadget<FieldT> f(pb, left, right, output, "f");
f.generate_r1cs_constraints(true);
libff::bit_vector left_bv;
libff::bit_vector right_bv;
for (int i = 0; i < inputs_length / 2; i++) {
left_bv.push_back(libsnarkBigintFromBytesAux(inputs + i*32) == 1);
}
for (int i = inputs_length / 2; i < inputs_length; i++) {
right_bv.push_back(libsnarkBigintFromBytesAux(inputs + i*32) == 1);
}
left.generate_r1cs_witness(left_bv);
right.generate_r1cs_witness(right_bv);
f.generate_r1cs_witness();
assert(pb.is_satisfied());
auto json = array_to_json(pb);
auto result = new char[json.size()];
auto result = new char[json.size() + 1];
memcpy(result, json.c_str(), json.size() + 1);
return result;
}

10
zokrates_core/lib/wraplibsnarkgadgets.hpp
View file

@ -12,11 +12,13 @@ extern "C" {
#include <stdbool.h>
#include <stdint.h>
char* _sha256Constraints();
char* _sha256Witness(const uint8_t* input, int input_length);
char* _sha256RoundConstraints();
char* _sha256RoundWitness(const uint8_t* input, int input_length);
char* _shaEth256Constraints();
char* _shaEth256Witness(const uint8_t* input, int input_length);
// External interface to free memory
void _free_string(char const *str) {
delete[] str;
}
#ifdef __cplusplus
} // extern "C"

18
zokrates_core/src/helpers/libsnark_gadget.rs
View file

@ -1,5 +1,5 @@
use helpers::{Executable, Signed};
use libsnark::{get_ethsha256_witness, get_sha256_witness};
use libsnark::get_sha256round_witness;
use serde_json;
use standard;
use std::fmt;
@ -7,15 +7,13 @@ use zokrates_field::field::Field;
#[derive(Clone, PartialEq, Debug, Serialize, Deserialize)]
pub enum LibsnarkGadgetHelper {
Sha256Compress,
Sha256Ethereum,
Sha256Round,
}
impl fmt::Display for LibsnarkGadgetHelper {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
match *self {
LibsnarkGadgetHelper::Sha256Compress => write!(f, "Sha256Compress"),
LibsnarkGadgetHelper::Sha256Ethereum => write!(f, "Sha256Ethereum"),
LibsnarkGadgetHelper::Sha256Round => write!(f, "Sha256Round"),
}
}
}
@ -23,11 +21,8 @@ impl fmt::Display for LibsnarkGadgetHelper {
impl<T: Field> Executable<T> for LibsnarkGadgetHelper {
fn execute(&self, inputs: &Vec<T>) -> Result<Vec<T>, String> {
let witness_result: Result<standard::Witness, serde_json::Error> = match self {
LibsnarkGadgetHelper::Sha256Compress => {
serde_json::from_str(&get_sha256_witness(inputs))
}
LibsnarkGadgetHelper::Sha256Ethereum => {
serde_json::from_str(&get_ethsha256_witness(inputs))
LibsnarkGadgetHelper::Sha256Round => {
serde_json::from_str(&get_sha256round_witness(inputs))
}
};
@ -47,8 +42,7 @@ impl<T: Field> Executable<T> for LibsnarkGadgetHelper {
impl Signed for LibsnarkGadgetHelper {
fn get_signature(&self) -> (usize, usize) {
match self {
LibsnarkGadgetHelper::Sha256Compress => (512, 25561),
LibsnarkGadgetHelper::Sha256Ethereum => (512, 50610),
LibsnarkGadgetHelper::Sha256Round => (768, 25817),
}
}
}

15
zokrates_core/src/helpers/mod.rs
View file

@ -156,7 +156,7 @@ mod tests {
#[test]
fn execute() {
let sha = LibsnarkGadgetHelper::Sha256Compress;
let sha = LibsnarkGadgetHelper::Sha256Round;
// second vector here https://homes.esat.kuleuven.be/~nsmart/MPC/sha-256-test.txt
let inputs = vec![
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0,
@ -178,11 +178,22 @@ mod tests {
0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1,
1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0,
0, 0, 1, 1, 1, 1, 1, 1,
// append SHA256 IV vector (https://en.wikipedia.org/wiki/SHA-2)
0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0,
0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0,
1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1,
0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1,
1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0,
1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1,
0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1,
1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1,
0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1,
1, 0, 0, 1,
];
let r = sha
.execute(&inputs.iter().map(|&i| FieldPrime::from(i)).collect())
.unwrap();
let r1 = &r[513..769]; // index of the result
let r1 = &r[769..1025]; // index of the result
let res: Vec<FieldPrime> = vec![
1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1,
1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0,

62
zokrates_core/src/imports.rs
View file

File diff suppressed because one or more lines are too long

65
zokrates_core/src/libsnark.rs
View file

@ -7,55 +7,38 @@
extern crate libc;
use self::libc::{c_char, c_int, uint8_t};
use std::ffi::CString;
use std::ffi::CStr;
use std::string::String;
use zokrates_field::field::Field;
extern "C" {
fn _sha256Constraints() -> *mut c_char;
fn _sha256Witness(inputs: *const uint8_t, inputs_length: c_int) -> *mut c_char;
fn _shaEth256Constraints() -> *mut c_char;
fn _shaEth256Witness(inputs: *const uint8_t, inputs_length: c_int) -> *mut c_char;
fn _sha256RoundConstraints() -> *mut c_char;
fn _sha256RoundWitness(inputs: *const uint8_t, inputs_length: c_int) -> *mut c_char;
fn _free_string(str: *const c_char);
}
pub fn get_sha256_constraints() -> String {
let a = unsafe { CString::from_raw(_sha256Constraints()) };
a.into_string().unwrap()
pub fn get_sha256round_constraints() -> String {
let c_buf: *const c_char = unsafe { _sha256RoundConstraints() };
let c_str: &CStr = unsafe { CStr::from_ptr(c_buf) };
let str_slice: &str = c_str.to_str().unwrap();
let str_buf: String = str_slice.to_owned(); //memory allocated in Rust
unsafe { _free_string(c_buf) }; //memory deallocated in Cpp
str_buf
}
pub fn get_sha256_witness<T: Field>(inputs: &Vec<T>) -> String {
pub fn get_sha256round_witness<T: Field>(inputs: &Vec<T>) -> String {
let mut inputs_arr: Vec<[u8; 32]> = vec![[0u8; 32]; inputs.len()];
for (index, value) in inputs.into_iter().enumerate() {
inputs_arr[index] = vec_as_u8_32_array(&value.into_byte_vector());
}
let a =
unsafe { CString::from_raw(_sha256Witness(inputs_arr[0].as_ptr(), inputs.len() as i32)) };
a.into_string().unwrap()
}
pub fn get_ethsha256_constraints() -> String {
let a = unsafe { CString::from_raw(_shaEth256Constraints()) };
a.into_string().unwrap()
}
pub fn get_ethsha256_witness<T: Field>(inputs: &Vec<T>) -> String {
let mut inputs_arr: Vec<[u8; 32]> = vec![[0u8; 32]; inputs.len()];
for (index, value) in inputs.into_iter().enumerate() {
inputs_arr[index] = vec_as_u8_32_array(&value.into_byte_vector());
}
let a = unsafe {
CString::from_raw(_shaEth256Witness(
inputs_arr[0].as_ptr(),
inputs.len() as i32,
))
};
a.into_string().unwrap()
let c_buf: *const c_char =
unsafe { _sha256RoundWitness(inputs_arr[0].as_ptr(), inputs.len() as i32) };
let c_str: &CStr = unsafe { CStr::from_ptr(c_buf) };
let str_slice: &str = c_str.to_str().unwrap();
let str_buf: String = str_slice.to_owned();
unsafe { _free_string(c_buf) };
str_buf
}
// utility function. Converts a Fields vector-based byte representation to fixed size array.
@ -84,22 +67,22 @@ mod tests {
#[test]
fn can_get_sha256_constraints() {
let _a = get_sha256_constraints();
let _a = get_sha256round_constraints();
}
#[test]
fn can_generate_sha_256_witness_null() {
let inputs = vec![FieldPrime::from(0); 512];
let _b = get_sha256_witness(&inputs);
let inputs = vec![FieldPrime::from(0); 768];
let _b = get_sha256round_witness(&inputs);
}
#[test]
fn can_generate_flattened_code() {
let constraints = get_sha256_constraints();
let constraints = get_sha256round_constraints();
let r1cs: standard::R1CS = serde_json::from_str(&constraints).unwrap();
let _prog: FlatProg<FieldPrime> = FlatProg::from(standard::DirectiveR1CS {
r1cs,
directive: helpers::LibsnarkGadgetHelper::Sha256Compress,
directive: helpers::LibsnarkGadgetHelper::Sha256Round,
});
}
}

15
zokrates_core/src/standard.rs
View file

@ -161,15 +161,10 @@ impl<T: Field> Into<FlatFunction<T>> for DirectiveR1CS {
// insert a directive to set the witness based on the libsnark gadget and inputs
let directive_statement = match self.directive {
LibsnarkGadgetHelper::Sha256Compress => FlatStatement::Directive(DirectiveStatement {
LibsnarkGadgetHelper::Sha256Round => FlatStatement::Directive(DirectiveStatement {
outputs: variables,
inputs: inputs,
helper: Helper::LibsnarkGadget(LibsnarkGadgetHelper::Sha256Compress),
}),
LibsnarkGadgetHelper::Sha256Ethereum => FlatStatement::Directive(DirectiveStatement {
outputs: variables,
inputs: inputs,
helper: Helper::LibsnarkGadget(LibsnarkGadgetHelper::Sha256Ethereum),
helper: Helper::LibsnarkGadget(LibsnarkGadgetHelper::Sha256Round),
}),
};
@ -215,13 +210,13 @@ mod tests {
#[test]
fn generate_sha256_constraints() {
use flat_absy::FlatProg;
use libsnark::get_sha256_constraints;
let r1cs: R1CS = serde_json::from_str(&get_sha256_constraints()).unwrap();
use libsnark::get_sha256round_constraints;
let r1cs: R1CS = serde_json::from_str(&get_sha256round_constraints()).unwrap();
let v_count = r1cs.variable_count;
let dr1cs: DirectiveR1CS = DirectiveR1CS {
r1cs,
directive: LibsnarkGadgetHelper::Sha256Compress,
directive: LibsnarkGadgetHelper::Sha256Round,
};
let compiled: FlatProg<FieldPrime> = FlatProg::from(dr1cs);