diff --git a/zokrates_core_test/tests/tests/left_rotation.json b/zokrates_core_test/tests/tests/left_rotation.json new file mode 100644 index 00000000..b1542d41 --- /dev/null +++ b/zokrates_core_test/tests/tests/left_rotation.json @@ -0,0 +1,46 @@ +{ + "entry_point": "./tests/tests/left_rotation.zok", + "max_constraint_count": 34, + "tests": [ + { + "input": { + "values": ["0"] + }, + "output": { + "Ok": { + "values": ["0"] + } + } + }, + { + "input": { + "values": ["1"] + }, + "output": { + "Ok": { + "values": ["4"] + } + } + }, + { + "input": { + "values": ["42"] + }, + "output": { + "Ok": { + "values": ["168"] + } + } + }, + { + "input": { + "values": ["2147483658"] + }, + "output": { + "Ok": { + "values": ["42"] + } + } + } + ] +} diff --git a/zokrates_core_test/tests/tests/left_rotation.zok b/zokrates_core_test/tests/tests/left_rotation.zok new file mode 100644 index 00000000..1813acf3 --- /dev/null +++ b/zokrates_core_test/tests/tests/left_rotation.zok @@ -0,0 +1,5 @@ +def rotl32(u32 x) -> u32: + return ((x << N) | (x >> (32 - N))) + +def main(u32 i) -> u32: + return rotl32::<2>(i) \ No newline at end of file diff --git a/zokrates_core_test/tests/tests/left_rotation_bits.json b/zokrates_core_test/tests/tests/left_rotation_bits.json new file mode 100644 index 00000000..386ee93c --- /dev/null +++ b/zokrates_core_test/tests/tests/left_rotation_bits.json @@ -0,0 +1,46 @@ +{ + "entry_point": "./tests/tests/left_rotation_bits.zok", + "max_constraint_count": 34, + "tests": [ + { + "input": { + "values": ["0"] + }, + "output": { + "Ok": { + "values": ["0"] + } + } + }, + { + "input": { + "values": ["1"] + }, + "output": { + "Ok": { + "values": ["4"] + } + } + }, + { + "input": { + "values": ["42"] + }, + "output": { + "Ok": { + "values": ["168"] + } + } + }, + { + "input": { + "values": ["2147483658"] + }, + "output": { + "Ok": { + "values": ["42"] + } + } + } + ] +} diff --git a/zokrates_core_test/tests/tests/left_rotation_bits.zok b/zokrates_core_test/tests/tests/left_rotation_bits.zok new file mode 100644 index 00000000..49de4de6 --- /dev/null +++ b/zokrates_core_test/tests/tests/left_rotation_bits.zok @@ -0,0 +1,9 @@ +import "EMBED/u32_to_bits" as to_bits +import "EMBED/u32_from_bits" as from_bits + +def rotl32(u32 e) -> u32: + bool[32] b = to_bits(e) + return from_bits([...b[N..], ...b[..N]]) + +def main(u32 i) -> u32: + return rotl32::<2>(i) \ No newline at end of file diff --git a/zokrates_core_test/tests/tests/right_rotation.json b/zokrates_core_test/tests/tests/right_rotation.json new file mode 100644 index 00000000..9ca8d55c --- /dev/null +++ b/zokrates_core_test/tests/tests/right_rotation.json @@ -0,0 +1,46 @@ +{ + "entry_point": "./tests/tests/right_rotation.zok", + "max_constraint_count": 34, + "tests": [ + { + "input": { + "values": ["0"] + }, + "output": { + "Ok": { + "values": ["0"] + } + } + }, + { + "input": { + "values": ["1"] + }, + "output": { + "Ok": { + "values": ["1073741824"] + } + } + }, + { + "input": { + "values": ["42"] + }, + "output": { + "Ok": { + "values": ["2147483658"] + } + } + }, + { + "input": { + "values": ["2147483658"] + }, + "output": { + "Ok": { + "values": ["2684354562"] + } + } + } + ] +} diff --git a/zokrates_core_test/tests/tests/right_rotation.zok b/zokrates_core_test/tests/tests/right_rotation.zok new file mode 100644 index 00000000..90048879 --- /dev/null +++ b/zokrates_core_test/tests/tests/right_rotation.zok @@ -0,0 +1,5 @@ +def rotr32(u32 x) -> u32: + return (x >> N) | (x << (32 - N)) + +def main(u32 i) -> u32: + return rotr32::<2>(i) \ No newline at end of file diff --git a/zokrates_core_test/tests/tests/right_rotation_bits.json b/zokrates_core_test/tests/tests/right_rotation_bits.json new file mode 100644 index 00000000..0141c4be --- /dev/null +++ b/zokrates_core_test/tests/tests/right_rotation_bits.json @@ -0,0 +1,46 @@ +{ + "entry_point": "./tests/tests/right_rotation_bits.zok", + "max_constraint_count": 34, + "tests": [ + { + "input": { + "values": ["0"] + }, + "output": { + "Ok": { + "values": ["0"] + } + } + }, + { + "input": { + "values": ["1"] + }, + "output": { + "Ok": { + "values": ["1073741824"] + } + } + }, + { + "input": { + "values": ["42"] + }, + "output": { + "Ok": { + "values": ["2147483658"] + } + } + }, + { + "input": { + "values": ["2147483658"] + }, + "output": { + "Ok": { + "values": ["2684354562"] + } + } + } + ] +} diff --git a/zokrates_core_test/tests/tests/right_rotation_bits.zok b/zokrates_core_test/tests/tests/right_rotation_bits.zok new file mode 100644 index 00000000..d18bc080 --- /dev/null +++ b/zokrates_core_test/tests/tests/right_rotation_bits.zok @@ -0,0 +1,9 @@ +import "EMBED/u32_to_bits" as to_bits +import "EMBED/u32_from_bits" as from_bits + +def rotr32(u32 e) -> u32: + bool[32] b = to_bits(e) + return from_bits([...b[32-N..], ...b[..32-N]]) + +def main(u32 i) -> u32: + return rotr32::<2>(i) \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok b/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok index 239f9fce..acb5dc81 100644 --- a/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok +++ b/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok @@ -3,9 +3,8 @@ import "EMBED/u32_to_bits" as to_bits import "EMBED/u32_from_bits" as from_bits -def right_rotate(u32 e) -> u32: - bool[32] b = to_bits(e) - return from_bits([...b[32 - N..], ...b[..32 - N]]) +def rotr32(u32 x) -> u32: + return (x >> N) | (x << (32 - N)) def blake2s_iv() -> (u32[8]): return [ @@ -29,13 +28,13 @@ def blake2s_sigma() -> (u32[10][16]): def mixing_g(u32[16] v, u32 a, u32 b, u32 c, u32 d, u32 x, u32 y) -> (u32[16]): v[a] = (v[a] + v[b] + x) - v[d] = right_rotate::<16>(v[d] ^ v[a]) + v[d] = rotr32::<16>(v[d] ^ v[a]) v[c] = (v[c] + v[d]) - v[b] = right_rotate::<12>(v[b] ^ v[c]) + v[b] = rotr32::<12>(v[b] ^ v[c]) v[a] = (v[a] + v[b] + y) - v[d] = right_rotate::<8>(v[d] ^ v[a]) + v[d] = rotr32::<8>(v[d] ^ v[a]) v[c] = (v[c] + v[d]) - v[b] = right_rotate::<7>(v[b] ^ v[c]) + v[b] = rotr32::<7>(v[b] ^ v[c]) return v def blake2s_compression(u32[8] h, u32[16] m, u32[2] t, bool last) -> (u32[8]): diff --git a/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok b/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok index b1248f6d..c06080d4 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok @@ -1,68 +1,29 @@ -import "EMBED/u32_to_bits" as to_bits -import "EMBED/u32_from_bits" as from_bits import "./IVconstants.zok" -def right_rotate_2(u32 e) -> u32: - bool[32] b = to_bits(e) - return from_bits([...b[30..], ...b[..30]]) - -def right_rotate_6(u32 e) -> u32: - bool[32] b = to_bits(e) - return from_bits([...b[26..], ...b[..26]]) - -def right_rotate_7(u32 e) -> u32: - bool[32] b = to_bits(e) - return from_bits([...b[25..], ...b[..25]]) - -def right_rotate_11(u32 e) -> u32: - bool[32] b = to_bits(e) - return from_bits([...b[21..], ...b[..21]]) - -def right_rotate_13(u32 e) -> u32: - bool[32] b = to_bits(e) - return from_bits([...b[19..], ...b[..19]]) - -def right_rotate_17(u32 e) -> u32: - bool[32] b = to_bits(e) - return from_bits([...b[15..], ...b[..15]]) - -def right_rotate_18(u32 e) -> u32: - bool[32] b = to_bits(e) - return from_bits([...b[14..], ...b[..14]]) - -def right_rotate_19(u32 e) -> u32: - bool[32] b = to_bits(e) - return from_bits([...b[13..], ...b[..13]]) - -def right_rotate_22(u32 e) -> u32: - bool[32] b = to_bits(e) - return from_bits([...b[10..], ...b[..10]]) - -def right_rotate_25(u32 e) -> u32: - bool[32] b = to_bits(e) - return from_bits([...b[7..], ...b[..7]]) +def rotr32(u32 x) -> u32: + return (x >> N) | (x << (32 - N)) def extend(u32[64] w, u32 i) -> u32: - u32 s0 = right_rotate_7(w[i-15]) ^ right_rotate_18(w[i-15]) ^ (w[i-15] >> 3) - u32 s1 = right_rotate_17(w[i-2]) ^ right_rotate_19(w[i-2]) ^ (w[i-2] >> 10) + u32 s0 = rotr32::<7>(w[i-15]) ^ rotr32::<18>(w[i-15]) ^ (w[i-15] >> 3) + u32 s1 = rotr32::<17>(w[i-2]) ^ rotr32::<19>(w[i-2]) ^ (w[i-2] >> 10) return w[i-16] + s0 + w[i-7] + s1 def temp1(u32 e, u32 f, u32 g, u32 h, u32 k, u32 w) -> u32: - // ch := (e and f) xor ((not e) and g) - u32 ch = (e & f) ^ ((!e) & g) + // ch := (e and f) xor ((not e) and g) + u32 ch = (e & f) ^ ((!e) & g) - // S1 := (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25) - u32 S1 = right_rotate_6(e) ^ right_rotate_11(e) ^ right_rotate_25(e) - - // temp1 := h + S1 + ch + k + w - return h + S1 + ch + k + w + // S1 := (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25) + u32 S1 = rotr32::<6>(e) ^ rotr32::<11>(e) ^ rotr32::<25>(e) + + // temp1 := h + S1 + ch + k + w + return h + S1 + ch + k + w def temp2(u32 a, u32 b, u32 c) -> u32: - // maj := (a and b) xor (a and c) xor (b and c) + // maj := (a and b) xor (a and c) xor (b and c) u32 maj = (a & b) ^ (a & c) ^ (b & c) - // S0 := (a rightrotate 2) xor (a rightrotate 13) xor (a rightrotate 22) - u32 S0 = right_rotate_2(a) ^ right_rotate_13(a) ^ right_rotate_22(a) + // S0 := (a rightrotate 2) xor (a rightrotate 13) xor (a rightrotate 22) + u32 S0 = rotr32::<2>(a) ^ rotr32::<13>(a) ^ rotr32::<22>(a) // temp2 := S0 + maj return S0 + maj @@ -71,37 +32,37 @@ def temp2(u32 a, u32 b, u32 c) -> u32: // this is used by other components however many times needed def main(u32[16] input, u32[8] current) -> u32[8]: - u32 h0 = current[0] - u32 h1 = current[1] - u32 h2 = current[2] - u32 h3 = current[3] - u32 h4 = current[4] - u32 h5 = current[5] - u32 h6 = current[6] - u32 h7 = current[7] + u32 h0 = current[0] + u32 h1 = current[1] + u32 h2 = current[2] + u32 h3 = current[3] + u32 h4 = current[4] + u32 h5 = current[5] + u32 h6 = current[6] + u32 h7 = current[7] - u32[64] k = [0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2] + u32[64] k = [0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2] - u32[64] w = [...input, ...[0x00000000; 48]] + u32[64] w = [...input, ...[0x00000000; 48]] - for u32 i in 16..64 do + for u32 i in 16..64 do w[i] = extend(w, i) - endfor + endfor - u32 a = h0 - u32 b = h1 - u32 c = h2 - u32 d = h3 - u32 e = h4 - u32 f = h5 - u32 g = h6 - u32 h = h7 + u32 a = h0 + u32 b = h1 + u32 c = h2 + u32 d = h3 + u32 e = h4 + u32 f = h5 + u32 g = h6 + u32 h = h7 - for u32 i in 0..64 do + for u32 i in 0..64 do - u32 t1 = temp1(e, f, g, h, k[i], w[i]) + u32 t1 = temp1(e, f, g, h, k[i], w[i]) - u32 t2 = temp2(a, b, c) + u32 t2 = temp2(a, b, c) h = g g = f @@ -112,16 +73,16 @@ def main(u32[16] input, u32[8] current) -> u32[8]: b = a a = t1 + t2 - endfor + endfor - h0 = h0 + a - h1 = h1 + b - h2 = h2 + c - h3 = h3 + d - h4 = h4 + e - h5 = h5 + f - h6 = h6 + g - h7 = h7 + h + h0 = h0 + a + h1 = h1 + b + h2 = h2 + c + h3 = h3 + d + h4 = h4 + e + h5 = h5 + f + h6 = h6 + g + h7 = h7 + h - return [h0, h1, h2, h3, h4, h5, h6, h7] - + return [h0, h1, h2, h3, h4, h5, h6, h7] +