From dce41e50e8a7fffda65acfd0cf5491ba492fcefa Mon Sep 17 00:00:00 2001 From: schaeff Date: Mon, 15 Jun 2020 23:50:42 +0200 Subject: [PATCH 01/23] implement any assertion naively --- zokrates_cli/examples/conditions.zok | 17 ++++- zokrates_cli/examples/waldo.zok | 14 +--- zokrates_core/src/absy/from_ast.rs | 19 +---- zokrates_core/src/absy/mod.rs | 6 +- zokrates_core/src/flatten/mod.rs | 28 ++++--- zokrates_core/src/semantics.rs | 76 +++++++++++++------ .../static_analysis/flatten_complex_types.rs | 44 +++++++++-- .../src/static_analysis/propagation.rs | 9 +-- .../src/static_analysis/uint_optimizer.rs | 12 --- zokrates_core/src/static_analysis/unroll.rs | 9 +-- .../variable_access_remover.rs | 3 +- zokrates_core/src/typed_absy/folder.rs | 14 +++- zokrates_core/src/typed_absy/mod.rs | 21 +++-- zokrates_core/src/zir/folder.rs | 4 +- zokrates_core/src/zir/mod.rs | 8 +- 15 files changed, 164 insertions(+), 120 deletions(-) diff --git a/zokrates_cli/examples/conditions.zok b/zokrates_cli/examples/conditions.zok index 526239b1..408c5e6b 100644 --- a/zokrates_cli/examples/conditions.zok +++ b/zokrates_cli/examples/conditions.zok @@ -1,6 +1,19 @@ +struct Foo { + field a +} + +struct Bar { + Foo[1] foo +} + +def isEqual(field a, field b) -> (bool): + return a == b + def main(field a) -> (field): field b = (a + 5) * 6 2 * b == a * 12 + 60 field c = 7 * (b + a) - c == 7 * b + 7 * a - return b + c + isEqual(c, 7 * b + 7 * a) + field k = if [1, 2] == [3, 4] then 1 else 3 fi + [Bar { foo : [Foo { a: 42 }]}] == [Bar { foo : [Foo { a: 42 }]}] + return b + c \ No newline at end of file diff --git a/zokrates_cli/examples/waldo.zok b/zokrates_cli/examples/waldo.zok index 20a94e13..7d049d3d 100644 --- a/zokrates_cli/examples/waldo.zok +++ b/zokrates_cli/examples/waldo.zok @@ -4,11 +4,7 @@ def isWaldo(field a, field p, field q) -> (field): // make sure that p and q are both non zero - // we can't check inequalities, so let's create binary - // variables - field p1 = if p == 1 then 0 else 1 fi // "p != 1" - field q1 = if q == 1 then 0 else 1 fi // "q != 1" - q1 * p1 == 1 // "p1 and q1" + !(p == 1) && !(q == 1) // we know how to factor a a == p * q @@ -16,10 +12,6 @@ def isWaldo(field a, field p, field q) -> (field): return 1 // define all -def main(field a0, field a1, field a2, field a3, private field index, private field p, private field q) -> (field): +def main(field[4] a, private field index, private field p, private field q) -> (field): // prover provides the index of Waldo - field waldo = if index == 0 then a0 else 0 fi - waldo = waldo + if index == 1 then a1 else 0 fi - waldo = waldo + if index == 2 then a2 else 0 fi - waldo = waldo + if index == 3 then a3 else 0 fi - return isWaldo(waldo, p, q) \ No newline at end of file + return isWaldo(a[index], p, q) \ No newline at end of file diff --git a/zokrates_core/src/absy/from_ast.rs b/zokrates_core/src/absy/from_ast.rs index ecfae3b4..8165b9f6 100644 --- a/zokrates_core/src/absy/from_ast.rs +++ b/zokrates_core/src/absy/from_ast.rs @@ -262,23 +262,8 @@ impl<'ast, T: Field> From> for absy::StatementNod fn from(statement: pest::AssertionStatement<'ast>) -> absy::StatementNode { use absy::NodeValue; - match statement.expression { - pest::Expression::Binary(e) => match e.op { - pest::BinaryOperator::Eq => absy::Statement::Condition( - absy::ExpressionNode::from(*e.left), - absy::ExpressionNode::from(*e.right), - ), - _ => unimplemented!( - "Assertion statements should be an equality check, found {}", - statement.span.as_str() - ), - }, - _ => unimplemented!( - "Assertion statements should be an equality check, found {}", - statement.span.as_str() - ), - } - .span(statement.span) + absy::Statement::Assertion(absy::ExpressionNode::from(statement.expression)) + .span(statement.span) } } diff --git a/zokrates_core/src/absy/mod.rs b/zokrates_core/src/absy/mod.rs index 0101e387..131eecec 100644 --- a/zokrates_core/src/absy/mod.rs +++ b/zokrates_core/src/absy/mod.rs @@ -299,7 +299,7 @@ pub enum Statement<'ast, T> { Return(ExpressionListNode<'ast, T>), Declaration(VariableNode<'ast>), Definition(AssigneeNode<'ast, T>, ExpressionNode<'ast, T>), - Condition(ExpressionNode<'ast, T>, ExpressionNode<'ast, T>), + Assertion(ExpressionNode<'ast, T>), For( VariableNode<'ast>, ExpressionNode<'ast, T>, @@ -317,7 +317,7 @@ impl<'ast, T: fmt::Display> fmt::Display for Statement<'ast, T> { Statement::Return(ref expr) => write!(f, "return {}", expr), Statement::Declaration(ref var) => write!(f, "{}", var), Statement::Definition(ref lhs, ref rhs) => write!(f, "{} = {}", lhs, rhs), - Statement::Condition(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), + Statement::Assertion(ref e) => write!(f, "{}", e), Statement::For(ref var, ref start, ref stop, ref list) => { write!(f, "for {} in {}..{} do\n", var, start, stop)?; for l in list { @@ -346,7 +346,7 @@ impl<'ast, T: fmt::Debug> fmt::Debug for Statement<'ast, T> { Statement::Definition(ref lhs, ref rhs) => { write!(f, "Definition({:?}, {:?})", lhs, rhs) } - Statement::Condition(ref lhs, ref rhs) => write!(f, "Condition({:?}, {:?})", lhs, rhs), + Statement::Assertion(ref e) => write!(f, "Assertion({:?})", e), Statement::For(ref var, ref start, ref stop, ref list) => { write!(f, "for {:?} in {:?}..{:?} do\n", var, start, stop)?; for l in list { diff --git a/zokrates_core/src/flatten/mod.rs b/zokrates_core/src/flatten/mod.rs index 98550e5e..f5e7628d 100644 --- a/zokrates_core/src/flatten/mod.rs +++ b/zokrates_core/src/flatten/mod.rs @@ -1674,24 +1674,22 @@ impl<'ast, T: Field> Flattener<'ast, T> { None => {} } } - ZirStatement::Condition(lhs, rhs) => { - // flatten expr1 and expr2 to n flattened expressions with n the number of primitive types for expr1 - // add n conditions to check equality of the n expressions + ZirStatement::Assertion(e) => { + // naive approach: flatten the boolean to a single field element and constrain it to 1 - let lhs = self - .flatten_expression(symbols, statements_flattened, lhs) - .get_field_unchecked(); - let rhs = self - .flatten_expression(symbols, statements_flattened, rhs) - .get_field_unchecked(); + let e = self.flatten_boolean_expression(symbols, statements_flattened, e); - if lhs.is_linear() { - statements_flattened.push(FlatStatement::Condition(lhs, rhs)); - } else if rhs.is_linear() { - // swap so that left side is linear - statements_flattened.push(FlatStatement::Condition(rhs, lhs)); + if e.is_linear() { + statements_flattened.push(FlatStatement::Condition( + e, + FlatExpression::Number(T::from(1)), + )); } else { - unreachable!() + // swap so that left side is linear + statements_flattened.push(FlatStatement::Condition( + FlatExpression::Number(T::from(1)), + e, + )); } } ZirStatement::MultipleDefinition(vars, rhs) => { diff --git a/zokrates_core/src/semantics.rs b/zokrates_core/src/semantics.rs index 3a4c314e..a839a0ad 100644 --- a/zokrates_core/src/semantics.rs +++ b/zokrates_core/src/semantics.rs @@ -875,27 +875,21 @@ impl<'ast> Checker<'ast> { } .map_err(|e| vec![e]) } - Statement::Condition(lhs, rhs) => { - let checked_lhs = self - .check_expression(lhs, module_id, &types) - .map_err(|e| vec![e])?; - let checked_rhs = self - .check_expression(rhs, module_id, &types) + Statement::Assertion(e) => { + let e = self + .check_expression(e, module_id, &types) .map_err(|e| vec![e])?; - if checked_lhs.get_type() == checked_rhs.get_type() { - Ok(TypedStatement::Condition(checked_lhs, checked_rhs)) - } else { - Err(ErrorInner { + match e { + TypedExpression::Boolean(e) => Ok(TypedStatement::Assertion(e)), + e => Err(ErrorInner { pos: Some(pos), message: format!( - "Cannot compare {} of type {:?} to {} of type {:?}", - checked_lhs, - checked_lhs.get_type(), - checked_rhs, - checked_rhs.get_type(), + "Expected {} to be of type bool, found {}", + e, + e.get_type(), ), - }) + }), } .map_err(|e| vec![e]) } @@ -1543,6 +1537,38 @@ impl<'ast> Checker<'ast> { (TypedExpression::Boolean(e1), TypedExpression::Boolean(e2)) => { Ok(BooleanExpression::BoolEq(box e1, box e2).into()) } + (TypedExpression::Array(e1), TypedExpression::Array(e2)) => { + if e1.get_type() == e2.get_type() { + Ok(BooleanExpression::ArrayEq(box e1, box e2).into()) + } else { + Err(ErrorInner { + pos: Some(pos), + message: format!( + "Cannot compare {} of type {} to {} of type {}", + e1, + e1.get_type(), + e2, + e2.get_type() + ), + }) + } + } + (TypedExpression::Struct(e1), TypedExpression::Struct(e2)) => { + if e1.get_type() == e2.get_type() { + Ok(BooleanExpression::StructEq(box e1, box e2).into()) + } else { + Err(ErrorInner { + pos: Some(pos), + message: format!( + "Cannot compare {} of type {} to {} of type {}", + e1, + e1.get_type(), + e2, + e2.get_type() + ), + }) + } + } (e1, e2) => Err(ErrorInner { pos: Some(pos), message: format!( @@ -3136,9 +3162,12 @@ mod tests { // def bar(): // 2 == foo() // should fail - let bar_statements: Vec> = vec![Statement::Condition( - Expression::FieldConstant(Bn128Field::from(2)).mock(), - Expression::FunctionCall("foo", vec![]).mock(), + let bar_statements: Vec> = vec![Statement::Assertion( + Expression::Eq( + box Expression::FieldConstant(Bn128Field::from(2)).mock(), + box Expression::FunctionCall("foo", vec![]).mock(), + ) + .mock(), ) .mock()]; @@ -3535,9 +3564,12 @@ mod tests { // def bar(): // 1 == foo() // should fail - let bar_statements: Vec> = vec![Statement::Condition( - Expression::FieldConstant(Bn128Field::from(1)).mock(), - Expression::FunctionCall("foo", vec![]).mock(), + let bar_statements: Vec> = vec![Statement::Assertion( + Expression::Eq( + box Expression::FieldConstant(Bn128Field::from(1)).mock(), + box Expression::FunctionCall("foo", vec![]).mock(), + ) + .mock(), ) .mock()]; diff --git a/zokrates_core/src/static_analysis/flatten_complex_types.rs b/zokrates_core/src/static_analysis/flatten_complex_types.rs index 035cea54..6613bd8f 100644 --- a/zokrates_core/src/static_analysis/flatten_complex_types.rs +++ b/zokrates_core/src/static_analysis/flatten_complex_types.rs @@ -248,14 +248,9 @@ pub fn fold_statement<'ast, T: Field>( .map(|v| zir::ZirStatement::Declaration(v)) .collect() } - typed_absy::TypedStatement::Condition(left, right) => { - let left = f.fold_expression(left); - let right = f.fold_expression(right); - assert_eq!(left.len(), right.len()); - left.into_iter() - .zip(right.into_iter()) - .map(|(left, right)| zir::ZirStatement::Condition(left, right)) - .collect() + typed_absy::TypedStatement::Assertion(e) => { + let e = f.fold_boolean_expression(e); + vec![zir::ZirStatement::Assertion(e)] } typed_absy::TypedStatement::For(..) => unreachable!(), typed_absy::TypedStatement::MultipleDefinition(variables, elist) => { @@ -555,6 +550,39 @@ pub fn fold_boolean_expression<'ast, T: Field>( let e2 = f.fold_boolean_expression(e2); zir::BooleanExpression::BoolEq(box e1, box e2) } + typed_absy::BooleanExpression::ArrayEq(box e1, box e2) => { + let e1 = f.fold_array_expression(e1); + let e2 = f.fold_array_expression(e2); + + assert_eq!(e1.len(), e2.len()); + + e1.into_iter().zip(e2.into_iter()).fold( + zir::BooleanExpression::Value(true), + |acc, (e1, e2)| { + zir::BooleanExpression::And( + box acc, + box match (e1, e2) { + ( + zir::ZirExpression::FieldElement(e1), + zir::ZirExpression::FieldElement(e2), + ) => zir::BooleanExpression::FieldEq(box e1, box e2), + (zir::ZirExpression::Boolean(e1), zir::ZirExpression::Boolean(e2)) => { + zir::BooleanExpression::BoolEq(box e1, box e2) + } + _ => unimplemented!(), + }, + ) + }, + ) + } + typed_absy::BooleanExpression::StructEq(box e1, box e2) => { + let e1 = f.fold_struct_expression(e1); + let e2 = f.fold_struct_expression(e2); + + assert_eq!(e1.len(), e2.len()); + + unimplemented!() + } typed_absy::BooleanExpression::Lt(box e1, box e2) => { let e1 = f.fold_field_expression(e1); let e2 = f.fold_field_expression(e2); diff --git a/zokrates_core/src/static_analysis/propagation.rs b/zokrates_core/src/static_analysis/propagation.rs index 567c44c6..02daf5e2 100644 --- a/zokrates_core/src/static_analysis/propagation.rs +++ b/zokrates_core/src/static_analysis/propagation.rs @@ -112,13 +112,10 @@ impl<'ast, T: Field> Folder<'ast, T> for Propagator<'ast, T> { TypedStatement::Definition(TypedAssignee::Member(..), _) => { unreachable!("struct update should have been replaced with full struct redef") } - // propagate lhs and rhs for conditions - TypedStatement::Condition(e1, e2) => { + // propagate the boolean + TypedStatement::Assertion(e) => { // could stop execution here if condition is known to fail - Some(TypedStatement::Condition( - self.fold_expression(e1), - self.fold_expression(e2), - )) + Some(TypedStatement::Assertion(self.fold_boolean_expression(e))) } // only loops with variable bounds are expected here // we stop propagation here as constants maybe be modified inside the loop body diff --git a/zokrates_core/src/static_analysis/uint_optimizer.rs b/zokrates_core/src/static_analysis/uint_optimizer.rs index d0830c31..00ea9334 100644 --- a/zokrates_core/src/static_analysis/uint_optimizer.rs +++ b/zokrates_core/src/static_analysis/uint_optimizer.rs @@ -397,18 +397,6 @@ impl<'ast, T: Field> Folder<'ast, T> for UintOptimizer<'ast, T> { )], }, }, - // we need to put back in range to assert - ZirStatement::Condition(lhs, rhs) => { - match (self.fold_expression(lhs), self.fold_expression(rhs)) { - (ZirExpression::Uint(lhs), ZirExpression::Uint(rhs)) => { - vec![ZirStatement::Condition( - force_reduce(lhs).into(), - force_reduce(rhs).into(), - )] - } - (lhs, rhs) => vec![ZirStatement::Condition(lhs, rhs)], - } - } s => fold_statement(self, s), } } diff --git a/zokrates_core/src/static_analysis/unroll.rs b/zokrates_core/src/static_analysis/unroll.rs index f3dc70c9..00400446 100644 --- a/zokrates_core/src/static_analysis/unroll.rs +++ b/zokrates_core/src/static_analysis/unroll.rs @@ -84,13 +84,12 @@ impl<'ast> Unroller<'ast> { match head { Access::Select(head) => { - statements.insert(TypedStatement::Condition( + statements.insert(TypedStatement::Assertion( BooleanExpression::Lt( box head.clone(), box FieldElementExpression::Number(T::from(size)), ) .into(), - BooleanExpression::Value(true).into(), )); ArrayExpressionInner::Value( @@ -1089,13 +1088,12 @@ mod tests { assert_eq!( u.fold_statement(s), vec![ - TypedStatement::Condition( + TypedStatement::Assertion( BooleanExpression::Lt( box FieldElementExpression::Number(Bn128Field::from(1)), box FieldElementExpression::Number(Bn128Field::from(2)) ) .into(), - BooleanExpression::Value(true).into() ), TypedStatement::Definition( TypedAssignee::Identifier(Variable::field_array( @@ -1227,13 +1225,12 @@ mod tests { assert_eq!( u.fold_statement(s), vec![ - TypedStatement::Condition( + TypedStatement::Assertion( BooleanExpression::Lt( box FieldElementExpression::Number(Bn128Field::from(1)), box FieldElementExpression::Number(Bn128Field::from(2)) ) .into(), - BooleanExpression::Value(true).into() ), TypedStatement::Definition( TypedAssignee::Identifier(Variable::with_id_and_type( diff --git a/zokrates_core/src/static_analysis/variable_access_remover.rs b/zokrates_core/src/static_analysis/variable_access_remover.rs index 79f2ca5b..19246611 100644 --- a/zokrates_core/src/static_analysis/variable_access_remover.rs +++ b/zokrates_core/src/static_analysis/variable_access_remover.rs @@ -39,7 +39,7 @@ impl<'ast, T: Field> VariableAccessRemover<'ast, T> { _ => unreachable!(), }; - self.statements.push(TypedStatement::Condition( + self.statements.push(TypedStatement::Assertion( (0..size) .map(|index| { BooleanExpression::FieldEq( @@ -53,7 +53,6 @@ impl<'ast, T: Field> VariableAccessRemover<'ast, T> { }) .unwrap() .into(), - BooleanExpression::Value(true).into(), )); (0..size) diff --git a/zokrates_core/src/typed_absy/folder.rs b/zokrates_core/src/typed_absy/folder.rs index f83244fa..3bed457a 100644 --- a/zokrates_core/src/typed_absy/folder.rs +++ b/zokrates_core/src/typed_absy/folder.rs @@ -165,9 +165,7 @@ pub fn fold_statement<'ast, T: Field, F: Folder<'ast, T>>( TypedStatement::Definition(f.fold_assignee(a), f.fold_expression(e)) } TypedStatement::Declaration(v) => TypedStatement::Declaration(f.fold_variable(v)), - TypedStatement::Condition(left, right) => { - TypedStatement::Condition(f.fold_expression(left), f.fold_expression(right)) - } + TypedStatement::Assertion(e) => TypedStatement::Assertion(f.fold_boolean_expression(e)), TypedStatement::For(v, from, to, statements) => TypedStatement::For( f.fold_variable(v), from, @@ -325,6 +323,16 @@ pub fn fold_boolean_expression<'ast, T: Field, F: Folder<'ast, T>>( let e2 = f.fold_boolean_expression(e2); BooleanExpression::BoolEq(box e1, box e2) } + BooleanExpression::ArrayEq(box e1, box e2) => { + let e1 = f.fold_array_expression(e1); + let e2 = f.fold_array_expression(e2); + BooleanExpression::ArrayEq(box e1, box e2) + } + BooleanExpression::StructEq(box e1, box e2) => { + let e1 = f.fold_struct_expression(e1); + let e2 = f.fold_struct_expression(e2); + BooleanExpression::StructEq(box e1, box e2) + } BooleanExpression::Lt(box e1, box e2) => { let e1 = f.fold_field_expression(e1); let e2 = f.fold_field_expression(e2); diff --git a/zokrates_core/src/typed_absy/mod.rs b/zokrates_core/src/typed_absy/mod.rs index 08d49340..6e2b2e87 100644 --- a/zokrates_core/src/typed_absy/mod.rs +++ b/zokrates_core/src/typed_absy/mod.rs @@ -300,7 +300,7 @@ pub enum TypedStatement<'ast, T> { Return(Vec>), Definition(TypedAssignee<'ast, T>, TypedExpression<'ast, T>), Declaration(Variable<'ast>), - Condition(TypedExpression<'ast, T>, TypedExpression<'ast, T>), + Assertion(BooleanExpression<'ast, T>), For( Variable<'ast>, FieldElementExpression<'ast, T>, @@ -327,9 +327,7 @@ impl<'ast, T: fmt::Debug> fmt::Debug for TypedStatement<'ast, T> { TypedStatement::Definition(ref lhs, ref rhs) => { write!(f, "Definition({:?}, {:?})", lhs, rhs) } - TypedStatement::Condition(ref lhs, ref rhs) => { - write!(f, "Condition({:?}, {:?})", lhs, rhs) - } + TypedStatement::Assertion(ref e) => write!(f, "Assertion({:?})", e), TypedStatement::For(ref var, ref start, ref stop, ref list) => { write!(f, "for {:?} in {:?}..{:?} do\n", var, start, stop)?; for l in list { @@ -376,7 +374,7 @@ impl<'ast, T: fmt::Display> fmt::Display for TypedStatement<'ast, T> { } TypedStatement::Declaration(ref var) => write!(f, "{}", var), TypedStatement::Definition(ref lhs, ref rhs) => write!(f, "{} = {}", lhs, rhs), - TypedStatement::Condition(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), + TypedStatement::Assertion(ref e) => write!(f, "{}", e), TypedStatement::For(ref var, ref start, ref stop, ref list) => { write!(f, "for {} in {}..{} do\n", var, start, stop)?; for l in list { @@ -639,6 +637,11 @@ pub enum BooleanExpression<'ast, T> { Box>, Box>, ), + ArrayEq(Box>, Box>), + StructEq( + Box>, + Box>, + ), Ge( Box>, Box>, @@ -906,6 +909,8 @@ impl<'ast, T: fmt::Display> fmt::Display for BooleanExpression<'ast, T> { BooleanExpression::Le(ref lhs, ref rhs) => write!(f, "{} <= {}", lhs, rhs), BooleanExpression::FieldEq(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), BooleanExpression::BoolEq(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), + BooleanExpression::ArrayEq(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), + BooleanExpression::StructEq(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), BooleanExpression::Ge(ref lhs, ref rhs) => write!(f, "{} >= {}", lhs, rhs), BooleanExpression::Gt(ref lhs, ref rhs) => write!(f, "{} > {}", lhs, rhs), BooleanExpression::Or(ref lhs, ref rhs) => write!(f, "{} || {}", lhs, rhs), @@ -985,6 +990,12 @@ impl<'ast, T: fmt::Debug> fmt::Debug for BooleanExpression<'ast, T> { BooleanExpression::BoolEq(ref lhs, ref rhs) => { write!(f, "BoolEq({:?}, {:?})", lhs, rhs) } + BooleanExpression::ArrayEq(ref lhs, ref rhs) => { + write!(f, "ArrayEq({:?}, {:?})", lhs, rhs) + } + BooleanExpression::StructEq(ref lhs, ref rhs) => { + write!(f, "StructEq({:?}, {:?})", lhs, rhs) + } BooleanExpression::Ge(ref lhs, ref rhs) => write!(f, "Ge({:?}, {:?})", lhs, rhs), BooleanExpression::Gt(ref lhs, ref rhs) => write!(f, "Gt({:?}, {:?})", lhs, rhs), BooleanExpression::And(ref lhs, ref rhs) => write!(f, "And({:?}, {:?})", lhs, rhs), diff --git a/zokrates_core/src/zir/folder.rs b/zokrates_core/src/zir/folder.rs index af29c188..5111170d 100644 --- a/zokrates_core/src/zir/folder.rs +++ b/zokrates_core/src/zir/folder.rs @@ -130,9 +130,7 @@ pub fn fold_statement<'ast, T: Field, F: Folder<'ast, T>>( ZirStatement::Definition(f.fold_assignee(a), f.fold_expression(e)) } ZirStatement::Declaration(v) => ZirStatement::Declaration(f.fold_variable(v)), - ZirStatement::Condition(left, right) => { - ZirStatement::Condition(f.fold_expression(left), f.fold_expression(right)) - } + ZirStatement::Assertion(e) => ZirStatement::Assertion(f.fold_boolean_expression(e)), ZirStatement::MultipleDefinition(variables, elist) => ZirStatement::MultipleDefinition( variables.into_iter().map(|v| f.fold_variable(v)).collect(), f.fold_expression_list(elist), diff --git a/zokrates_core/src/zir/mod.rs b/zokrates_core/src/zir/mod.rs index bd2bbbf2..80ae9bf6 100644 --- a/zokrates_core/src/zir/mod.rs +++ b/zokrates_core/src/zir/mod.rs @@ -191,7 +191,7 @@ pub enum ZirStatement<'ast, T> { Return(Vec>), Definition(ZirAssignee<'ast>, ZirExpression<'ast, T>), Declaration(Variable<'ast>), - Condition(ZirExpression<'ast, T>, ZirExpression<'ast, T>), + Assertion(BooleanExpression<'ast, T>), MultipleDefinition(Vec>, ZirExpressionList<'ast, T>), } @@ -212,9 +212,7 @@ impl<'ast, T: fmt::Debug> fmt::Debug for ZirStatement<'ast, T> { ZirStatement::Definition(ref lhs, ref rhs) => { write!(f, "Definition({:?}, {:?})", lhs, rhs) } - ZirStatement::Condition(ref lhs, ref rhs) => { - write!(f, "Condition({:?}, {:?})", lhs, rhs) - } + ZirStatement::Assertion(ref e) => write!(f, "Assertion({:?})", e), ZirStatement::MultipleDefinition(ref lhs, ref rhs) => { write!(f, "MultipleDefinition({:?}, {:?})", lhs, rhs) } @@ -237,7 +235,7 @@ impl<'ast, T: fmt::Display> fmt::Display for ZirStatement<'ast, T> { } ZirStatement::Declaration(ref var) => write!(f, "{}", var), ZirStatement::Definition(ref lhs, ref rhs) => write!(f, "{} = {}", lhs, rhs), - ZirStatement::Condition(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), + ZirStatement::Assertion(ref e) => write!(f, "{}", e), ZirStatement::MultipleDefinition(ref ids, ref rhs) => { for (i, id) in ids.iter().enumerate() { write!(f, "{}", id)?; From 7ffb848d1867bf38d21ebe429b767783aff9634d Mon Sep 17 00:00:00 2001 From: schaeff Date: Tue, 16 Jun 2020 10:20:15 +0200 Subject: [PATCH 02/23] fix test --- zokrates_core/src/static_analysis/variable_access_remover.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/zokrates_core/src/static_analysis/variable_access_remover.rs b/zokrates_core/src/static_analysis/variable_access_remover.rs index 19246611..991740b1 100644 --- a/zokrates_core/src/static_analysis/variable_access_remover.rs +++ b/zokrates_core/src/static_analysis/variable_access_remover.rs @@ -169,7 +169,7 @@ mod tests { assert_eq!( VariableAccessRemover::new().fold_statement(access), vec![ - TypedStatement::Condition( + TypedStatement::Assertion( BooleanExpression::Or( box BooleanExpression::FieldEq( box FieldElementExpression::Identifier("i".into()), @@ -181,7 +181,6 @@ mod tests { ) ) .into(), - BooleanExpression::Value(true).into() ), TypedStatement::Definition( TypedAssignee::Identifier(Variable::field_element("b")), From c2ed4f77e184cb496bce5ac1878fd49210b234e9 Mon Sep 17 00:00:00 2001 From: schaeff Date: Tue, 16 Jun 2020 10:45:38 +0200 Subject: [PATCH 03/23] implement uinteq --- zokrates_core/src/flatten/mod.rs | 50 +++++++++++++++++-- zokrates_core/src/semantics.rs | 16 ++++++ .../static_analysis/flatten_complex_types.rs | 6 +++ .../src/static_analysis/uint_optimizer.rs | 12 +++++ zokrates_core/src/typed_absy/folder.rs | 5 ++ zokrates_core/src/typed_absy/mod.rs | 5 ++ zokrates_core/src/zir/folder.rs | 5 ++ zokrates_core/src/zir/mod.rs | 2 + 8 files changed, 98 insertions(+), 3 deletions(-) diff --git a/zokrates_core/src/flatten/mod.rs b/zokrates_core/src/flatten/mod.rs index f5e7628d..889abd84 100644 --- a/zokrates_core/src/flatten/mod.rs +++ b/zokrates_core/src/flatten/mod.rs @@ -575,9 +575,6 @@ impl<'ast, T: Field> Flattener<'ast, T> { ) } BooleanExpression::FieldEq(box lhs, box rhs) => { - // We know from semantic checking that lhs and rhs have the same type - // What the expression will flatten to depends on that type - // Wanted: (Y = (X != 0) ? 1 : 0) // X = a - b // # Y = if X == 0 then 0 else 1 fi @@ -616,6 +613,53 @@ impl<'ast, T: Field> Flattener<'ast, T> { res } + BooleanExpression::UintEq(box lhs, box rhs) => { + // We reduce each side into range and apply the same approach as for field elements + + // Wanted: (Y = (X != 0) ? 1 : 0) + // X = a - b + // # Y = if X == 0 then 0 else 1 fi + // # M = if X == 0 then 1 else 1/X fi + // Y == X * M + // 0 == (1-Y) * X + + let name_y = self.use_sym(); + let name_m = self.use_sym(); + + assert!(lhs.metadata.clone().unwrap().should_reduce.to_bool()); + assert!(rhs.metadata.clone().unwrap().should_reduce.to_bool()); + + let lhs = self + .flatten_uint_expression(symbols, statements_flattened, lhs) + .get_field_unchecked(); + let rhs = self + .flatten_uint_expression(symbols, statements_flattened, rhs) + .get_field_unchecked(); + + let x = FlatExpression::Sub(box lhs, box rhs); + + statements_flattened.push(FlatStatement::Directive(FlatDirective::new( + vec![name_y, name_m], + Solver::ConditionEq, + vec![x.clone()], + ))); + statements_flattened.push(FlatStatement::Condition( + FlatExpression::Identifier(name_y), + FlatExpression::Mult(box x.clone(), box FlatExpression::Identifier(name_m)), + )); + + let res = FlatExpression::Sub( + box FlatExpression::Number(T::one()), + box FlatExpression::Identifier(name_y), + ); + + statements_flattened.push(FlatStatement::Condition( + FlatExpression::Number(T::zero()), + FlatExpression::Mult(box res.clone(), box x), + )); + + res + } BooleanExpression::Le(box lhs, box rhs) => { let lt = self.flatten_boolean_expression( symbols, diff --git a/zokrates_core/src/semantics.rs b/zokrates_core/src/semantics.rs index a839a0ad..949e72b7 100644 --- a/zokrates_core/src/semantics.rs +++ b/zokrates_core/src/semantics.rs @@ -1569,6 +1569,22 @@ impl<'ast> Checker<'ast> { }) } } + (TypedExpression::Uint(e1), TypedExpression::Uint(e2)) => { + if e1.get_type() == e2.get_type() { + Ok(BooleanExpression::UintEq(box e1, box e2).into()) + } else { + Err(ErrorInner { + pos: Some(pos), + message: format!( + "Cannot compare {} of type {} to {} of type {}", + e1, + e1.get_type(), + e2, + e2.get_type() + ), + }) + } + } (e1, e2) => Err(ErrorInner { pos: Some(pos), message: format!( diff --git a/zokrates_core/src/static_analysis/flatten_complex_types.rs b/zokrates_core/src/static_analysis/flatten_complex_types.rs index 6613bd8f..877e63dd 100644 --- a/zokrates_core/src/static_analysis/flatten_complex_types.rs +++ b/zokrates_core/src/static_analysis/flatten_complex_types.rs @@ -583,6 +583,12 @@ pub fn fold_boolean_expression<'ast, T: Field>( unimplemented!() } + typed_absy::BooleanExpression::UintEq(box e1, box e2) => { + let e1 = f.fold_uint_expression(e1); + let e2 = f.fold_uint_expression(e2); + + zir::BooleanExpression::UintEq(box e1, box e2) + } typed_absy::BooleanExpression::Lt(box e1, box e2) => { let e1 = f.fold_field_expression(e1); let e2 = f.fold_field_expression(e2); diff --git a/zokrates_core/src/static_analysis/uint_optimizer.rs b/zokrates_core/src/static_analysis/uint_optimizer.rs index 00ea9334..d7ba88f0 100644 --- a/zokrates_core/src/static_analysis/uint_optimizer.rs +++ b/zokrates_core/src/static_analysis/uint_optimizer.rs @@ -397,6 +397,18 @@ impl<'ast, T: Field> Folder<'ast, T> for UintOptimizer<'ast, T> { )], }, }, + ZirStatement::Assertion(BooleanExpression::UintEq(box left, box right)) => { + let left = self.fold_uint_expression(left); + let right = self.fold_uint_expression(right); + + // we can only compare two unsigned integers if they are in range + let left = force_reduce(left); + let right = force_reduce(right); + + vec![ZirStatement::Assertion(BooleanExpression::UintEq( + box left, box right, + ))] + } s => fold_statement(self, s), } } diff --git a/zokrates_core/src/typed_absy/folder.rs b/zokrates_core/src/typed_absy/folder.rs index 3bed457a..385c4dce 100644 --- a/zokrates_core/src/typed_absy/folder.rs +++ b/zokrates_core/src/typed_absy/folder.rs @@ -333,6 +333,11 @@ pub fn fold_boolean_expression<'ast, T: Field, F: Folder<'ast, T>>( let e2 = f.fold_struct_expression(e2); BooleanExpression::StructEq(box e1, box e2) } + BooleanExpression::UintEq(box e1, box e2) => { + let e1 = f.fold_uint_expression(e1); + let e2 = f.fold_uint_expression(e2); + BooleanExpression::UintEq(box e1, box e2) + } BooleanExpression::Lt(box e1, box e2) => { let e1 = f.fold_field_expression(e1); let e2 = f.fold_field_expression(e2); diff --git a/zokrates_core/src/typed_absy/mod.rs b/zokrates_core/src/typed_absy/mod.rs index 6e2b2e87..a95aee99 100644 --- a/zokrates_core/src/typed_absy/mod.rs +++ b/zokrates_core/src/typed_absy/mod.rs @@ -642,6 +642,7 @@ pub enum BooleanExpression<'ast, T> { Box>, Box>, ), + UintEq(Box>, Box>), Ge( Box>, Box>, @@ -911,6 +912,7 @@ impl<'ast, T: fmt::Display> fmt::Display for BooleanExpression<'ast, T> { BooleanExpression::BoolEq(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), BooleanExpression::ArrayEq(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), BooleanExpression::StructEq(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), + BooleanExpression::UintEq(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), BooleanExpression::Ge(ref lhs, ref rhs) => write!(f, "{} >= {}", lhs, rhs), BooleanExpression::Gt(ref lhs, ref rhs) => write!(f, "{} > {}", lhs, rhs), BooleanExpression::Or(ref lhs, ref rhs) => write!(f, "{} || {}", lhs, rhs), @@ -996,6 +998,9 @@ impl<'ast, T: fmt::Debug> fmt::Debug for BooleanExpression<'ast, T> { BooleanExpression::StructEq(ref lhs, ref rhs) => { write!(f, "StructEq({:?}, {:?})", lhs, rhs) } + BooleanExpression::UintEq(ref lhs, ref rhs) => { + write!(f, "UintEq({:?}, {:?})", lhs, rhs) + } BooleanExpression::Ge(ref lhs, ref rhs) => write!(f, "Ge({:?}, {:?})", lhs, rhs), BooleanExpression::Gt(ref lhs, ref rhs) => write!(f, "Gt({:?}, {:?})", lhs, rhs), BooleanExpression::And(ref lhs, ref rhs) => write!(f, "And({:?}, {:?})", lhs, rhs), diff --git a/zokrates_core/src/zir/folder.rs b/zokrates_core/src/zir/folder.rs index 5111170d..71039a30 100644 --- a/zokrates_core/src/zir/folder.rs +++ b/zokrates_core/src/zir/folder.rs @@ -199,6 +199,11 @@ pub fn fold_boolean_expression<'ast, T: Field, F: Folder<'ast, T>>( let e2 = f.fold_boolean_expression(e2); BooleanExpression::BoolEq(box e1, box e2) } + BooleanExpression::UintEq(box e1, box e2) => { + let e1 = f.fold_uint_expression(e1); + let e2 = f.fold_uint_expression(e2); + BooleanExpression::UintEq(box e1, box e2) + } BooleanExpression::Lt(box e1, box e2) => { let e1 = f.fold_field_expression(e1); let e2 = f.fold_field_expression(e2); diff --git a/zokrates_core/src/zir/mod.rs b/zokrates_core/src/zir/mod.rs index 80ae9bf6..891cc1d0 100644 --- a/zokrates_core/src/zir/mod.rs +++ b/zokrates_core/src/zir/mod.rs @@ -397,6 +397,7 @@ pub enum BooleanExpression<'ast, T> { Box>, Box>, ), + UintEq(Box>, Box>), Ge( Box>, Box>, @@ -509,6 +510,7 @@ impl<'ast, T: fmt::Display> fmt::Display for BooleanExpression<'ast, T> { BooleanExpression::Le(ref lhs, ref rhs) => write!(f, "{} <= {}", lhs, rhs), BooleanExpression::FieldEq(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), BooleanExpression::BoolEq(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), + BooleanExpression::UintEq(ref lhs, ref rhs) => write!(f, "{} == {}", lhs, rhs), BooleanExpression::Ge(ref lhs, ref rhs) => write!(f, "{} >= {}", lhs, rhs), BooleanExpression::Gt(ref lhs, ref rhs) => write!(f, "{} > {}", lhs, rhs), BooleanExpression::Or(ref lhs, ref rhs) => write!(f, "{} || {}", lhs, rhs), From f15d73164b026a99b49a33beea4b84fc3f530b65 Mon Sep 17 00:00:00 2001 From: schaeff Date: Tue, 16 Jun 2020 19:13:38 +0200 Subject: [PATCH 04/23] wip --- zokrates_core/src/ir/expression.rs | 30 +++++++++++ zokrates_core/src/optimizer/redefinition.rs | 53 +++++++++++++++++-- zokrates_core/src/static_analysis/mod.rs | 2 +- .../src/static_analysis/propagation.rs | 38 +++++++++++++ 4 files changed, 118 insertions(+), 5 deletions(-) diff --git a/zokrates_core/src/ir/expression.rs b/zokrates_core/src/ir/expression.rs index 6ec840e1..441abbce 100644 --- a/zokrates_core/src/ir/expression.rs +++ b/zokrates_core/src/ir/expression.rs @@ -79,6 +79,27 @@ impl Eq for LinComb {} #[derive(PartialEq, PartialOrd, Clone, Eq, Ord, Hash, Debug, Serialize, Deserialize)] pub struct CanonicalLinComb(pub BTreeMap); +#[derive(PartialEq, PartialOrd, Clone, Eq, Ord, Hash, Debug, Serialize, Deserialize)] +pub struct CanonicalQuadComb { + left: CanonicalLinComb, + right: CanonicalLinComb, +} + +impl From> for QuadComb { + fn from(q: CanonicalQuadComb) -> Self { + QuadComb { + left: q.left.into(), + right: q.right.into(), + } + } +} + +impl From> for LinComb { + fn from(l: CanonicalLinComb) -> Self { + LinComb(l.0.into_iter().collect()) + } +} + impl LinComb { pub fn summand>(mult: U, var: FlatVariable) -> LinComb { let res = vec![(var, mult.into())]; @@ -160,6 +181,15 @@ impl LinComb { } } +impl QuadComb { + pub fn as_canonical(&self) -> CanonicalQuadComb { + CanonicalQuadComb { + left: self.left.as_canonical(), + right: self.right.as_canonical(), + } + } +} + impl fmt::Display for LinComb { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { match self.is_zero() { diff --git a/zokrates_core/src/optimizer/redefinition.rs b/zokrates_core/src/optimizer/redefinition.rs index 0113e65c..ccffaa95 100644 --- a/zokrates_core/src/optimizer/redefinition.rs +++ b/zokrates_core/src/optimizer/redefinition.rs @@ -114,11 +114,56 @@ impl Folder for RedefinitionOptimizer { } Statement::Directive(d) => { let d = self.fold_directive(d); - // to prevent the optimiser from replacing variables introduced by directives, add them to the ignored set - for o in d.outputs.iter().cloned() { - self.ignore.insert(o); + + let inputs = d + .inputs + .iter() + .map(|i| QuadComb::from(i.as_canonical())) + .map(|i| { + i.try_linear() + .map(|l| match l.0.len() { + 0 => Ok(T::from(0)), + _ => l + .try_summand() + .map(|(variable, coefficient)| match variable { + v if v == FlatVariable::one() => Ok(coefficient), + _ => Err(LinComb::summand(coefficient, variable).into()), + }) + .unwrap_or(Err(l.into())), + }) + .unwrap_or(Err(i.clone().into())) + }) + .collect::>>>(); + + match inputs.iter().all(|r| r.is_ok()) { + true => { + let inputs = inputs.into_iter().map(|i| i.unwrap()).collect(); + let outputs = Interpreter::default() + .execute_solver(&d.solver, &inputs) + .unwrap(); + + assert_eq!(outputs.len(), d.outputs.len()); + + for (output, value) in d.outputs.into_iter().zip(outputs.into_iter()) { + self.substitution.insert(output, value.into()); + } + vec![] + } + false => { + let inputs = inputs + .into_iter() + .map(|i| { + i.map(|v| LinComb::summand(v, FlatVariable::one()).into()) + .unwrap_or_else(|q| q) + }) + .collect(); + // to prevent the optimiser from replacing variables introduced by directives, add them to the ignored set + for o in d.outputs.iter().cloned() { + self.ignore.insert(o); + } + vec![Statement::Directive(Directive { inputs, ..d })] + } } - vec![Statement::Directive(d)] } } } diff --git a/zokrates_core/src/static_analysis/mod.rs b/zokrates_core/src/static_analysis/mod.rs index bf163a70..41c67a99 100644 --- a/zokrates_core/src/static_analysis/mod.rs +++ b/zokrates_core/src/static_analysis/mod.rs @@ -55,7 +55,7 @@ impl<'ast, T: Field> TypedProgram<'ast, T> { let r = VariableAccessRemover::apply(r); // convert to zir, removing complex types - let zir = Flattener::flatten(r.clone()); + let zir = Flattener::flatten(r); // optimize uint expressions let zir = UintOptimizer::optimize(zir); diff --git a/zokrates_core/src/static_analysis/propagation.rs b/zokrates_core/src/static_analysis/propagation.rs index 02daf5e2..ee553227 100644 --- a/zokrates_core/src/static_analysis/propagation.rs +++ b/zokrates_core/src/static_analysis/propagation.rs @@ -923,6 +923,11 @@ impl<'ast, T: Field> Folder<'ast, T> for Propagator<'ast, T> { &mut self, e: BooleanExpression<'ast, T>, ) -> BooleanExpression<'ast, T> { + // Note: we only propagate when we see constants, as comparing of arbitrary expressions would lead to + // a lot of false negatives due to expressions not being in a canonical form + // For example, `2 * a` is equivalent to `a + a`, but our notion of equality would not detect that here + // These kind of reduction rules are easier to apply later in the process, when we have canonical representations + // of expressions, ie `a + a` would always be written `2 * a` match e { BooleanExpression::Identifier(id) => match self .constants @@ -956,6 +961,39 @@ impl<'ast, T: Field> Folder<'ast, T> for Propagator<'ast, T> { (e1, e2) => BooleanExpression::BoolEq(box e1, box e2), } } + BooleanExpression::StructEq(box e1, box e2) => { + let e1 = self.fold_struct_expression(e1); + let e2 = self.fold_struct_expression(e2); + + let ty = e1.ty().clone(); + + match (e1.into_inner(), e2.into_inner()) { + (StructExpressionInner::Value(n1), StructExpressionInner::Value(n2)) => { + BooleanExpression::Value(n1 == n2) + } + (e1, e2) => BooleanExpression::StructEq( + box e1.annotate(ty.clone()), + box e2.annotate(ty), + ), + } + } + BooleanExpression::ArrayEq(box e1, box e2) => { + let e1 = self.fold_array_expression(e1); + let e2 = self.fold_array_expression(e2); + + let ty = e1.inner_type().clone(); + let size = e1.size(); + + match (e1.into_inner(), e2.into_inner()) { + (ArrayExpressionInner::Value(n1), ArrayExpressionInner::Value(n2)) => { + BooleanExpression::Value(n1 == n2) + } + (e1, e2) => BooleanExpression::ArrayEq( + box e1.annotate(ty.clone(), size), + box e2.annotate(ty, size), + ), + } + } BooleanExpression::Lt(box e1, box e2) => { let e1 = self.fold_field_expression(e1); let e2 = self.fold_field_expression(e2); From fcccf5715ce7af15b05dc1a00c5f406bc62d124a Mon Sep 17 00:00:00 2001 From: schaeff Date: Wed, 17 Jun 2020 13:24:59 +0200 Subject: [PATCH 05/23] use default folder --- .../src/static_analysis/propagation.rs | 33 ------------------- 1 file changed, 33 deletions(-) diff --git a/zokrates_core/src/static_analysis/propagation.rs b/zokrates_core/src/static_analysis/propagation.rs index ee553227..95f1d940 100644 --- a/zokrates_core/src/static_analysis/propagation.rs +++ b/zokrates_core/src/static_analysis/propagation.rs @@ -961,39 +961,6 @@ impl<'ast, T: Field> Folder<'ast, T> for Propagator<'ast, T> { (e1, e2) => BooleanExpression::BoolEq(box e1, box e2), } } - BooleanExpression::StructEq(box e1, box e2) => { - let e1 = self.fold_struct_expression(e1); - let e2 = self.fold_struct_expression(e2); - - let ty = e1.ty().clone(); - - match (e1.into_inner(), e2.into_inner()) { - (StructExpressionInner::Value(n1), StructExpressionInner::Value(n2)) => { - BooleanExpression::Value(n1 == n2) - } - (e1, e2) => BooleanExpression::StructEq( - box e1.annotate(ty.clone()), - box e2.annotate(ty), - ), - } - } - BooleanExpression::ArrayEq(box e1, box e2) => { - let e1 = self.fold_array_expression(e1); - let e2 = self.fold_array_expression(e2); - - let ty = e1.inner_type().clone(); - let size = e1.size(); - - match (e1.into_inner(), e2.into_inner()) { - (ArrayExpressionInner::Value(n1), ArrayExpressionInner::Value(n2)) => { - BooleanExpression::Value(n1 == n2) - } - (e1, e2) => BooleanExpression::ArrayEq( - box e1.annotate(ty.clone(), size), - box e2.annotate(ty, size), - ), - } - } BooleanExpression::Lt(box e1, box e2) => { let e1 = self.fold_field_expression(e1); let e2 = self.fold_field_expression(e2); From bbb84fa0482fb4802561733b05fab88ac68a1a04 Mon Sep 17 00:00:00 2001 From: schaeff Date: Wed, 17 Jun 2020 14:00:23 +0200 Subject: [PATCH 06/23] revert --- zokrates_core/src/ir/expression.rs | 30 ------------ zokrates_core/src/optimizer/redefinition.rs | 53 ++------------------- 2 files changed, 4 insertions(+), 79 deletions(-) diff --git a/zokrates_core/src/ir/expression.rs b/zokrates_core/src/ir/expression.rs index 441abbce..6ec840e1 100644 --- a/zokrates_core/src/ir/expression.rs +++ b/zokrates_core/src/ir/expression.rs @@ -79,27 +79,6 @@ impl Eq for LinComb {} #[derive(PartialEq, PartialOrd, Clone, Eq, Ord, Hash, Debug, Serialize, Deserialize)] pub struct CanonicalLinComb(pub BTreeMap); -#[derive(PartialEq, PartialOrd, Clone, Eq, Ord, Hash, Debug, Serialize, Deserialize)] -pub struct CanonicalQuadComb { - left: CanonicalLinComb, - right: CanonicalLinComb, -} - -impl From> for QuadComb { - fn from(q: CanonicalQuadComb) -> Self { - QuadComb { - left: q.left.into(), - right: q.right.into(), - } - } -} - -impl From> for LinComb { - fn from(l: CanonicalLinComb) -> Self { - LinComb(l.0.into_iter().collect()) - } -} - impl LinComb { pub fn summand>(mult: U, var: FlatVariable) -> LinComb { let res = vec![(var, mult.into())]; @@ -181,15 +160,6 @@ impl LinComb { } } -impl QuadComb { - pub fn as_canonical(&self) -> CanonicalQuadComb { - CanonicalQuadComb { - left: self.left.as_canonical(), - right: self.right.as_canonical(), - } - } -} - impl fmt::Display for LinComb { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { match self.is_zero() { diff --git a/zokrates_core/src/optimizer/redefinition.rs b/zokrates_core/src/optimizer/redefinition.rs index ccffaa95..0113e65c 100644 --- a/zokrates_core/src/optimizer/redefinition.rs +++ b/zokrates_core/src/optimizer/redefinition.rs @@ -114,56 +114,11 @@ impl Folder for RedefinitionOptimizer { } Statement::Directive(d) => { let d = self.fold_directive(d); - - let inputs = d - .inputs - .iter() - .map(|i| QuadComb::from(i.as_canonical())) - .map(|i| { - i.try_linear() - .map(|l| match l.0.len() { - 0 => Ok(T::from(0)), - _ => l - .try_summand() - .map(|(variable, coefficient)| match variable { - v if v == FlatVariable::one() => Ok(coefficient), - _ => Err(LinComb::summand(coefficient, variable).into()), - }) - .unwrap_or(Err(l.into())), - }) - .unwrap_or(Err(i.clone().into())) - }) - .collect::>>>(); - - match inputs.iter().all(|r| r.is_ok()) { - true => { - let inputs = inputs.into_iter().map(|i| i.unwrap()).collect(); - let outputs = Interpreter::default() - .execute_solver(&d.solver, &inputs) - .unwrap(); - - assert_eq!(outputs.len(), d.outputs.len()); - - for (output, value) in d.outputs.into_iter().zip(outputs.into_iter()) { - self.substitution.insert(output, value.into()); - } - vec![] - } - false => { - let inputs = inputs - .into_iter() - .map(|i| { - i.map(|v| LinComb::summand(v, FlatVariable::one()).into()) - .unwrap_or_else(|q| q) - }) - .collect(); - // to prevent the optimiser from replacing variables introduced by directives, add them to the ignored set - for o in d.outputs.iter().cloned() { - self.ignore.insert(o); - } - vec![Statement::Directive(Directive { inputs, ..d })] - } + // to prevent the optimiser from replacing variables introduced by directives, add them to the ignored set + for o in d.outputs.iter().cloned() { + self.ignore.insert(o); } + vec![Statement::Directive(d)] } } } From 832819aabfaba73df0dc53e49408dec35804ecc7 Mon Sep 17 00:00:00 2001 From: schaeff Date: Wed, 17 Jun 2020 20:05:48 +0200 Subject: [PATCH 07/23] adjust ci --- test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test.sh b/test.sh index 43945977..462c0808 100755 --- a/test.sh +++ b/test.sh @@ -3,4 +3,4 @@ # Exit if any subcommand fails set -e -cargo test --release -- --test-threads=1 +cargo test --release -- --test-threads=2 From 3ec38415afcdbec9367b1e3400439bb3f346dd56 Mon Sep 17 00:00:00 2001 From: schaeff Date: Fri, 19 Jun 2020 12:47:29 +0200 Subject: [PATCH 08/23] revert to 1 thread --- test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test.sh b/test.sh index 462c0808..43945977 100755 --- a/test.sh +++ b/test.sh @@ -3,4 +3,4 @@ # Exit if any subcommand fails set -e -cargo test --release -- --test-threads=2 +cargo test --release -- --test-threads=1 From 057d5883aa551fc339356bf1184dc2a0e95a2762 Mon Sep 17 00:00:00 2001 From: schaeff Date: Fri, 3 Jul 2020 18:10:33 +0200 Subject: [PATCH 09/23] remove bellman embeds, add u32 to stdlib --- Cargo.lock | 73 ---- Cargo.toml | 1 - .../merkleTree/pedersenPathProof3.zok | 6 +- .../examples/merkleTree/sha256PathProof3.zok | 8 +- .../tests/code/sha_round.arguments.json | 260 -------------- .../tests/code/sha_round.expected.witness | 1 - zokrates_cli/tests/code/sha_round.zok | 14 - zokrates_core/Cargo.toml | 3 +- zokrates_core/src/embed.rs | 224 ------------ zokrates_core/src/imports.rs | 11 - zokrates_core/src/ir/interpreter.rs | 12 - zokrates_core/src/lib.rs | 1 - zokrates_core/src/semantics.rs | 2 + zokrates_core/src/solvers/mod.rs | 2 - zokrates_core/src/standard.rs | 232 ------------- zokrates_core/src/static_analysis/inline.rs | 5 - .../tests/tests/arrays/fun_spread.zok | 2 +- .../tests/tests/uint/sha256.json | 2 +- zokrates_embed/Cargo.toml | 14 - zokrates_embed/src/lib.rs | 319 ------------------ .../stdlib/ecc/edwardsCompress.zok | 2 +- .../stdlib/ecc/edwardsOrderCheck.zok | 2 +- .../stdlib/ecc/proofOfOwnership.zok | 4 +- .../stdlib/hashes/pedersen/512bit.zok | 36 +- .../stdlib/hashes/sha256/1024bit.zok | 11 +- .../stdlib/hashes/sha256/1024bitPadded.zok | 28 +- .../stdlib/hashes/sha256/1536bit.zok | 14 +- .../stdlib/hashes/sha256/256bitPadded.zok | 33 +- .../stdlib/hashes/sha256/512bit.zok | 16 +- .../stdlib/hashes/sha256/512bitPacked.zok | 23 +- .../stdlib/hashes/sha256/512bitPadded.zok | 29 +- .../stdlib/hashes/sha256/IVconstants.zok | 15 +- .../stdlib/hashes/sha256/shaRound.zok | 126 +++++++ .../hashes/sha256/shaRoundNoBoolCheck.zok | 6 - .../hashes/utils/256bitsDirectionHelper.zok | 2 +- .../stdlib/signatures/verifyEddsa.zok | 14 +- .../stdlib/utils/casts/bool_128_to_u32_4.zok | 4 + .../stdlib/utils/casts/bool_256_to_u32_8.zok | 4 + .../stdlib/utils/casts/u32_4_to_bool_128.zok | 4 + .../stdlib/utils/casts/u32_8_to_bool_256.zok | 4 + .../stdlib/utils/multiplexer/256bit.zok | 2 +- .../pack/{ => bool}/nonStrictUnpack256.zok | 2 +- .../stdlib/utils/pack/{ => bool}/pack128.zok | 8 +- .../stdlib/utils/pack/bool/pack256.zok | 14 + .../utils/pack/{ => bool}/unpack128.zok | 0 zokrates_stdlib/stdlib/utils/pack/pack256.zok | 10 - .../utils/pack/u32/nonStrictUnpack256.zok | 12 + .../stdlib/utils/pack/u32/pack128.zok | 10 + .../stdlib/utils/pack/u32/pack256.zok | 10 + .../stdlib/utils/pack/u32/unpack128.zok | 7 + .../tests/tests/ecc/proofOfOwnership.zok | 1 - .../tests/tests/hashes/pedersen/512bit.zok | 6 +- .../tests/hashes/sha256/1024bitPadded.zok | 12 +- .../tests/tests/hashes/sha256/512bit.zok | 8 +- .../tests/hashes/sha256/512bitPadded.zok | 8 +- .../hashes/utils/256bitsDirectionHelper.zok | 16 +- .../tests/tests/signatures/verifyEddsa.zok | 4 +- .../tests/tests/utils/multiplexer/256bit.zok | 12 +- .../utils/pack/bool/nonStrictUnpack256.json | 16 + .../pack/{ => bool}/nonStrictUnpack256.zok | 2 +- .../{unpack128.json => bool/pack128.json} | 2 +- .../tests/utils/pack/{ => bool}/pack128.zok | 2 +- .../unpack128.json} | 2 +- .../tests/utils/pack/{ => bool}/unpack128.zok | 2 +- .../utils/pack/u32/nonStrictUnpack256.json | 16 + .../utils/pack/u32/nonStrictUnpack256.zok | 41 +++ .../tests/utils/pack/{ => u32}/pack128.json | 2 +- .../tests/tests/utils/pack/u32/pack128.zok | 36 ++ .../tests/tests/utils/pack/u32/unpack128.json | 16 + .../tests/tests/utils/pack/u32/unpack128.zok | 33 ++ 70 files changed, 544 insertions(+), 1337 deletions(-) delete mode 100644 zokrates_cli/tests/code/sha_round.arguments.json delete mode 100644 zokrates_cli/tests/code/sha_round.expected.witness delete mode 100644 zokrates_cli/tests/code/sha_round.zok delete mode 100644 zokrates_core/src/standard.rs delete mode 100644 zokrates_embed/Cargo.toml delete mode 100644 zokrates_embed/src/lib.rs create mode 100644 zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok delete mode 100644 zokrates_stdlib/stdlib/hashes/sha256/shaRoundNoBoolCheck.zok create mode 100644 zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok create mode 100644 zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok create mode 100644 zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok create mode 100644 zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok rename zokrates_stdlib/stdlib/utils/pack/{ => bool}/nonStrictUnpack256.zok (87%) rename zokrates_stdlib/stdlib/utils/pack/{ => bool}/pack128.zok (58%) create mode 100644 zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok rename zokrates_stdlib/stdlib/utils/pack/{ => bool}/unpack128.zok (100%) delete mode 100644 zokrates_stdlib/stdlib/utils/pack/pack256.zok create mode 100644 zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok create mode 100644 zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok create mode 100644 zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok create mode 100644 zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok create mode 100644 zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json rename zokrates_stdlib/tests/tests/utils/pack/{ => bool}/nonStrictUnpack256.zok (99%) rename zokrates_stdlib/tests/tests/utils/pack/{unpack128.json => bool/pack128.json} (70%) rename zokrates_stdlib/tests/tests/utils/pack/{ => bool}/pack128.zok (98%) rename zokrates_stdlib/tests/tests/utils/pack/{nonStrictUnpack256.json => bool/unpack128.json} (68%) rename zokrates_stdlib/tests/tests/utils/pack/{ => bool}/unpack128.zok (98%) create mode 100644 zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json create mode 100644 zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok rename zokrates_stdlib/tests/tests/utils/pack/{ => u32}/pack128.json (70%) create mode 100644 zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok create mode 100644 zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json create mode 100644 zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok diff --git a/Cargo.lock b/Cargo.lock index d1e46b1e..31dc57e9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -27,15 +27,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "arrayvec" -version = "0.4.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd9fd44efafa8690358b7408d253adf110036b88f55672a933f01d616ad9b1b9" -dependencies = [ - "nodrop", -] - [[package]] name = "assert_cli" version = "0.5.4" @@ -120,17 +111,6 @@ version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" -[[package]] -name = "blake2-rfc_bellman_edition" -version = "0.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fdc60350286c7c3db13b98e91dbe5c8b6830a6821bc20af5b0c310ce94d74915" -dependencies = [ - "arrayvec", - "byteorder", - "constant_time_eq", -] - [[package]] name = "block-buffer" version = "0.7.3" @@ -261,12 +241,6 @@ dependencies = [ "wasm-bindgen", ] -[[package]] -name = "constant_time_eq" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" - [[package]] name = "crossbeam" version = "0.7.3" @@ -338,12 +312,6 @@ dependencies = [ "lazy_static", ] -[[package]] -name = "crunchy" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7" - [[package]] name = "csv" version = "1.1.3" @@ -802,12 +770,6 @@ dependencies = [ "autocfg", ] -[[package]] -name = "nodrop" -version = "0.1.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72ef4a56884ca558e5ddb05a1d1e7e1bfd9a68d9ed024c21704cc98872dae1bb" - [[package]] name = "num" version = "0.1.42" @@ -1245,23 +1207,6 @@ dependencies = [ "winapi-util", ] -[[package]] -name = "sapling-crypto_ce" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c4ff5309ec3e4bd800ad4ab3f71e9b76e9ea81c9f0eda6efa16008afbe440b3" -dependencies = [ - "bellman_ce", - "blake2-rfc_bellman_edition", - "byteorder", - "digest", - "rand 0.4.6", - "serde", - "serde_derive", - "sha2", - "tiny-keccak", -] - [[package]] name = "scoped-tls" version = "1.0.0" @@ -1470,15 +1415,6 @@ dependencies = [ "lazy_static", ] -[[package]] -name = "tiny-keccak" -version = "2.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c9d3793400a45f954c52e73d068316d76b6f4e36977e3fcebb13a2721e80237" -dependencies = [ - "crunchy", -] - [[package]] name = "typed-arena" version = "1.7.0" @@ -1790,7 +1726,6 @@ dependencies = [ "typed-arena", "wasm-bindgen-test", "zokrates_common", - "zokrates_embed", "zokrates_field", "zokrates_pest_ast", ] @@ -1803,14 +1738,6 @@ dependencies = [ "zokrates_test", ] -[[package]] -name = "zokrates_embed" -version = "0.1.1" -dependencies = [ - "bellman_ce", - "sapling-crypto_ce", -] - [[package]] name = "zokrates_field" version = "0.3.6" diff --git a/Cargo.toml b/Cargo.toml index 50d4c4ce..889f4c86 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,7 +6,6 @@ members = [ "zokrates_cli", "zokrates_fs_resolver", "zokrates_stdlib", - "zokrates_embed", "zokrates_abi", "zokrates_test", "zokrates_core_test", diff --git a/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok b/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok index 148ecd7f..8b238fd9 100644 --- a/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok +++ b/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok @@ -6,14 +6,14 @@ import "hashes/utils/256bitsDirectionHelper" as multiplex // Merke-Tree inclusion proof for tree depth 3 using SNARK efficient pedersen hashes // directionSelector=> 1/true if current digest is on the rhs of the hash -def main(bool[256] rootDigest, private bool[256] leafDigest, private bool[3] directionSelector, bool[256] PathDigest0, private bool[256] PathDigest1, private bool[256] PathDigest2) -> (field): +def main(u32[8] rootDigest, private u32[8] leafDigest, private bool[3] directionSelector, u32[8] PathDigest0, private u32[8] PathDigest1, private u32[8] PathDigest2) -> (field): BabyJubJubParams context = context() //Setup - bool[256] currentDigest = leafDigest + u32[8] currentDigest = leafDigest //Loop up the tree - bool[512] preimage = multiplex(directionSelector[0], currentDigest, PathDigest0) + u32[16] preimage = multiplex(directionSelector[0], currentDigest, PathDigest0) currentDigest = hash(preimage) preimage = multiplex(directionSelector[1], currentDigest, PathDigest1) diff --git a/zokrates_cli/examples/merkleTree/sha256PathProof3.zok b/zokrates_cli/examples/merkleTree/sha256PathProof3.zok index 666d84fb..c51f1b1a 100644 --- a/zokrates_cli/examples/merkleTree/sha256PathProof3.zok +++ b/zokrates_cli/examples/merkleTree/sha256PathProof3.zok @@ -3,17 +3,17 @@ import "utils/multiplexer/256bit" as multiplex // Merkle-Tree inclusion proof for tree depth 3 -def main(field treeDepth, bool[256] rootDigest, private bool[256] leafDigest, private bool[2] directionSelector, bool[256] PathDigest0, private bool[256] PathDigest1) -> (field): +def main(field treeDepth, u32[8] rootDigest, private u32[8] leafDigest, private bool[2] directionSelector, u32[8] PathDigest0, private u32[8] PathDigest1) -> (field): //Setup - bool[256] currentDigest = leafDigest + u32[8] currentDigest = leafDigest field counter = 1 bool currentDirection = false //Loop up the tree currentDirection = directionSelector[0] - bool[256] lhs = multiplex(currentDirection, currentDigest, PathDigest0) - bool[256] rhs = multiplex(!currentDirection, currentDigest, PathDigest0) + u32[8] lhs = multiplex(currentDirection, currentDigest, PathDigest0) + u32[8] rhs = multiplex(!currentDirection, currentDigest, PathDigest0) currentDigest = sha256(lhs, rhs) counter = counter + 1 diff --git a/zokrates_cli/tests/code/sha_round.arguments.json b/zokrates_cli/tests/code/sha_round.arguments.json deleted file mode 100644 index ef766341..00000000 --- a/zokrates_cli/tests/code/sha_round.arguments.json +++ /dev/null @@ -1,260 +0,0 @@ -[ - [ - false, - false, - false, - true, - true, - true, - true, - true, - false, - false, - true, - true, - true, - false, - true, - true, - true, - false, - false, - false, - true, - false, - true, - true, - true, - false, - false, - true, - true, - false, - false, - false, - true, - true, - false, - false, - false, - false, - true, - false, - false, - false, - false, - true, - true, - true, - true, - false, - true, - false, - true, - true, - true, - false, - false, - false, - true, - false, - false, - true, - false, - true, - false, - false, - false, - false, - true, - true, - true, - true, - false, - false, - true, - false, - false, - false, - true, - true, - true, - false, - true, - true, - true, - false, - false, - false, - true, - true, - false, - false, - true, - true, - false, - false, - true, - false, - false, - false, - true, - false, - true, - true, - false, - false, - false, - false, - false, - true, - false, - true, - false, - false, - false, - false, - false, - true, - false, - true, - false, - false, - true, - false, - true, - true, - false, - true, - true, - false, - false, - false, - false, - true, - false, - false, - false, - false, - false, - true, - false, - true, - false, - true, - false, - true, - false, - true, - true, - false, - false, - false, - true, - false, - false, - true, - true, - false, - false, - false, - false, - true, - false, - true, - false, - false, - true, - true, - true, - false, - false, - true, - true, - true, - false, - false, - true, - true, - true, - false, - false, - false, - true, - true, - true, - true, - false, - false, - true, - true, - false, - true, - false, - true, - true, - true, - true, - false, - true, - true, - true, - true, - false, - false, - false, - true, - false, - false, - true, - true, - true, - false, - true, - false, - false, - false, - false, - false, - false, - true, - true, - true, - true, - false, - true, - true, - true, - true, - true, - false, - true, - false, - true, - false, - true, - true, - false, - false, - true, - true, - false, - false, - false, - false, - true, - true, - true, - true, - false, - true, - false, - false, - true, - false, - true, - true, - false, - true - ] -] \ No newline at end of file diff --git a/zokrates_cli/tests/code/sha_round.expected.witness b/zokrates_cli/tests/code/sha_round.expected.witness deleted file mode 100644 index 1e61044c..00000000 --- a/zokrates_cli/tests/code/sha_round.expected.witness +++ /dev/null @@ -1 +0,0 @@ -~out_0 1 \ No newline at end of file diff --git a/zokrates_cli/tests/code/sha_round.zok b/zokrates_cli/tests/code/sha_round.zok deleted file mode 100644 index a2222a40..00000000 --- a/zokrates_cli/tests/code/sha_round.zok +++ /dev/null @@ -1,14 +0,0 @@ -import "EMBED/sha256round" as sha256 - -def main(private bool[256] expected) -> (field): - - bool[256] a = [false; 256] - bool[256] b = [false; 256] - b[253] = true - b[255] = true - - bool[256] IV = [false, true, true, false, true, false, true, false, false, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, false, true, true, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, true, true, true, false, true, false, false, false, false, true, false, true, false, false, true, true, true, true, false, false, false, true, true, false, true, true, true, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false, true, false, true, false, false, true, false, true, false, true, false, false, true, true, true, true, true, true, true, true, false, true, false, true, false, false, true, true, true, false, true, false, false, true, false, true, false, false, false, true, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, true, true, true, true, true, true, true, false, false, true, true, false, true, true, false, false, false, false, false, true, false, true, false, true, true, false, true, false, false, false, true, false, false, false, true, true, false, false, false, false, false, true, true, true, true, true, true, false, false, false, false, false, true, true, true, true, false, true, true, false, false, true, true, false, true, false, true, false, true, true, false, true, false, true, true, false, true, true, true, true, true, false, false, false, false, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, false, true] - - expected == sha256([...a, ...b], IV) - - return 1 \ No newline at end of file diff --git a/zokrates_core/Cargo.toml b/zokrates_core/Cargo.toml index 7c4d6a89..edf555b0 100644 --- a/zokrates_core/Cargo.toml +++ b/zokrates_core/Cargo.toml @@ -9,7 +9,7 @@ build = "build.rs" [features] default = [] libsnark = ["cc", "cmake", "git2"] -wasm = ["bellman_ce/wasm", "zokrates_embed/wasm"] +wasm = ["bellman_ce/wasm"] multicore = ["bellman_ce/multicore"] [dependencies] @@ -29,7 +29,6 @@ pairing_ce = "^0.21" ff_ce = "^0.9" zokrates_field = { version = "0.3.0", path = "../zokrates_field" } zokrates_pest_ast = { version = "0.1.0", path = "../zokrates_pest_ast" } -zokrates_embed = { path = "../zokrates_embed" } zokrates_common = { path = "../zokrates_common" } rand = "0.4" csv = "1" diff --git a/zokrates_core/src/embed.rs b/zokrates_core/src/embed.rs index 1671e25e..48284e3d 100644 --- a/zokrates_core/src/embed.rs +++ b/zokrates_core/src/embed.rs @@ -1,19 +1,16 @@ use crate::solvers::Solver; -use bellman::pairing::ff::ScalarEngine; use flat_absy::{ FlatDirective, FlatExpression, FlatExpressionList, FlatFunction, FlatParameter, FlatStatement, FlatVariable, }; use std::collections::HashMap; use typed_absy::types::{FunctionKey, Signature, Type}; -use zokrates_embed::{generate_sha256_round_constraints, BellmanConstraint}; use zokrates_field::Field; /// A low level function that contains non-deterministic introduction of variables. It is carried out as is until /// the flattening step when it can be inlined. #[derive(Debug, Clone, PartialEq, Hash)] pub enum FlatEmbed { - Sha256Round, Unpack(usize), U8ToBits, U16ToBits, @@ -26,12 +23,6 @@ pub enum FlatEmbed { impl FlatEmbed { pub fn signature(&self) -> Signature { match self { - FlatEmbed::Sha256Round => Signature::new() - .inputs(vec![ - Type::array(Type::Boolean, 512), - Type::array(Type::Boolean, 256), - ]) - .outputs(vec![Type::array(Type::Boolean, 256)]), FlatEmbed::Unpack(bitwidth) => Signature::new() .inputs(vec![Type::FieldElement]) .outputs(vec![Type::array(Type::Boolean, *bitwidth)]), @@ -62,7 +53,6 @@ impl FlatEmbed { pub fn id(&self) -> &'static str { match self { - FlatEmbed::Sha256Round => "_SHA256_ROUND", FlatEmbed::Unpack(_) => "_UNPACK", FlatEmbed::U8ToBits => "_U8_TO_BITS", FlatEmbed::U16ToBits => "_U16_TO_BITS", @@ -76,144 +66,12 @@ impl FlatEmbed { /// Actually get the `FlatFunction` that this `FlatEmbed` represents pub fn synthetize(&self) -> FlatFunction { match self { - FlatEmbed::Sha256Round => sha256_round(), FlatEmbed::Unpack(bitwidth) => unpack_to_bitwidth(*bitwidth), _ => unreachable!(), } } } -// util to convert a vector of `(variable_id, coefficient)` to a flat_expression -// we build a binary tree of additions by splitting the vector recursively -fn flat_expression_from_vec( - v: &[(usize, <::BellmanEngine as ScalarEngine>::Fr)], -) -> FlatExpression { - match v.len() { - 0 => FlatExpression::Number(T::zero()), - 1 => { - let (key, val) = v[0].clone(); - FlatExpression::Mult( - box FlatExpression::Number(T::from_bellman(val)), - box FlatExpression::Identifier(FlatVariable::new(key)), - ) - } - n => { - let (u, v) = v.split_at(n / 2); - FlatExpression::Add( - box flat_expression_from_vec(u), - box flat_expression_from_vec(v), - ) - } - } -} - -impl From> for FlatStatement { - fn from(c: zokrates_embed::BellmanConstraint) -> FlatStatement { - let rhs_a = flat_expression_from_vec(&c.a); - let rhs_b = flat_expression_from_vec(&c.b); - let lhs = flat_expression_from_vec(&c.c); - - FlatStatement::Condition(lhs, FlatExpression::Mult(box rhs_a, box rhs_b)) - } -} - -/// Returns a flat function which computes a sha256 round -/// -/// # Remarks -/// -/// The variables inside the function are set in this order: -/// - constraint system variables -/// - arguments -pub fn sha256_round() -> FlatFunction { - // Define iterators for all indices at hand - let (r1cs, input_indices, current_hash_indices, output_indices) = - generate_sha256_round_constraints::(); - - // indices of the input - let input_indices = input_indices.into_iter(); - // indices of the current hash - let current_hash_indices = current_hash_indices.into_iter(); - // indices of the output - let output_indices = output_indices.into_iter(); - - let variable_count = r1cs.aux_count + 1; // auxiliary and ONE - - // indices of the sha256round constraint system variables - let cs_indices = (0..variable_count).into_iter(); - - // indices of the arguments to the function - // apply an offset of `variable_count` to get the indice of our dummy `input` argument - let input_argument_indices = input_indices - .clone() - .into_iter() - .map(|i| i + variable_count); - // apply an offset of `variable_count` to get the indice of our dummy `current_hash` argument - let current_hash_argument_indices = current_hash_indices - .clone() - .into_iter() - .map(|i| i + variable_count); - - // define parameters to the function based on the variables - let arguments = input_argument_indices - .clone() - .chain(current_hash_argument_indices.clone()) - .map(|i| FlatParameter { - id: FlatVariable::new(i), - private: true, - }) - .collect(); - - // define a binding of the first variable in the constraint system to one - let one_binding_statement = FlatStatement::Condition( - FlatVariable::new(0).into(), - FlatExpression::Number(T::from(1)), - ); - - let input_binding_statements = - // bind input and current_hash to inputs - input_indices.clone().chain(current_hash_indices).zip(input_argument_indices.clone().chain(current_hash_argument_indices.clone())).map(|(cs_index, argument_index)| { - FlatStatement::Condition( - FlatVariable::new(cs_index).into(), - FlatVariable::new(argument_index).into(), - ) - }); - - // insert flattened statements to represent constraints - let constraint_statements = r1cs.constraints.into_iter().map(|c| c.into()); - - // define which subset of the witness is returned - let outputs: Vec> = output_indices - .map(|o| FlatExpression::Identifier(FlatVariable::new(o))) - .collect(); - - // insert a directive to set the witness based on the bellman gadget and inputs - let directive_statement = FlatStatement::Directive(FlatDirective { - outputs: cs_indices.map(|i| FlatVariable::new(i)).collect(), - inputs: input_argument_indices - .chain(current_hash_argument_indices) - .map(|i| FlatVariable::new(i).into()) - .collect(), - solver: Solver::Sha256Round, - }); - - // insert a statement to return the subset of the witness - let return_statement = FlatStatement::Return(FlatExpressionList { - expressions: outputs, - }); - - let statements = std::iter::once(directive_statement) - .chain(std::iter::once(one_binding_statement)) - .chain(input_binding_statements) - .chain(constraint_statements) - .chain(std::iter::once(return_statement)) - .collect(); - - FlatFunction { - arguments, - statements, - } -} - fn use_variable( layout: &mut HashMap, name: String, @@ -361,86 +219,4 @@ mod tests { ); } } - - #[cfg(test)] - mod sha256 { - use super::*; - use ir::Interpreter; - - #[test] - fn generate_sha256_constraints() { - let compiled = sha256_round(); - - // function should have 768 inputs - assert_eq!(compiled.arguments.len(), 768,); - - // function should return 256 values - assert_eq!( - compiled - .statements - .iter() - .filter_map(|s| match s { - FlatStatement::Return(v) => Some(v), - _ => None, - }) - .next() - .unwrap() - .expressions - .len(), - 256, - ); - - // directive should take 768 inputs and return n_var outputs - let directive = compiled - .statements - .iter() - .filter_map(|s| match s { - FlatStatement::Directive(d) => Some(d.clone()), - _ => None, - }) - .next() - .unwrap(); - assert_eq!(directive.inputs.len(), 768); - assert_eq!(directive.outputs.len(), 26935); - // function input should be offset by variable_count - assert_eq!( - compiled.arguments[0].id, - FlatVariable::new(directive.outputs.len() + 1) - ); - - // bellman variable #0: index 0 should equal 1 - assert_eq!( - compiled.statements[1], - FlatStatement::Condition( - FlatVariable::new(0).into(), - FlatExpression::Number(Bn128Field::from(1)) - ) - ); - - // bellman input #0: index 1 should equal zokrates input #0: index v_count - assert_eq!( - compiled.statements[2], - FlatStatement::Condition( - FlatVariable::new(1).into(), - FlatVariable::new(26936).into() - ) - ); - - let f = crate::ir::Function::from(compiled); - let prog = crate::ir::Prog { - main: f, - private: vec![true; 768], - }; - - let input = (0..512) - .map(|_| 0) - .chain((0..256).map(|_| 1)) - .map(|i| Bn128Field::from(i)) - .collect(); - - let interpreter = Interpreter::default(); - - interpreter.execute(&prog, &input).unwrap(); - } - } } diff --git a/zokrates_core/src/imports.rs b/zokrates_core/src/imports.rs index 1e8db324..a927c0f0 100644 --- a/zokrates_core/src/imports.rs +++ b/zokrates_core/src/imports.rs @@ -149,17 +149,6 @@ impl Importer { // handle the case of special bellman and packing imports if import.source.starts_with("EMBED") { match import.source.to_str().unwrap() { - "EMBED/sha256round" => { - let alias = alias.unwrap_or("sha256round"); - - symbols.push( - SymbolDeclaration { - id: &alias, - symbol: Symbol::Flat(FlatEmbed::Sha256Round), - } - .start_end(pos.0, pos.1), - ); - } "EMBED/unpack" => { let alias = alias.unwrap_or("unpack"); diff --git a/zokrates_core/src/ir/interpreter.rs b/zokrates_core/src/ir/interpreter.rs index 3c8b899b..7cd235ec 100644 --- a/zokrates_core/src/ir/interpreter.rs +++ b/zokrates_core/src/ir/interpreter.rs @@ -4,7 +4,6 @@ use ir::Directive; use solvers::Solver; use std::collections::BTreeMap; use std::fmt; -use zokrates_embed::generate_sha256_round_witness; use zokrates_field::Field; pub type ExecutionResult = Result, Error>; @@ -186,17 +185,6 @@ impl Interpreter { vec![a * (b - c.clone()) + c] } Solver::Div => vec![inputs[0].clone() / inputs[1].clone()], - Solver::Sha256Round => { - let i = &inputs[0..512]; - let h = &inputs[512..]; - let i: Vec<_> = i.iter().map(|x| x.clone().into_bellman()).collect(); - let h: Vec<_> = h.iter().map(|x| x.clone().into_bellman()).collect(); - assert!(h.len() == 256); - generate_sha256_round_witness::(&i, &h) - .into_iter() - .map(|x| T::from_bellman(x)) - .collect() - } }; assert_eq!(res.len(), expected_output_count); diff --git a/zokrates_core/src/lib.rs b/zokrates_core/src/lib.rs index 489a4a1f..5187d467 100644 --- a/zokrates_core/src/lib.rs +++ b/zokrates_core/src/lib.rs @@ -17,7 +17,6 @@ extern crate lazy_static; extern crate pairing_ce as pairing; extern crate regex; extern crate zokrates_common; -extern crate zokrates_embed; extern crate zokrates_field; extern crate zokrates_pest_ast; diff --git a/zokrates_core/src/semantics.rs b/zokrates_core/src/semantics.rs index 3a4c314e..52bbd20b 100644 --- a/zokrates_core/src/semantics.rs +++ b/zokrates_core/src/semantics.rs @@ -396,6 +396,8 @@ impl<'ast> Checker<'ast> { match Checker::new().check_module(&import.module_id, state) { Ok(()) => { + println!("{:?} {:#?}", import.module_id, state.typed_modules.keys()); + // find candidates in the checked module let function_candidates: Vec<_> = state .typed_modules diff --git a/zokrates_core/src/solvers/mod.rs b/zokrates_core/src/solvers/mod.rs index f5af8557..c533acfd 100644 --- a/zokrates_core/src/solvers/mod.rs +++ b/zokrates_core/src/solvers/mod.rs @@ -6,7 +6,6 @@ pub enum Solver { ConditionEq, Bits(usize), Div, - Sha256Round, Xor, Or, ShaAndXorAndXorAnd, @@ -25,7 +24,6 @@ impl Solver { Solver::ConditionEq => (1, 2), Solver::Bits(bit_width) => (1, *bit_width), Solver::Div => (2, 1), - Solver::Sha256Round => (768, 26935), Solver::Xor => (2, 1), Solver::Or => (2, 1), Solver::ShaAndXorAndXorAnd => (3, 1), diff --git a/zokrates_core/src/standard.rs b/zokrates_core/src/standard.rs deleted file mode 100644 index 97b7e0b2..00000000 --- a/zokrates_core/src/standard.rs +++ /dev/null @@ -1,232 +0,0 @@ -use crate::flat_absy::{FlatExpression, FlatExpressionList, FlatFunction, FlatStatement}; -use crate::flat_absy::{FlatParameter, FlatVariable}; -use crate::helpers::{DirectiveStatement, Helper, RustHelper}; -use crate::types::{Signature, Type}; -use bellman::pairing::ff::ScalarEngine; -use reduce::Reduce; -use zokrates_embed::{generate_sha256_round_constraints, BellmanConstraint}; -use zokrates_field::Field; - -// util to convert a vector of `(variable_id, coefficient)` to a flat_expression -fn flat_expression_from_vec( - v: Vec<(usize, <::BellmanEngine as ScalarEngine>::Fr)>, -) -> FlatExpression { - match v - .into_iter() - .map(|(key, val)| { - FlatExpression::Mult( - box FlatExpression::Number(T::from_bellman(val)), - box FlatExpression::Identifier(FlatVariable::new(key)), - ) - }) - .reduce(|acc, e| FlatExpression::Add(box acc, box e)) - { - Some(e @ FlatExpression::Mult(..)) => { - FlatExpression::Add(box FlatExpression::Number(T::zero()), box e) - } // the R1CS serializer only recognizes Add - Some(e) => e, - None => FlatExpression::Number(T::zero()), - } -} - -impl From> for FlatStatement { - fn from(c: zokrates_embed::BellmanConstraint) -> FlatStatement { - let rhs_a = flat_expression_from_vec(c.a); - let rhs_b = flat_expression_from_vec(c.b); - let lhs = flat_expression_from_vec(c.c); - - FlatStatement::Condition(lhs, FlatExpression::Mult(box rhs_a, box rhs_b)) - } -} - -/// Returns a flat function which computes a sha256 round -/// -/// # Remarks -/// -/// The variables inside the function are set in this order: -/// - constraint system variables -/// - arguments -pub fn sha_round() -> FlatFunction { - // Define iterators for all indices at hand - let (r1cs, input_indices, current_hash_indices, output_indices) = - generate_sha256_round_constraints::(); - - // indices of the input - let input_indices = input_indices.into_iter(); - // indices of the current hash - let current_hash_indices = current_hash_indices.into_iter(); - // indices of the output - let output_indices = output_indices.into_iter(); - - let variable_count = r1cs.aux_count + 1; // auxiliary and ONE - - // indices of the sha256round constraint system variables - let cs_indices = (0..variable_count).into_iter(); - - // indices of the arguments to the function - // apply an offset of `variable_count` to get the indice of our dummy `input` argument - let input_argument_indices = input_indices - .clone() - .into_iter() - .map(|i| i + variable_count); - // apply an offset of `variable_count` to get the indice of our dummy `current_hash` argument - let current_hash_argument_indices = current_hash_indices - .clone() - .into_iter() - .map(|i| i + variable_count); - - // define the signature of the resulting function - let signature = Signature { - inputs: vec![ - Type::array(Type::FieldElement, input_indices.len()), - Type::array(Type::FieldElement, current_hash_indices.len()), - ], - outputs: vec![Type::array(Type::FieldElement, output_indices.len())], - }; - - // define parameters to the function based on the variables - let arguments = input_argument_indices - .clone() - .chain(current_hash_argument_indices.clone()) - .map(|i| FlatParameter { - id: FlatVariable::new(i), - private: true, - }) - .collect(); - - // define a binding of the first variable in the constraint system to one - let one_binding_statement = FlatStatement::Condition( - FlatVariable::new(0).into(), - FlatExpression::Number(T::from(1)), - ); - - let input_binding_statements = - // bind input and current_hash to inputs - input_indices.clone().chain(current_hash_indices).zip(input_argument_indices.clone().chain(current_hash_argument_indices.clone())).map(|(cs_index, argument_index)| { - FlatStatement::Condition( - FlatVariable::new(cs_index).into(), - FlatVariable::new(argument_index).into(), - ) - }); - - // insert flattened statements to represent constraints - let constraint_statements = r1cs.constraints.into_iter().map(|c| c.into()); - - // define which subset of the witness is returned - let outputs: Vec> = output_indices - .map(|o| FlatExpression::Identifier(FlatVariable::new(o))) - .collect(); - - // insert a directive to set the witness based on the bellman gadget and inputs - let directive_statement = FlatStatement::Directive(DirectiveStatement { - outputs: cs_indices.map(|i| FlatVariable::new(i)).collect(), - inputs: input_argument_indices - .chain(current_hash_argument_indices) - .map(|i| FlatVariable::new(i).into()) - .collect(), - helper: Helper::Rust(RustHelper::Sha256Round), - }); - - // insert a statement to return the subset of the witness - let return_statement = FlatStatement::Return(FlatExpressionList { - expressions: outputs, - }); - - let statements = std::iter::once(directive_statement) - .chain(std::iter::once(one_binding_statement)) - .chain(input_binding_statements) - .chain(constraint_statements) - .chain(std::iter::once(return_statement)) - .collect(); - - FlatFunction { - id: "main".to_owned(), - arguments, - statements, - signature, - } -} - -#[cfg(test)] -mod tests { - use super::*; - use zokrates_field::Bn128Field; - - #[test] - fn generate_sha256_constraints() { - let compiled = sha_round(); - - // function should have a signature of 768 inputs and 256 outputs - assert_eq!( - compiled.signature, - Signature::new() - .inputs(vec![ - Type::array(Type::FieldElement, 512), - Type::array(Type::FieldElement, 256) - ]) - .outputs(vec![Type::array(Type::FieldElement, 256)]) - ); - - // function should have 768 inputs - assert_eq!(compiled.arguments.len(), 768,); - - // function should return 256 values - assert_eq!( - compiled - .statements - .iter() - .filter_map(|s| match s { - FlatStatement::Return(v) => Some(v), - _ => None, - }) - .next() - .unwrap() - .expressions - .len(), - 256, - ); - - // directive should take 768 inputs and return n_var outputs - let directive = compiled - .statements - .iter() - .filter_map(|s| match s { - FlatStatement::Directive(d) => Some(d.clone()), - _ => None, - }) - .next() - .unwrap(); - assert_eq!(directive.inputs.len(), 768); - assert_eq!(directive.outputs.len(), 26935); - // function input should be offset by variable_count - assert_eq!( - compiled.arguments[0].id, - FlatVariable::new(directive.outputs.len() + 1) - ); - - // bellman variable #0: index 0 should equal 1 - assert_eq!( - compiled.statements[1], - FlatStatement::Condition( - FlatVariable::new(0).into(), - FlatExpression::Number(Bn128Field::from(1)) - ) - ); - - // bellman input #0: index 1 should equal zokrates input #0: index v_count - assert_eq!( - compiled.statements[2], - FlatStatement::Condition(FlatVariable::new(1).into(), FlatVariable::new(26936).into()) - ); - - let f = crate::ir::Function::from(compiled); - let prog = crate::ir::Prog { - main: f, - private: vec![true; 768], - }; - - let input = (0..512).map(|_| 0).chain((0..256).map(|_| 1)).collect(); - - prog.execute(&input).unwrap(); - } -} diff --git a/zokrates_core/src/static_analysis/inline.rs b/zokrates_core/src/static_analysis/inline.rs index d1684c29..cafb37ab 100644 --- a/zokrates_core/src/static_analysis/inline.rs +++ b/zokrates_core/src/static_analysis/inline.rs @@ -104,10 +104,6 @@ impl<'ast, T: Field> Inliner<'ast, T> { let unpack = crate::embed::FlatEmbed::Unpack(T::get_required_bits()); let unpack_key = unpack.key::(); - // define a function in the main module for the `sha256_round` embed - let sha256_round = crate::embed::FlatEmbed::Sha256Round; - let sha256_round_key = sha256_round.key::(); - // define a function in the main module for the `u32_to_bits` embed let u32_to_bits = crate::embed::FlatEmbed::U32ToBits; let u32_to_bits_key = u32_to_bits.key::(); @@ -140,7 +136,6 @@ impl<'ast, T: Field> Inliner<'ast, T> { TypedModule { functions: vec![ (unpack_key, TypedFunctionSymbol::Flat(unpack)), - (sha256_round_key, TypedFunctionSymbol::Flat(sha256_round)), (u32_from_bits_key, TypedFunctionSymbol::Flat(u32_from_bits)), (u16_from_bits_key, TypedFunctionSymbol::Flat(u16_from_bits)), (u8_from_bits_key, TypedFunctionSymbol::Flat(u8_from_bits)), diff --git a/zokrates_core_test/tests/tests/arrays/fun_spread.zok b/zokrates_core_test/tests/tests/arrays/fun_spread.zok index 0567ed73..754e6739 100644 --- a/zokrates_core_test/tests/tests/arrays/fun_spread.zok +++ b/zokrates_core_test/tests/tests/arrays/fun_spread.zok @@ -1,4 +1,4 @@ -import "utils/pack/nonStrictUnpack256.zok" as unpack256 +import "utils/pack/bool/nonStrictUnpack256.zok" as unpack256 def main(field[2] inputs) -> (bool[512]): diff --git a/zokrates_core_test/tests/tests/uint/sha256.json b/zokrates_core_test/tests/tests/uint/sha256.json index e933d90c..57a72621 100644 --- a/zokrates_core_test/tests/tests/uint/sha256.json +++ b/zokrates_core_test/tests/tests/uint/sha256.json @@ -1,6 +1,6 @@ { "entry_point": "./tests/tests/uint/sha256.zok", - "max_constraint_count": 43000, + "max_constraint_count": 30000, "tests": [ { "input": { diff --git a/zokrates_embed/Cargo.toml b/zokrates_embed/Cargo.toml deleted file mode 100644 index 8e70a140..00000000 --- a/zokrates_embed/Cargo.toml +++ /dev/null @@ -1,14 +0,0 @@ -[package] -name = "zokrates_embed" -version = "0.1.1" -authors = ["schaeff "] -edition = "2018" - -[features] -default = [] -wasm = ["bellman_ce/wasm", "sapling-crypto_ce/wasm"] -multicore = ["bellman_ce/multicore", "sapling-crypto_ce/multicore"] - -[dependencies] -bellman_ce = { version = "^0.3", default-features = false} -sapling-crypto_ce = { version = "0.1.3", default-features = false } \ No newline at end of file diff --git a/zokrates_embed/src/lib.rs b/zokrates_embed/src/lib.rs deleted file mode 100644 index 8d689055..00000000 --- a/zokrates_embed/src/lib.rs +++ /dev/null @@ -1,319 +0,0 @@ -extern crate sapling_crypto_ce as sapling_crypto; -use sapling_crypto::bellman; - -use bellman::{ - pairing::{ff::Field, Engine}, - ConstraintSystem, Index, LinearCombination, SynthesisError, Variable, -}; -use sapling_crypto::circuit::{ - boolean::{AllocatedBit, Boolean}, - sha256::sha256_compression_function, - uint32::UInt32, -}; - -#[derive(Debug)] -pub struct BellmanR1CS { - pub aux_count: usize, - pub constraints: Vec>, -} - -impl BellmanR1CS { - pub fn new() -> Self { - BellmanR1CS { - aux_count: 0, - constraints: vec![], - } - } -} - -#[derive(Debug)] -pub struct BellmanWitness { - pub values: Vec, -} - -#[derive(Debug, PartialEq)] -pub struct BellmanConstraint { - pub a: Vec<(usize, E::Fr)>, - pub b: Vec<(usize, E::Fr)>, - pub c: Vec<(usize, E::Fr)>, -} - -fn sha256_round>( - mut cs: CS, - input: &Vec>, - current_hash: &Vec>, -) -> Result<(Vec, Vec, Vec), SynthesisError> { - // Allocate bits for `input` - let input_bits = input - .iter() - .enumerate() - .map(|(index, i)| { - AllocatedBit::alloc::( - &mut cs.namespace(|| format!("input_{}", index)), - Some(*i == Some(::one())), - ) - .unwrap() - }) - .collect::>(); - - // Define Booleans whose values are the defined bits - let input = input_bits - .iter() - .map(|i| Boolean::Is(i.clone())) - .collect::>(); - - // Allocate bits for `current_hash` - let current_hash_bits = current_hash - .iter() - .enumerate() - .map(|(index, i)| { - AllocatedBit::alloc::( - &mut cs.namespace(|| format!("current_hash_{}", index)), - Some(*i == Some(::one())), - ) - .unwrap() - }) - .collect::>(); - - // Define Booleans whose values are the defined bits - let current_hash = current_hash_bits - .chunks(32) - .map(|chunk| { - UInt32::from_bits_be( - &chunk - .into_iter() - .map(|i| Boolean::Is(i.clone())) - .collect::>(), - ) - }) - .collect::>(); - - // Apply the compression function, returning the 8 bytes of outputs - let res = sha256_compression_function::(&mut cs, &input, ¤t_hash).unwrap(); - - // Extract the 256 bits of output out of the 8 bytes - let output_bits = res - .into_iter() - .flat_map(|u| u.into_bits_be()) - .map(|b| b.get_variable().unwrap().clone()) - .collect::>(); - - // Return indices of `input`, `current_hash` and `output` in the CS - Ok(( - input_bits - .into_iter() - .map(|b| var_to_index(b.get_variable())) - .collect(), - current_hash_bits - .into_iter() - .map(|b| var_to_index(b.get_variable())) - .collect(), - output_bits - .into_iter() - .map(|b| var_to_index(b.get_variable())) - .collect(), - )) -} - -impl ConstraintSystem for BellmanWitness { - type Root = Self; - - fn alloc(&mut self, _: A, f: F) -> Result - where - F: FnOnce() -> Result, - A: FnOnce() -> AR, - AR: Into, - { - let index = self.values.len(); - let var = Variable::new_unchecked(Index::Aux(index)); - self.values.push(f().unwrap()); - Ok(var) - } - - fn alloc_input(&mut self, _: A, _: F) -> Result - where - F: FnOnce() -> Result, - A: FnOnce() -> AR, - AR: Into, - { - unreachable!("Bellman helpers are not allowed to allocate public variables") - } - - fn enforce(&mut self, _: A, _: LA, _: LB, _: LC) - where - A: FnOnce() -> AR, - AR: Into, - LA: FnOnce(LinearCombination) -> LinearCombination, - LB: FnOnce(LinearCombination) -> LinearCombination, - LC: FnOnce(LinearCombination) -> LinearCombination, - { - // do nothing - } - - fn push_namespace(&mut self, _: N) - where - NR: Into, - N: FnOnce() -> NR, - { - // do nothing - } - - fn pop_namespace(&mut self) { - // do nothing - } - - fn get_root(&mut self) -> &mut Self::Root { - self - } -} - -impl ConstraintSystem for BellmanR1CS { - type Root = Self; - - fn alloc(&mut self, _: A, _: F) -> Result - where - F: FnOnce() -> Result, - A: FnOnce() -> AR, - AR: Into, - { - // we don't care about the value as we're only generating the CS - let index = self.aux_count; - let var = Variable::new_unchecked(Index::Aux(index)); - self.aux_count += 1; - Ok(var) - } - - fn alloc_input(&mut self, _: A, _: F) -> Result - where - F: FnOnce() -> Result, - A: FnOnce() -> AR, - AR: Into, - { - unreachable!("Bellman helpers are not allowed to allocate public variables") - } - - fn enforce(&mut self, _: A, a: LA, b: LB, c: LC) - where - A: FnOnce() -> AR, - AR: Into, - LA: FnOnce(LinearCombination) -> LinearCombination, - LB: FnOnce(LinearCombination) -> LinearCombination, - LC: FnOnce(LinearCombination) -> LinearCombination, - { - let a = a(LinearCombination::zero()); - let b = b(LinearCombination::zero()); - let c = c(LinearCombination::zero()); - - let a = a - .as_ref() - .into_iter() - .map(|(variable, coefficient)| (var_to_index(*variable), *coefficient)) - .collect(); - let b = b - .as_ref() - .into_iter() - .map(|(variable, coefficient)| (var_to_index(*variable), *coefficient)) - .collect(); - let c = c - .as_ref() - .into_iter() - .map(|(variable, coefficient)| (var_to_index(*variable), *coefficient)) - .collect(); - - self.constraints.push(BellmanConstraint { a, b, c }); - } - - fn push_namespace(&mut self, _: N) - where - NR: Into, - N: FnOnce() -> NR, - { - // do nothing - } - - fn pop_namespace(&mut self) { - // do nothing - } - - fn get_root(&mut self) -> &mut Self::Root { - self - } -} - -pub fn generate_sha256_round_constraints( -) -> (BellmanR1CS, Vec, Vec, Vec) { - let mut cs = BellmanR1CS::new(); - - let (input_bits, current_hash_bits, output_bits) = - sha256_round(&mut cs, &vec![None; 512], &vec![None; 256]).unwrap(); - - // res is now the allocated bits for `input`, `current_hash` and `sha256_output` - - (cs, input_bits, current_hash_bits, output_bits) -} - -pub fn generate_sha256_round_witness( - input: &[E::Fr], - current_hash: &[E::Fr], -) -> Vec { - assert_eq!(input.len(), 512); - assert_eq!(current_hash.len(), 256); - - let mut cs: BellmanWitness = BellmanWitness { - values: vec![::one()], - }; - - sha256_round( - &mut cs, - &input.iter().map(|x| Some(x.clone())).collect(), - ¤t_hash.iter().map(|x| Some(x.clone())).collect(), - ) - .unwrap(); - - cs.values -} - -fn var_to_index(v: Variable) -> usize { - match v.get_unchecked() { - Index::Aux(i) => i + 1, - Index::Input(0) => 0, - _ => unreachable!("No public variables should have been allocated"), - } -} - -#[cfg(test)] -mod tests { - use super::*; - use bellman::pairing::bn256::{Bn256, Fr}; - - #[test] - fn generate_constraints() { - let (_c, input, current_hash, output) = generate_sha256_round_constraints::(); - assert_eq!(input.len(), 512); - assert_eq!(current_hash.len(), 256); - assert_eq!(output.len(), 256); - } - - #[test] - fn generate_witness() { - let witness = - generate_sha256_round_witness::(&vec![Fr::one(); 512], &vec![Fr::zero(); 256]); - assert_eq!(witness.len(), 26935); - } - - #[test] - fn test_cs() { - use sapling_crypto::circuit::test::TestConstraintSystem; - - let mut cs: TestConstraintSystem = TestConstraintSystem::new(); - - let _ = sha256_round( - &mut cs, - &vec![Some(Fr::zero()); 512], - &vec![Some(Fr::one()); 256], - ) - .unwrap(); - - assert!(cs.is_satisfied()); - } -} diff --git a/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok b/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok index 7cdf87df..0c6efe6d 100644 --- a/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok +++ b/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok @@ -1,4 +1,4 @@ -import "utils/pack/nonStrictUnpack256" as unpack256 +import "utils/pack/bool/nonStrictUnpack256" as unpack256 // Compress JubJub Curve Point to 256bit array using big endianness bit order // Python reference code from pycrypto: diff --git a/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok b/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok index e85391bf..9fa4d275 100644 --- a/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok +++ b/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok @@ -1,6 +1,6 @@ import "ecc/edwardsAdd" as add import "ecc/edwardsScalarMult" as multiply -import "utils/pack/nonStrictUnpack256" as unpack256 +import "utils/pack/bool/nonStrictUnpack256" as unpack256 from "ecc/babyjubjubParams" import BabyJubJubParams // Verifies that the point is not one of the low-order points. diff --git a/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok b/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok index 730f2c5e..4262d946 100644 --- a/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok +++ b/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok @@ -1,6 +1,6 @@ import "ecc/edwardsAdd" as add import "ecc/edwardsScalarMult" as multiply -import "utils/pack/nonStrictUnpack256" as unpack256 +import "utils/pack/bool/nonStrictUnpack256" as unpack256 from "ecc/babyjubjubParams" import BabyJubJubParams /// Verifies match of a given public/private keypair. @@ -24,6 +24,6 @@ def main(field[2] pk, field sk, BabyJubJubParams context) -> (bool): bool[256] skBits = unpack256(sk) field[2] ptExp = multiply(skBits, G, context) - bool out = ptExp[0] == pk[0] && ptExp[1] == pk[1] + bool out = ptExp[0] == pk[0] && ptExp[1] == pk[1] return out diff --git a/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok b/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok index 148fa031..1dc58b4f 100644 --- a/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok +++ b/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok @@ -4,6 +4,8 @@ import "ecc/babyjubjubParams" as context import "ecc/edwardsAdd" as add import "ecc/edwardsCompress" as edwardsCompress from "ecc/babyjubjubParams" import BabyJubJubParams +import "EMBED/u32_to_bits" as to_bits +import "EMBED/u32_from_bits" as from_bits // Code to export generators used in this example: // import bitstring @@ -16,7 +18,27 @@ from "ecc/babyjubjubParams" import BabyJubJubParams // print(hasher.dsl_code) // 512bit to 256bit Pedersen hash using compression of the field elements -def main(bool[512] e) -> (bool[256]): +def main(u32[16] input) -> (u32[8]): + + bool[512] e = [ \ + ...to_bits(input[0]), + ...to_bits(input[1]), + ...to_bits(input[2]), + ...to_bits(input[3]), + ...to_bits(input[4]), + ...to_bits(input[5]), + ...to_bits(input[6]), + ...to_bits(input[7]), + ...to_bits(input[8]), + ...to_bits(input[9]), + ...to_bits(input[10]), + ...to_bits(input[11]), + ...to_bits(input[12]), + ...to_bits(input[13]), + ...to_bits(input[14]), + ...to_bits(input[15]) + ] + BabyJubJubParams context = context() field[2] a = context.INFINITY //Infinity //Round 0 @@ -705,4 +727,14 @@ def main(bool[512] e) -> (bool[256]): a = add(a, [cx, cy], context) bool[256] aC = edwardsCompress(a) - return aC + + return [\ + from_bits(aC[0..32]), + from_bits(aC[32..64]), + from_bits(aC[64..96]), + from_bits(aC[96..128]), + from_bits(aC[128..160]), + from_bits(aC[160..192]), + from_bits(aC[192..224]), + from_bits(aC[224..256]) + ] diff --git a/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok b/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok index 1b729da4..db57847c 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok @@ -1,13 +1,12 @@ import "./IVconstants" as IVconstants -import "./shaRoundNoBoolCheck" as sha256 +import "./shaRound" as sha256 // A function that takes 4 bool[256] arrays as inputs // and applies 2 rounds of sha256 compression. -// It returns an array of 256 bool. -def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d) -> (bool[256]): +def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> (u32[8]): - bool[256] IV = IVconstants() - bool[256] digest1 = sha256(a, b, IV) - bool[256] digest2 = sha256(c, d, digest1) + u32[8] IV = IVconstants() + u32[8] digest1 = sha256([...a, ...b], IV) + u32[8] digest2 = sha256([...c, ...d], digest1) return digest2 \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok b/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok index 0ad57333..e4f40a9b 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok @@ -1,15 +1,31 @@ import "./1536bit" as sha256 // Take two bool[256] arrays as input // and returns their sha256 full round output as an array of 256 bool. -def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d) -> (bool[256]): +def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> (u32[8]): // Hash is computed on the full 1024bit block size // padding does not fit in the first two blocks // add dummy block (single "1" followed by "0" + total length) - bool[256] dummyblock1 = [true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] - // total length of message is 1024 bits: 0b10000000000 - bool[256] dummyblock2 = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, false, false, false, false, false, false, false, false, false] + u32[8] dummyblock1 = [ \ + 0x80000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000 + ] - bool[256] digest = sha256(a, b, c, d, dummyblock1, dummyblock2) + u32[8] dummyblock2 = [ \ + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000400 + ] - return digest + return sha256(a, b, c, d, dummyblock1, dummyblock2) diff --git a/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok b/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok index b037f967..c303944e 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok @@ -1,14 +1,14 @@ import "./IVconstants" as IVconstants -import "./shaRoundNoBoolCheck" as sha256 +import "./shaRound" as sha256 -// A function that takes 6 bool[256] arrays as inputs +// A function that takes 6 u32[8] arrays as inputs // and applies 3 rounds of sha256 compression. // It returns an array of 256 bool. -def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d, bool[256] e, bool[256] f) -> (bool[256]): +def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d, u32[8] e, u32[8] f) -> (u32[8]): - bool[256] IV = IVconstants() - bool[256] digest1 = sha256(a, b, IV) - bool[256] digest2 = sha256(c, d, digest1) - bool[256] digest3 = sha256(e, f, digest2) + u32[8] IV = IVconstants() + u32[8] digest1 = sha256([...a, ...b], IV) + u32[8] digest2 = sha256([...c, ...d], digest1) + u32[8] digest3 = sha256([...e, ...f], digest2) return digest3 \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok b/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok index fcbb97c6..af4faca5 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok @@ -2,29 +2,20 @@ import "./512bit" as sha256 // A function that takes 1 bool[256] array as input // and returns the sha256 full round output as an array of 256 bool. -def main(bool[256] a) -> (bool[256]): +def main(u32[8] a) -> (u32[8]): // Hash is computed on 256 bits of input // padding fits in the remaining 256 bits of the first block // add dummy block (single "1" followed by "0" + total length) - bool[256] dummyblock1 = [ \ - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0] + u32[8] dummyblock1 = [ \ + 0x80000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000100 + ] - digest = sha256(a, dummyblock1) - - return digest + return sha256(a, dummyblock1) diff --git a/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok b/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok index 422dd047..4202ecac 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok @@ -1,15 +1,9 @@ import "./IVconstants" as IVconstants -import "./shaRoundNoBoolCheck" as sha256 +import "./shaRound" as sha256 -// A function that takes 2 bool[256] arrays as inputs -// and returns their sha256 compression function as an array of 256 bool. -// In contrast to full_round.zok no padding is being applied -def main(bool[256] a, bool[256] b) -> (bool[256]): +// A function that takes 2 u32[8] arrays as inputs +// and returns their sha256 compression function as an array of 8 u32. - // a and b is NOT checked to be of type bool +def main(u32[8] a, u32[8] b) -> (u32[8]): - bool[256] IV = IVconstants() - bool[256] digest = sha256(a, b, IV) - //digest is constraint to be of type bool - - return digest + return sha256([...a, ...b], IVconstants()) diff --git a/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok b/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok index 3eb82203..8c5f9107 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok @@ -1,22 +1,19 @@ -import "../../utils/pack/pack128" as pack128 -import "../../utils/pack/unpack128" as unpack128 +import "../../utils/pack/u32/pack128" as pack128 +import "../../utils/pack/u32/unpack128" as unpack128 import "./512bitPadded" as sha256 // A function that takes an array of 4 field elements as inputs, unpacks each of them to 128 // bits (big endian), concatenates them and applies sha256. // It then returns an array of two field elements, each representing 128 bits of the result. def main(field[4] preimage) -> (field[2]): - bool[128] a = unpack128(preimage[0]) - bool[128] b = unpack128(preimage[1]) - bool[128] c = unpack128(preimage[2]) - bool[128] d = unpack128(preimage[3]) + u32[4] a_bits = unpack128(preimage[0]) + u32[4] b_bits = unpack128(preimage[1]) + u32[4] c_bits = unpack128(preimage[2]) + u32[4] d_bits = unpack128(preimage[3]) - bool[256] lhs = [...a, ...b] - bool[256] rhs = [...c, ...d] + u32[8] lhs = [...a_bits, ...b_bits] + u32[8] rhs = [...c_bits, ...d_bits] - bool[256] r = sha256(lhs, rhs) + u32[8] r = sha256(lhs, rhs) - field res0 = pack128(r[..128]) - field res1 = pack128(r[128..]) - - return [res0, res1] \ No newline at end of file + return [pack128(r[0..4]), pack128(r[4..8])] \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok b/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok index 7c195915..00f6798d 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok @@ -2,16 +2,31 @@ import "./1024bit" as sha256 // A function that takes 2 bool[256] arrays as inputs // and returns their sha256 full round output as an array of 256 bool. -def main(bool[256] a, bool[256] b) -> (bool[256]): +def main(u32[8] a, u32[8] b) -> (u32[8]): // Hash is computed on the full 512bit block size // padding does not fit in the primary block // add dummy block (single "1" followed by "0" + total length) - bool[256] dummyblock1 = [true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] + u32[8] dummyblock1 = [ \ + 0x80000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000 + ] - // total length of message is 512 bits: 0b1000000000 - bool[256] dummyblock2 = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, false, false, false, false, false, false, false, false] + u32[8] dummyblock2 = [ \ + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000200 + ] - bool[256] digest = sha256(a, b, dummyblock1, dummyblock2) - - return digest \ No newline at end of file + return sha256(a, b, dummyblock1, dummyblock2) \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/hashes/sha256/IVconstants.zok b/zokrates_stdlib/stdlib/hashes/sha256/IVconstants.zok index 20340d8d..a62cb51e 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/IVconstants.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/IVconstants.zok @@ -1,15 +1,4 @@ // SHA-256 is specified in FIPS 180-3 and initial values are listed in section 5.3.3 // https://csrc.nist.gov/csrc/media/publications/fips/180/3/archive/2008-10-31/documents/fips180-3_final.pdf -def main() -> (bool[256]): - bool[32] h0 = [false, true, true, false, true, false, true, false, false, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, true, true, false, false, true, true, true] - bool[32] h1 = [true, false, true, true, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, true, true, true, false, true, false, false, false, false, true, false, true] - bool[32] h2 = [false, false, true, true, true, true, false, false, false, true, true, false, true, true, true, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false] - bool[32] h3 = [true, false, true, false, false, true, false, true, false, true, false, false, true, true, true, true, true, true, true, true, false, true, false, true, false, false, true, true, true, false, true, false] - bool[32] h4 = [false, true, false, true, false, false, false, true, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, true, true, true, true, true, true] - bool[32] h5 = [true, false, false, true, true, false, true, true, false, false, false, false, false, true, false, true, false, true, true, false, true, false, false, false, true, false, false, false, true, true, false, false] - bool[32] h6 = [false, false, false, true, true, true, true, true, true, false, false, false, false, false, true, true, true, true, false, true, true, false, false, true, true, false, true, false, true, false, true, true] - bool[32] h7 = [false, true, false, true, true, false, true, true, true, true, true, false, false, false, false, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, false, true] - - bool[256] IV = [...h0, ...h1, ...h2, ...h3, ...h4, ...h5, ...h6, ...h7] - - return IV +def main() -> (u32[8]): + return [0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19] diff --git a/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok b/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok new file mode 100644 index 00000000..aa1c1d23 --- /dev/null +++ b/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok @@ -0,0 +1,126 @@ +import "EMBED/u32_to_bits" as to_bits +import "EMBED/u32_from_bits" as from_bits +import "./IVconstants.zok" + +def right_rotate_2(u32 e) -> (u32): + bool[32] b = to_bits(e) + return from_bits([...b[30..], ...b[..30]]) + +def right_rotate_6(u32 e) -> (u32): + bool[32] b = to_bits(e) + return from_bits([...b[26..], ...b[..26]]) + +def right_rotate_7(u32 e) -> (u32): + bool[32] b = to_bits(e) + return from_bits([...b[25..], ...b[..25]]) + +def right_rotate_11(u32 e) -> (u32): + bool[32] b = to_bits(e) + return from_bits([...b[21..], ...b[..21]]) + +def right_rotate_13(u32 e) -> (u32): + bool[32] b = to_bits(e) + return from_bits([...b[19..], ...b[..19]]) + +def right_rotate_17(u32 e) -> (u32): + bool[32] b = to_bits(e) + return from_bits([...b[15..], ...b[..15]]) + +def right_rotate_18(u32 e) -> (u32): + bool[32] b = to_bits(e) + return from_bits([...b[14..], ...b[..14]]) + +def right_rotate_19(u32 e) -> (u32): + bool[32] b = to_bits(e) + return from_bits([...b[13..], ...b[..13]]) + +def right_rotate_22(u32 e) -> (u32): + bool[32] b = to_bits(e) + return from_bits([...b[10..], ...b[..10]]) + +def right_rotate_25(u32 e) -> (u32): + bool[32] b = to_bits(e) + return from_bits([...b[7..], ...b[..7]]) + +def extend(u32[64] w, field i) -> (u32): + u32 s0 = right_rotate_7(w[i-15]) ^ right_rotate_18(w[i-15]) ^ (w[i-15] >> 3) + u32 s1 = right_rotate_17(w[i-2]) ^ right_rotate_19(w[i-2]) ^ (w[i-2] >> 10) + return w[i-16] + s0 + w[i-7] + s1 + +def temp1(u32 e, u32 f, u32 g, u32 h, u32 k, u32 w) -> (u32): + // ch := (e and f) xor ((not e) and g) + u32 ch = (e & f) ^ ((!e) & g) + + // S1 := (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25) + u32 S1 = right_rotate_6(e) ^ right_rotate_11(e) ^ right_rotate_25(e) + + // temp1 := h + S1 + ch + k + w + return h + S1 + ch + k + w + +def temp2(u32 a, u32 b, u32 c) -> (u32): + // maj := (a and b) xor (a and c) xor (b and c) + u32 maj = (a & b) ^ (a & c) ^ (b & c) + + // S0 := (a rightrotate 2) xor (a rightrotate 13) xor (a rightrotate 22) + u32 S0 = right_rotate_2(a) ^ right_rotate_13(a) ^ right_rotate_22(a) + + // temp2 := S0 + maj + return S0 + maj + +def main(u32[16] input, u32[8] current) -> (u32[8]): + + u32 h0 = current[0] + u32 h1 = current[1] + u32 h2 = current[2] + u32 h3 = current[3] + u32 h4 = current[4] + u32 h5 = current[5] + u32 h6 = current[6] + u32 h7 = current[7] + + u32[64] k = [0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2] + + u32[64] w = [...input, ...[0x00000000; 48]] + + for field i in 16..64 do + u32 r = extend(w, i) + w[i] = r + endfor + + u32 a = h0 + u32 b = h1 + u32 c = h2 + u32 d = h3 + u32 e = h4 + u32 f = h5 + u32 g = h6 + u32 h = h7 + + for field i in 0..64 do + + u32 t1 = temp1(e, f, g, h, k[i], w[i]) + + u32 t2 = temp2(a, b, c) + + h = g + g = f + f = e + e = d + t1 + d = c + c = b + b = a + a = t1 + t2 + + endfor + + h0 = h0 + a + h1 = h1 + b + h2 = h2 + c + h3 = h3 + d + h4 = h4 + e + h5 = h5 + f + h6 = h6 + g + h7 = h7 + h + + return [h0, h1, h2, h3, h4, h5, h6, h7] + diff --git a/zokrates_stdlib/stdlib/hashes/sha256/shaRoundNoBoolCheck.zok b/zokrates_stdlib/stdlib/hashes/sha256/shaRoundNoBoolCheck.zok deleted file mode 100644 index b5a85663..00000000 --- a/zokrates_stdlib/stdlib/hashes/sha256/shaRoundNoBoolCheck.zok +++ /dev/null @@ -1,6 +0,0 @@ -import "EMBED/sha256round" as sha256round -// a and b is NOT checked to be 0 or 1 -// the return value is checked to be 0 or 1 -// IV vector is checked to be of type bool -def main(bool[256] a, bool[256] b, bool[256] IV) -> (bool[256]): - return sha256round([...a, ...b], IV) diff --git a/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok b/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok index 2d4ba181..18e6050c 100644 --- a/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok +++ b/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok @@ -1,2 +1,2 @@ -def main(bool selector, bool[256] lhs, bool[256] rhs) -> (bool[512]): +def main(bool selector, u32[8] lhs, u32[8] rhs) -> (u32[16]): return if selector then [...rhs, ...lhs] else [...lhs, ...rhs] fi \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok b/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok index ec0e6f6d..b1b03c5a 100644 --- a/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok +++ b/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok @@ -1,10 +1,12 @@ import "hashes/sha256/1024bitPadded" as sha256 import "ecc/edwardsScalarMult" as scalarMult import "ecc/edwardsAdd" as add -import "utils/pack/nonStrictUnpack256" as unpack256 +import "utils/pack/bool/nonStrictUnpack256" as unpack256bool +import "utils/pack/u32/nonStrictUnpack256" as unpack256u import "ecc/edwardsOnCurve" as onCurve import "ecc/edwardsOrderCheck" as orderCheck from "ecc/babyjubjubParams" import BabyJubJubParams +import "utils/casts/u32_8_to_bool_256" /// Verifies an EdDSA Signature. /// @@ -27,7 +29,7 @@ from "ecc/babyjubjubParams" import BabyJubJubParams /// /// Returns: /// Return true for S being a valid EdDSA Signature, false otherwise. -def main(private field[2] R, private field S, field[2] A, bool[256] M0, bool[256] M1, BabyJubJubParams context) -> (bool): +def main(private field[2] R, private field S, field[2] A, u32[8] M0, u32[8] M1, BabyJubJubParams context) -> (bool): field[2] G = [context.Gu, context.Gv] @@ -36,11 +38,11 @@ def main(private field[2] R, private field S, field[2] A, bool[256] M0, bool[256 field isPrimeOrder = orderCheck(R, context) 1 == isPrimeOrder - bool[256] Rx = unpack256(R[0]) - bool[256] Ax = unpack256(A[0]) - bool[256] hRAM = sha256(Rx, Ax, M0, M1) + u32[8] Rx = unpack256u(R[0]) + u32[8] Ax = unpack256u(A[0]) + bool[256] hRAM = u32_8_to_bool_256(sha256(Rx, Ax, M0, M1)) - bool[256] sBits = unpack256(S) + bool[256] sBits = unpack256bool(S) field[2] lhs = scalarMult(sBits, G, context) field[2] AhRAM = scalarMult(hRAM, A, context) diff --git a/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok b/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok new file mode 100644 index 00000000..481a0c9d --- /dev/null +++ b/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok @@ -0,0 +1,4 @@ +import "EMBED/u32_from_bits" as from_bits + +def main(bool[128] bits) -> (u32[4]): + return [from_bits(bits[0..32]), from_bits(bits[32..64]), from_bits(bits[64..96]), from_bits(bits[96..128])] diff --git a/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok b/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok new file mode 100644 index 00000000..812f8e3e --- /dev/null +++ b/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok @@ -0,0 +1,4 @@ +import "EMBED/u32_from_bits" as from_bits + +def main(bool[256] bits) -> (u32[8]): + return [from_bits(bits[0..32]), from_bits(bits[32..64]), from_bits(bits[64..96]), from_bits(bits[96..128]), from_bits(bits[128..160]), from_bits(bits[160..192]), from_bits(bits[192..224]), from_bits(bits[224..256])] diff --git a/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok b/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok new file mode 100644 index 00000000..166a22f7 --- /dev/null +++ b/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok @@ -0,0 +1,4 @@ +import "EMBED/u32_to_bits" as to_bits + +def main(u32[4] input) -> (bool[128]): + return [...to_bits(input[0]), ...to_bits(input[1]), ...to_bits(input[2]), ...to_bits(input[3])] diff --git a/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok b/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok new file mode 100644 index 00000000..e47013d5 --- /dev/null +++ b/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok @@ -0,0 +1,4 @@ +import "EMBED/u32_to_bits" as to_bits + +def main(u32[8] input) -> (bool[256]): + return [...to_bits(input[0]), ...to_bits(input[1]), ...to_bits(input[2]), ...to_bits(input[3]), ...to_bits(input[4]), ...to_bits(input[5]), ...to_bits(input[6]), ...to_bits(input[7])] diff --git a/zokrates_stdlib/stdlib/utils/multiplexer/256bit.zok b/zokrates_stdlib/stdlib/utils/multiplexer/256bit.zok index 30fa993c..c3d111c4 100644 --- a/zokrates_stdlib/stdlib/utils/multiplexer/256bit.zok +++ b/zokrates_stdlib/stdlib/utils/multiplexer/256bit.zok @@ -1,2 +1,2 @@ -def main(bool selector, bool[256] lhs, bool[256] rhs) -> (bool[256]): +def main(bool selector, u32[8] lhs, u32[8] rhs) -> (u32[8]): return if selector then rhs else lhs fi \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/utils/pack/nonStrictUnpack256.zok b/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok similarity index 87% rename from zokrates_stdlib/stdlib/utils/pack/nonStrictUnpack256.zok rename to zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok index 95a64d10..31942bee 100644 --- a/zokrates_stdlib/stdlib/utils/pack/nonStrictUnpack256.zok +++ b/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok @@ -10,4 +10,4 @@ def main(field i) -> (bool[256]): bool[254] b = unpack(i) - return [false, false, ...b] + return [false, false, ...b] \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/utils/pack/pack128.zok b/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok similarity index 58% rename from zokrates_stdlib/stdlib/utils/pack/pack128.zok rename to zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok index 4c6f0adb..2fd8f956 100644 --- a/zokrates_stdlib/stdlib/utils/pack/pack128.zok +++ b/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok @@ -1,9 +1,13 @@ +#pragma curve bn128 + def main(bool[128] bits) -> (field): field out = 0 - for field j in 0..128 do - field i = 128 - (j + 1) + field len = 128 + + for field j in 0..len do + field i = len - (j + 1) out = out + if bits[i] then (2 ** j) else 0 fi endfor diff --git a/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok b/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok new file mode 100644 index 00000000..b5016aa1 --- /dev/null +++ b/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok @@ -0,0 +1,14 @@ +#pragma curve bn128 + +def main(bool[256] input) -> (field): + + field out = 0 + + field len = 256 + + for field j in 0..len do + field i = len - (j + 1) + out = out + if bits[i] then (2 ** j) else 0 fi + endfor + + return out \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/utils/pack/unpack128.zok b/zokrates_stdlib/stdlib/utils/pack/bool/unpack128.zok similarity index 100% rename from zokrates_stdlib/stdlib/utils/pack/unpack128.zok rename to zokrates_stdlib/stdlib/utils/pack/bool/unpack128.zok diff --git a/zokrates_stdlib/stdlib/utils/pack/pack256.zok b/zokrates_stdlib/stdlib/utils/pack/pack256.zok deleted file mode 100644 index 7c5e3129..00000000 --- a/zokrates_stdlib/stdlib/utils/pack/pack256.zok +++ /dev/null @@ -1,10 +0,0 @@ -def main(bool[256] bits) -> (field): - - field out = 0 - - for field j in 0..256 do - field i = 256 - (j + 1) - out = out + if bits[i] then (2 ** j) else 0 fi - endfor - - return out \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok b/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok new file mode 100644 index 00000000..c2832467 --- /dev/null +++ b/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok @@ -0,0 +1,12 @@ +#pragma curve bn128 + +// Non-strict version: +// Note that this does not strongly enforce that the commitment is +// in the field. + +import "../bool/nonStrictUnpack256" as unpack +import "../../casts/bool_256_to_u32_8" as from_bits + +def main(field i) -> (u32[8]): + + return from_bits(unpack(i)) \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok b/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok new file mode 100644 index 00000000..e2d000d4 --- /dev/null +++ b/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok @@ -0,0 +1,10 @@ +#pragma curve bn128 + +import "EMBED/u32_to_bits" as to_bits +import "../bool/pack128" + +def main(u32[4] input) -> (field): + + bool[128] bits = [...to_bits(input[0]), ...to_bits(input[1]), ...to_bits(input[2]), ...to_bits(input[3])] + + return pack128(bits) \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok b/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok new file mode 100644 index 00000000..17daa427 --- /dev/null +++ b/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok @@ -0,0 +1,10 @@ +#pragma curve bn128 + +import "EMBED/u32_to_bits" as to_bits +import "../bool/pack256" + +def main(u32[8] input) -> (field): + + bool[256] bits = [...to_bits(input[0]), ...to_bits(input[1]), ...to_bits(input[2]), ...to_bits(input[3]), ...to_bits(input[4]), ...to_bits(input[5]), ...to_bits(input[6]), ...to_bits(input[7])] + + return pack256(bits) \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok b/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok new file mode 100644 index 00000000..2c09ca81 --- /dev/null +++ b/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok @@ -0,0 +1,7 @@ +#pragma curve bn128 + +import "../bool/unpack128" as unpack +import "../../casts/bool_128_to_u32_4" as from_bits + +def main(field i) -> (u32[4]): + return from_bits(unpack(i)) \ No newline at end of file diff --git a/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok b/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok index 3be541c1..4e99b22d 100644 --- a/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok +++ b/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok @@ -2,7 +2,6 @@ import "ecc/babyjubjubParams" as context from "ecc/babyjubjubParams" import BabyJubJubParams import "ecc/proofOfOwnership" as proofOfOwnership import "ecc/edwardsScalarMult" as multiply -import "utils/pack/nonStrictUnpack256" as unpack256 // Code to create test cases: // https://github.com/Zokrates/pycrypto diff --git a/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok b/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok index 9e281330..7d7f7fae 100644 --- a/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok +++ b/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok @@ -16,10 +16,10 @@ import "hashes/pedersen/512bit" as pedersen def main() -> (field): - bool[512] e = [false, false, false, true, false, true, true, true, true, true, false, true, false, false, true, false, true, true, true, false, false, true, true, false, true, true, false, true, true, false, false, true, false, true, false, true, true, true, false, false, false, true, true, true, false, true, false, false, true, true, true, false, true, false, false, true, false, true, true, true, true, true, false, false, false, true, false, false, true, false, true, true, true, true, true, true, false, true, true, false, false, false, false, false, true, true, false, false, true, true, false, false, false, false, false, false, true, true, false, false, false, true, true, false, true, false, true, false, false, true, true, false, true, false, true, true, false, true, false, false, false, false, false, true, false, true, true, true, true, false, true, true, true, false, true, false, true, true, true, true, true, true, false, false, false, true, false, true, false, true, false, false, true, true, true, false, true, false, false, true, false, false, true, false, false, false, false, false, false, true, false, true, true, true, false, false, true, false, false, false, false, false, false, false, true, false, false, false, false, false, false, false, false, false, true, false, false, true, true, false, false, false, false, true, true, true, true, true, false, true, false, false, false, false, true, false, false, true, false, false, false, true, false, false, true, false, false, true, false, true, true, false, false, false, true, true, false, true, false, false, true, true, false, true, false, true, true, false, true, true, false, true, true, true, true, true, true, false, false, false, true, true, true, false, false, true, true, true, true, true, true, true, false, true, false, true, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, false, true, false, true, false, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, true, false, false, true, true, true, true, false, false, false, true, true, true, false, true, true, true, false, false, false, false, false, true, true, false, false, false, false, false, true, true, true, false, false, false, true, true, false, false, false, true, true, true, true, false, false, true, false, false, false, true, true, true, false, false, true, false, false, false, true, true, true, true, false, true, false, true, true, false, true, false, true, true, true, false, true, true, true, false, true, false, false, true, true, true, true, false, true, true, false, false, true, false, true, false, false, false, true, true, false, false, true, true, false, false, true, false, false, false, false, true, false, false, false, false, false, false, false, false, true, true, true, true, false, false, false, true, true, false, false, false, true, false, false, true, true, true, false, false, true, false, false, true, false, true, true, false, true, false, true, true, false, false, false, false, false, false, true, false, true, false, false, false, true, false, false, false, true, true, false, false, false, true, true, false, true, false, true, true, false, false, false, true, false, true, false, true, false, false, false, false, false, false, false, true, true, true, true, true] + u32[16] e = [0x17d2e6d9, 0x5c74e97c, 0x4bf60cc0, 0xc6a6b417, 0xbafc54e9, 0x205c8080, 0x261f4244, 0x9634d6df, 0x8e7f5e06, 0x6a296ecf, 0x1dc1838c, 0x791c8f5a, 0xee9eca33, 0x2100f189, 0xc96b0288, 0xc6b1501f] - bool[256] d = pedersen(e) + u32[8] d = pedersen(e) - d == [false, false, false, false, false, true, true, false, true, true, false, true, true, true, true, true, true, false, true, false, true, true, false, false, true, false, true, false, false, false, false, false, true, true, false, true, true, false, false, false, false, false, true, false, true, true, false, false, false, false, false, false, false, true, true, true, true, false, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, true, true, true, true, false, false, false, false, true, true, true, true, false, true, true, false, false, true, false, true, true, true, true, false, true, true, false, false, true, true, false, false, true, false, true, false, false, true, true, false, false, false, true, true, false, false, false, false, false, false, false, false, false, true, false, true, false, false, true, true, true, true, true, false, true, true, true, true, false, false, false, true, false, false, true, true, true, true, true, false, false, false, true, false, true, true, false, true, false, false, false, true, false, false, true, false, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, false, false, true, false, false, true, true, false, false, false, true, false, true, false, false, true, true, true, true, true, false, false, false, true, false, true, false, false, true, true, false, true, false, true, true, true, false, false, false, false, false, false, true, false, true, false, true, false, false, false, true, false, true, false, false, false, false, false, true, false, true, false, false, false, false, false, false, false, true, false, true, true] + d == [0x06dfaca0, 0xd82c07ae, 0x33787b2f, 0x66531802, 0x9f789f16, 0x89218926, 0x29f14d70, 0x2a28280b] return 1 \ No newline at end of file diff --git a/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok b/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok index 0a8066ee..6b428be2 100644 --- a/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok +++ b/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok @@ -17,13 +17,13 @@ import "hashes/sha256/1024bitPadded" as sha256 def main() -> (field): - bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] - bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] - bool[256] c = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] - bool[256] d = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] + u32[8] a = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] + u32[8] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] + u32[8] c = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] + u32[8] d = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005] - bool[256] digest = sha256(a, b, c, d) + u32[8] digest = sha256(a, b, c, d) - digest == [true, true, true, false, true, true, true, true, true, false, true, false, false, true, false, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, false, true, false, false, true, false, true, true, true, false, false, false, true, true, true, false, true, true, false, true, false, true, true, false, true, false, false, true, false, false, true, false, true, false, true, true, true, false, true, false, true, false, true, false, true, false, true, true, true, false, true, true, true, true, true, true, true, false, true, true, false, true, true, true, true, true, true, true, false, false, true, false, false, false, true, false, true, true, true, false, true, false, true, false, false, true, true, false, false, true, false, false, false, false, false, false, true, false, false, false, false, false, false, false, true, false, false, true, false, true, true, false, false, true, true, true, true, false, false, true, false, false, false, false, false, false, false, false, true, false, false, true, false, false, false, true, false, true, true, false, false, true, true, true, false, false, false, true, true, true, false, true, false, true, true, false, false, false, true, true, false, false, false, false, true, true, true, false, false, true, true, true, false, true, false, true, false, true, false, false, true, true, false, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, false, false, false, true, true, false, true, true, false, false, false, true, true, true, false, false, false, true, false, false, false, false, false, true, true] + digest == [0xefa41ca4, 0xa5c76b49, 0x5d55dfdb, 0xf9175320, 0x404b3c80, 0x48b38eb1, 0x873aa663, 0x3a363883] return 1 \ No newline at end of file diff --git a/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok b/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok index f87a6d33..64fdf1f6 100644 --- a/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok +++ b/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok @@ -1,11 +1,11 @@ import "hashes/sha256/512bit" as sha256 def main() -> (field): -bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] -bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] +u32[8] a = [0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89] +u32[8] b = [0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917] -bool[256] digest = sha256(a, b) +u32[8] digest = sha256(a, b) -digest == [false, false, false, true, true, true, true, true, false, false, true, true, true, false, true, true, true, false, false, false, true, false, true, true, true, false, false, true, true, false, false, false, true, true, false, false, false, false, true, false, false, false, false, true, true, true, true, false, true, false, true, true, true, false, false, false, true, false, false, true, false, true, false, false, false, false, true, true, true, true, false, false, true, false, false, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, false, false, true, false, true, true, false, false, false, false, false, true, false, true, false, false, false, false, false, true, false, true, false, false, true, false, true, true, false, true, true, false, false, false, false, true, false, false, false, false, false, true, false, true, false, true, false, true, false, true, true, false, false, false, true, false, false, true, true, false, false, false, false, true, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, true, true, false, true, false, true, true, true, true, false, true, true, true, true, false, false, false, true, false, false, true, true, true, false, true, false, false, false, false, false, false, true, true, true, true, false, true, true, true, true, true, false, true, false, true, false, true, true, false, false, true, true, false, false, false, false, true, true, true, true, false, true, false, false, true, false, true, true, false, true] +digest == [0xcf0ae4eb, 0x67d38ffe, 0xb9406898, 0x4b22abde, 0x4e92bc54, 0x8d14585e, 0x48dca888, 0x2d7b09ce] return 1 \ No newline at end of file diff --git a/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok b/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok index 16872273..72bdeb51 100644 --- a/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok +++ b/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok @@ -15,12 +15,12 @@ import "hashes/sha256/512bitPadded" as sha256 def main() -> (field): -bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] -bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] + u32[8] a = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] + u32[8] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005] - bool[256] digest = sha256(a, b) + u32[8] digest = sha256(a, b) - digest == [true, true, false, false, false, true, true, false, false, true, false, false, true, false, false, false, false, false, false, true, true, true, true, false, false, false, true, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, true, true, true, true, true, true, false, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, true, false, true, false, true, true, true, true, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, true, true, false, false, false, true, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, true, true, true, true, false, true, false, false, false, true, true, true, false, true, true, false, true, false, false, true, true, false, false, false, true, false, false, true, false, false, false, false, false, true, true, true, false, true, true, true, false, true, true, true, true, true, true, true, true, true, false, false, false, true, false, false, true, true, true, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, false, false, true, true, true, true, true, false, false, false, true, false, false, true, false, true, false, false, true, true, false, true, true, true, true, true, false, true, false, true, false, true, false, true, false, true, false, true, true, true, false, false, false, false, false, false, true, false, true, true, false, false, true, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, false] + digest == [0xc6481e22, 0xc5ff4164, 0xaf680b8c, 0xfaa5e8ed, 0x3120eeff, 0x89c4f307, 0xc4a6faaa, 0xe059ce10] return 1 \ No newline at end of file diff --git a/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok b/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok index 7ba74bc0..ec692b88 100644 --- a/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok +++ b/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok @@ -16,20 +16,20 @@ import "hashes/utils/256bitsDirectionHelper" as direction def left() -> (field): - bool[256] a = [false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false] - bool[256] b = [false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true] + u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38] + u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] - bool[512] out = direction(false, a, b) - out == [false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true] + u32[16] out = direction(false, a, b) + out == [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38, 0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] return 1 def right() -> (field): - bool[256] a = [false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false] - bool[256] b = [false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true] + u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38] + u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] - bool[512] out = direction(true, a, b) - out == [false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true, false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false] + u32[16] out = direction(true, a, b) + out == [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557, 0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38] return 1 def main() -> (field): diff --git a/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok b/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok index 09dfe7a5..0e01b84f 100644 --- a/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok +++ b/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok @@ -14,8 +14,8 @@ def main() -> (field): // Private Key field[2] A = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174] - bool[256] M0 = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] - bool[256] M1 = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] + u32[8] M0 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] + u32[8] M1 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005] bool isVerified = verifyEddsa(R, S, A, M0, M1, context) isVerified == true diff --git a/zokrates_stdlib/tests/tests/utils/multiplexer/256bit.zok b/zokrates_stdlib/tests/tests/utils/multiplexer/256bit.zok index 08eae996..864b059d 100644 --- a/zokrates_stdlib/tests/tests/utils/multiplexer/256bit.zok +++ b/zokrates_stdlib/tests/tests/utils/multiplexer/256bit.zok @@ -3,11 +3,11 @@ import "utils/multiplexer/256bit" as multiplex def left() -> (field): bool bit = false //left - bool[256] a = [false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false] + u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38] - bool[256] b = [false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true] + u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] - bool[256] output = [false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false] + u32[8] output = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38] output == multiplex(bit, a, b) return 1 @@ -15,11 +15,11 @@ def left() -> (field): def right() -> (field): bool bit = true //right - bool[256] a = [false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false] + u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38] - bool[256] b = [false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true] + u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] - bool[256] output = [false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true] + u32[8] output = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] output == multiplex(bit, a, b) return 1 diff --git a/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json b/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json new file mode 100644 index 00000000..80d78cfa --- /dev/null +++ b/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/bool/nonStrictUnpack256.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": ["1"] + } + } + } + ] +} \ No newline at end of file diff --git a/zokrates_stdlib/tests/tests/utils/pack/nonStrictUnpack256.zok b/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok similarity index 99% rename from zokrates_stdlib/tests/tests/utils/pack/nonStrictUnpack256.zok rename to zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok index acdf18e1..ebbcd4ac 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/nonStrictUnpack256.zok +++ b/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok @@ -1,4 +1,4 @@ -import "utils/pack/nonStrictUnpack256" as unpack256 +import "utils/pack/bool/nonStrictUnpack256" as unpack256 def testFive() -> (field): diff --git a/zokrates_stdlib/tests/tests/utils/pack/unpack128.json b/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json similarity index 70% rename from zokrates_stdlib/tests/tests/utils/pack/unpack128.json rename to zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json index b5f7768f..f9fc4dc4 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/unpack128.json +++ b/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json @@ -1,5 +1,5 @@ { - "entry_point": "./tests/tests/utils/pack/unpack128.zok", + "entry_point": "./tests/tests/utils/pack/bool/pack128.zok", "curves": ["Bn128"], "tests": [ { diff --git a/zokrates_stdlib/tests/tests/utils/pack/pack128.zok b/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok similarity index 98% rename from zokrates_stdlib/tests/tests/utils/pack/pack128.zok rename to zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok index 11ff1ff4..819ed8e1 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/pack128.zok +++ b/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok @@ -1,4 +1,4 @@ -import "utils/pack/pack128" as pack128 +import "utils/pack/bool/pack128" as pack128 def testFive() -> (field): diff --git a/zokrates_stdlib/tests/tests/utils/pack/nonStrictUnpack256.json b/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json similarity index 68% rename from zokrates_stdlib/tests/tests/utils/pack/nonStrictUnpack256.json rename to zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json index fe66a5c8..d7868da7 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/nonStrictUnpack256.json +++ b/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json @@ -1,5 +1,5 @@ { - "entry_point": "./tests/tests/utils/pack/nonStrictUnpack256.zok", + "entry_point": "./tests/tests/utils/pack/bool/unpack128.zok", "curves": ["Bn128"], "tests": [ { diff --git a/zokrates_stdlib/tests/tests/utils/pack/unpack128.zok b/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok similarity index 98% rename from zokrates_stdlib/tests/tests/utils/pack/unpack128.zok rename to zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok index 2b81cd34..f86bd856 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/unpack128.zok +++ b/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok @@ -1,4 +1,4 @@ -import "utils/pack/unpack128" as unpack128 +import "utils/pack/bool/unpack128" as unpack128 def testFive() -> (field): diff --git a/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json b/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json new file mode 100644 index 00000000..0aa40ce2 --- /dev/null +++ b/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/u32/nonStrictUnpack256.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": ["1"] + } + } + } + ] +} \ No newline at end of file diff --git a/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok b/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok new file mode 100644 index 00000000..3ccc32c4 --- /dev/null +++ b/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok @@ -0,0 +1,41 @@ +import "utils/pack/u32/nonStrictUnpack256" as unpack256 + +def testFive() -> (field): + + u32[8] b = unpack256(5) + + b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005] + + return 1 + +def testZero() -> (field): + + u32[8] b = unpack256(0) + + b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] + + return 1 + +def testLarge() -> (field): + + u32[8] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991) + + b == [0x1fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff] + + return 1 + +def testMax() -> (field): + + u32[8] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616) + + b == [0x30644e72, 0xe131a029, 0xb85045b6, 0x8181585d, 0x2833e848, 0x79b97091, 0x43e1f593, 0xf0000000] + + return 1 + + def main() -> (field): + + 1 == testFive() + 1 == testMax() + 1 == testZero() + 1 == testLarge() + return 1 diff --git a/zokrates_stdlib/tests/tests/utils/pack/pack128.json b/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json similarity index 70% rename from zokrates_stdlib/tests/tests/utils/pack/pack128.json rename to zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json index f581763f..7e615a3e 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/pack128.json +++ b/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json @@ -1,5 +1,5 @@ { - "entry_point": "./tests/tests/utils/pack/pack128.zok", + "entry_point": "./tests/tests/utils/pack/u32/pack128.zok", "curves": ["Bn128"], "tests": [ { diff --git a/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok b/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok new file mode 100644 index 00000000..ecd0e7a8 --- /dev/null +++ b/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok @@ -0,0 +1,36 @@ +import "utils/pack/u32/pack128" as pack128 + +def testFive() -> (field): + + u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000005] + field n = pack128(b) + + 5 == n + + return 1 + +def testZero() -> (field): + + u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000] + field n = pack128(b) + + 0 == n + + return 1 + +def testMax() -> (field): + + u32[4] b = [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff] + field n = pack128(b) + + 2**128 - 1 == n + + return 1 + + def main() -> (field): + + 1 == testFive() + 1 == testMax() + 1 == testZero() + + return 1 diff --git a/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json b/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json new file mode 100644 index 00000000..75252d88 --- /dev/null +++ b/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/u32/unpack128.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": ["1"] + } + } + } + ] +} \ No newline at end of file diff --git a/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok b/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok new file mode 100644 index 00000000..b264ded7 --- /dev/null +++ b/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok @@ -0,0 +1,33 @@ +import "utils/pack/u32/unpack128" as unpack128 + +def testFive() -> (field): + + u32[4] b = unpack128(5) + + b == [0x00000000, 0x00000000, 0x00000000, 0x00000005] + + return 1 + +def testZero() -> (field): + + u32[4] b = unpack128(0) + + b == [0x00000000, 0x00000000, 0x00000000, 0x00000000] + + return 1 + +def testMax() -> (field): + + u32[4] b = unpack128(2**128 - 1) + + b == [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff] + + return 1 + + def main() -> (field): + + 1 == testFive() + 1 == testMax() + 1 == testZero() + + return 1 From 802ab653e6a3dd23ca51d3f0341e52180bc8094e Mon Sep 17 00:00:00 2001 From: schaeff Date: Fri, 3 Jul 2020 18:29:57 +0200 Subject: [PATCH 10/23] remove print --- zokrates_core/src/semantics.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/zokrates_core/src/semantics.rs b/zokrates_core/src/semantics.rs index 52bbd20b..3a4c314e 100644 --- a/zokrates_core/src/semantics.rs +++ b/zokrates_core/src/semantics.rs @@ -396,8 +396,6 @@ impl<'ast> Checker<'ast> { match Checker::new().check_module(&import.module_id, state) { Ok(()) => { - println!("{:?} {:#?}", import.module_id, state.typed_modules.keys()); - // find candidates in the checked module let function_candidates: Vec<_> = state .typed_modules From 83d0a299123aa19decb42331e69ffd36dca513b9 Mon Sep 17 00:00:00 2001 From: schaeff Date: Mon, 6 Jul 2020 17:02:10 +0200 Subject: [PATCH 11/23] switch off release mode on tests --- zokrates_test/src/lib.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/zokrates_test/src/lib.rs b/zokrates_test/src/lib.rs index e3ca6b8c..1e52048f 100644 --- a/zokrates_test/src/lib.rs +++ b/zokrates_test/src/lib.rs @@ -108,12 +108,14 @@ fn compile_and_run(t: Tests) { code, t.entry_point.clone(), Some(&resolver), - &CompileConfig::default().with_is_release(true), + &CompileConfig::default(), ) .unwrap(); let bin = artifacts.prog(); + println!("NOTE: We do not compile in release mode here, so the metrics below are conservative"); + match t.max_constraint_count { Some(target_count) => { let count = bin.constraint_count(); From 76940140d6c813e39272825eae0210fd47350c0e Mon Sep 17 00:00:00 2001 From: schaeff Date: Mon, 6 Jul 2020 17:17:35 +0200 Subject: [PATCH 12/23] fix stdlib tests --- zokrates_js/tests/stdlib.test.js | 2 +- zokrates_js/tests/utils.test.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/zokrates_js/tests/stdlib.test.js b/zokrates_js/tests/stdlib.test.js index f90ba414..faa345ae 100644 --- a/zokrates_js/tests/stdlib.test.js +++ b/zokrates_js/tests/stdlib.test.js @@ -6,7 +6,7 @@ describe('stdlib', function() { it('should resolve module from stdlib (1)', function() { let basePath = 'hashes/sha256/512bitPacked.zok'; - let relativePath = '../../utils/pack/pack128'; + let relativePath = '../../utils/pack/u32/pack128'; let absolutePath = utils.appendExtension(utils.getAbsolutePath(basePath, relativePath), '.zok'); assert.notEqual(stdlib[absolutePath], undefined); diff --git a/zokrates_js/tests/utils.test.js b/zokrates_js/tests/utils.test.js index 1ac375f8..c324c23a 100644 --- a/zokrates_js/tests/utils.test.js +++ b/zokrates_js/tests/utils.test.js @@ -13,10 +13,10 @@ describe('absolute path resolving', function() { it('should resolve valid absolute path (../)', function() { let basePath = 'hashes/sha256/512bitPacked'; - let relativePath = '../../utils/pack/pack128'; + let relativePath = '../../utils/pack/u32/pack128'; let absolutePath = utils.getAbsolutePath(basePath, relativePath); - assert.equal(absolutePath, 'utils/pack/pack128'); + assert.equal(absolutePath, 'utils/pack/u32/pack128'); }); it('should resolve valid absolute path (./)', function() { From ee97e413348f006937c4e4e011c3f24dfb5b5561 Mon Sep 17 00:00:00 2001 From: schaeff Date: Mon, 6 Jul 2020 22:49:57 +0200 Subject: [PATCH 13/23] force reduction of UintEq members --- .../src/static_analysis/uint_optimizer.rs | 18 ++++++++++++++++++ zokrates_core_test/tests/tests/uint/eq.json | 4 ++++ zokrates_core_test/tests/tests/uint/eq.zok | 3 +++ 3 files changed, 25 insertions(+) create mode 100644 zokrates_core_test/tests/tests/uint/eq.json create mode 100644 zokrates_core_test/tests/tests/uint/eq.zok diff --git a/zokrates_core/src/static_analysis/uint_optimizer.rs b/zokrates_core/src/static_analysis/uint_optimizer.rs index d7ba88f0..37808c01 100644 --- a/zokrates_core/src/static_analysis/uint_optimizer.rs +++ b/zokrates_core/src/static_analysis/uint_optimizer.rs @@ -53,6 +53,24 @@ fn force_no_reduce<'ast, T: Field>(e: UExpression<'ast, T>) -> UExpression<'ast, } impl<'ast, T: Field> Folder<'ast, T> for UintOptimizer<'ast, T> { + fn fold_boolean_expression( + &mut self, + e: BooleanExpression<'ast, T>, + ) -> BooleanExpression<'ast, T> { + match e { + BooleanExpression::UintEq(box left, box right) => { + let left = self.fold_uint_expression(left); + let right = self.fold_uint_expression(right); + + let left = force_reduce(left); + let right = force_reduce(right); + + BooleanExpression::UintEq(box left, box right) + } + e => fold_boolean_expression(self, e), + } + } + fn fold_uint_expression(&mut self, e: UExpression<'ast, T>) -> UExpression<'ast, T> { if e.metadata.is_some() { return e; diff --git a/zokrates_core_test/tests/tests/uint/eq.json b/zokrates_core_test/tests/tests/uint/eq.json new file mode 100644 index 00000000..9c1e9c7e --- /dev/null +++ b/zokrates_core_test/tests/tests/uint/eq.json @@ -0,0 +1,4 @@ +{ + "entry_point": "./tests/tests/uint/eq.zok", + "tests": [] +} \ No newline at end of file diff --git a/zokrates_core_test/tests/tests/uint/eq.zok b/zokrates_core_test/tests/tests/uint/eq.zok new file mode 100644 index 00000000..07eadf24 --- /dev/null +++ b/zokrates_core_test/tests/tests/uint/eq.zok @@ -0,0 +1,3 @@ +def main(private u32 a, u32 b) -> (field): + field result = if a * a == b then 1 else 0 fi + return result \ No newline at end of file From 4290b991f05e5293faf349fa8a60d25d63466e65 Mon Sep 17 00:00:00 2001 From: schaeff Date: Tue, 7 Jul 2020 17:35:38 +0200 Subject: [PATCH 14/23] implemented unimplemented --- .../static_analysis/flatten_complex_types.rs | 27 +++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/zokrates_core/src/static_analysis/flatten_complex_types.rs b/zokrates_core/src/static_analysis/flatten_complex_types.rs index 877e63dd..eb2c7b81 100644 --- a/zokrates_core/src/static_analysis/flatten_complex_types.rs +++ b/zokrates_core/src/static_analysis/flatten_complex_types.rs @@ -569,7 +569,10 @@ pub fn fold_boolean_expression<'ast, T: Field>( (zir::ZirExpression::Boolean(e1), zir::ZirExpression::Boolean(e2)) => { zir::BooleanExpression::BoolEq(box e1, box e2) } - _ => unimplemented!(), + (zir::ZirExpression::Uint(e1), zir::ZirExpression::Uint(e2)) => { + zir::BooleanExpression::UintEq(box e1, box e2) + } + _ => unreachable!(), }, ) }, @@ -581,7 +584,27 @@ pub fn fold_boolean_expression<'ast, T: Field>( assert_eq!(e1.len(), e2.len()); - unimplemented!() + e1.into_iter().zip(e2.into_iter()).fold( + zir::BooleanExpression::Value(true), + |acc, (e1, e2)| { + zir::BooleanExpression::And( + box acc, + box match (e1, e2) { + ( + zir::ZirExpression::FieldElement(e1), + zir::ZirExpression::FieldElement(e2), + ) => zir::BooleanExpression::FieldEq(box e1, box e2), + (zir::ZirExpression::Boolean(e1), zir::ZirExpression::Boolean(e2)) => { + zir::BooleanExpression::BoolEq(box e1, box e2) + } + (zir::ZirExpression::Uint(e1), zir::ZirExpression::Uint(e2)) => { + zir::BooleanExpression::UintEq(box e1, box e2) + } + _ => unreachable!(), + }, + ) + }, + ) } typed_absy::BooleanExpression::UintEq(box e1, box e2) => { let e1 = f.fold_uint_expression(e1); From 23365529aa74eba14d8fa5eba1b7c970eef28153 Mon Sep 17 00:00:00 2001 From: schaeff Date: Thu, 9 Jul 2020 16:10:01 +0200 Subject: [PATCH 15/23] change precedence rules to follow python --- zokrates_core_test/tests/tests/precedence.zok | 2 ++ zokrates_pest_ast/src/lib.rs | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/zokrates_core_test/tests/tests/precedence.zok b/zokrates_core_test/tests/tests/precedence.zok index 86404b44..96fc6142 100644 --- a/zokrates_core_test/tests/tests/precedence.zok +++ b/zokrates_core_test/tests/tests/precedence.zok @@ -11,6 +11,8 @@ def main(field g) -> (field): field e = if 2 >= 1 && 4 > 5 || 1 == 1 then 1 else 0 fi field f = if 1 < 2 && false || 4 < 5 && 2 >= 1 then 1 else 0 fi + 0x00 ^ 0x00 == 0x00 + //check if all statements have evalutated to true a * b * c * d * e * f == 1 return g diff --git a/zokrates_pest_ast/src/lib.rs b/zokrates_pest_ast/src/lib.rs index cba0188a..ca75bcdb 100644 --- a/zokrates_pest_ast/src/lib.rs +++ b/zokrates_pest_ast/src/lib.rs @@ -36,15 +36,15 @@ mod ast { PrecClimber::new(vec![ Operator::new(Rule::op_or, Assoc::Left), Operator::new(Rule::op_and, Assoc::Left), - Operator::new(Rule::op_bit_or, Assoc::Left), - Operator::new(Rule::op_bit_xor, Assoc::Left), - Operator::new(Rule::op_bit_and, Assoc::Left), Operator::new(Rule::op_equal, Assoc::Left) - | Operator::new(Rule::op_not_equal, Assoc::Left), - Operator::new(Rule::op_lte, Assoc::Left) + | Operator::new(Rule::op_not_equal, Assoc::Left) + | Operator::new(Rule::op_lte, Assoc::Left) | Operator::new(Rule::op_gte, Assoc::Left) | Operator::new(Rule::op_lt, Assoc::Left) | Operator::new(Rule::op_gt, Assoc::Left), + Operator::new(Rule::op_bit_or, Assoc::Left), + Operator::new(Rule::op_bit_xor, Assoc::Left), + Operator::new(Rule::op_bit_and, Assoc::Left), Operator::new(Rule::op_right_shift, Assoc::Left) | Operator::new(Rule::op_left_shift, Assoc::Left), Operator::new(Rule::op_add, Assoc::Left) | Operator::new(Rule::op_sub, Assoc::Left), From 1e35c8f385ab1b0fb08f6ce60d9950ea8a584e30 Mon Sep 17 00:00:00 2001 From: schaeff Date: Thu, 9 Jul 2020 19:19:11 +0200 Subject: [PATCH 16/23] tweak precedence, add reference --- zokrates_pest_ast/src/lib.rs | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/zokrates_pest_ast/src/lib.rs b/zokrates_pest_ast/src/lib.rs index ca75bcdb..267d6a23 100644 --- a/zokrates_pest_ast/src/lib.rs +++ b/zokrates_pest_ast/src/lib.rs @@ -32,21 +32,22 @@ mod ast { static ref PREC_CLIMBER: PrecClimber = build_precedence_climber(); } + // based on https://docs.python.org/3/reference/expressions.html#operator-precedence fn build_precedence_climber() -> PrecClimber { PrecClimber::new(vec![ Operator::new(Rule::op_or, Assoc::Left), Operator::new(Rule::op_and, Assoc::Left), - Operator::new(Rule::op_equal, Assoc::Left) - | Operator::new(Rule::op_not_equal, Assoc::Left) + Operator::new(Rule::op_lt, Assoc::Left) | Operator::new(Rule::op_lte, Assoc::Left) + | Operator::new(Rule::op_gt, Assoc::Left) | Operator::new(Rule::op_gte, Assoc::Left) - | Operator::new(Rule::op_lt, Assoc::Left) - | Operator::new(Rule::op_gt, Assoc::Left), + | Operator::new(Rule::op_not_equal, Assoc::Left) + | Operator::new(Rule::op_equal, Assoc::Left), Operator::new(Rule::op_bit_or, Assoc::Left), Operator::new(Rule::op_bit_xor, Assoc::Left), Operator::new(Rule::op_bit_and, Assoc::Left), - Operator::new(Rule::op_right_shift, Assoc::Left) - | Operator::new(Rule::op_left_shift, Assoc::Left), + Operator::new(Rule::op_left_shift, Assoc::Left) + | Operator::new(Rule::op_right_shift, Assoc::Left), Operator::new(Rule::op_add, Assoc::Left) | Operator::new(Rule::op_sub, Assoc::Left), Operator::new(Rule::op_mul, Assoc::Left) | Operator::new(Rule::op_div, Assoc::Left), Operator::new(Rule::op_pow, Assoc::Left), From 0c45880c2e637ef0b9d53c93da4240b4f2f8dde8 Mon Sep 17 00:00:00 2001 From: schaeff Date: Wed, 15 Jul 2020 16:23:28 +0200 Subject: [PATCH 17/23] introduce explicit assert syntax --- zokrates_cli/examples/error/assert.zok | 5 +++++ zokrates_cli/examples/factorization.zok | 2 +- zokrates_core/src/absy/mod.rs | 2 +- zokrates_core/src/typed_absy/mod.rs | 2 +- zokrates_core/src/zir/mod.rs | 2 +- zokrates_parser/src/zokrates.pest | 6 ++++-- 6 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 zokrates_cli/examples/error/assert.zok diff --git a/zokrates_cli/examples/error/assert.zok b/zokrates_cli/examples/error/assert.zok new file mode 100644 index 00000000..aa2fb018 --- /dev/null +++ b/zokrates_cli/examples/error/assert.zok @@ -0,0 +1,5 @@ +def assert() -> (): + return + +def main() -> (): + return \ No newline at end of file diff --git a/zokrates_cli/examples/factorization.zok b/zokrates_cli/examples/factorization.zok index 84996cde..8d436d07 100644 --- a/zokrates_cli/examples/factorization.zok +++ b/zokrates_cli/examples/factorization.zok @@ -1,5 +1,5 @@ // a and b are factorization of c def main(field c, private field a, private field b) -> (field): field d = a * b - c == d + assert(c == d) return 1 diff --git a/zokrates_core/src/absy/mod.rs b/zokrates_core/src/absy/mod.rs index 131eecec..86b80582 100644 --- a/zokrates_core/src/absy/mod.rs +++ b/zokrates_core/src/absy/mod.rs @@ -317,7 +317,7 @@ impl<'ast, T: fmt::Display> fmt::Display for Statement<'ast, T> { Statement::Return(ref expr) => write!(f, "return {}", expr), Statement::Declaration(ref var) => write!(f, "{}", var), Statement::Definition(ref lhs, ref rhs) => write!(f, "{} = {}", lhs, rhs), - Statement::Assertion(ref e) => write!(f, "{}", e), + Statement::Assertion(ref e) => write!(f, "assert({})", e), Statement::For(ref var, ref start, ref stop, ref list) => { write!(f, "for {} in {}..{} do\n", var, start, stop)?; for l in list { diff --git a/zokrates_core/src/typed_absy/mod.rs b/zokrates_core/src/typed_absy/mod.rs index a95aee99..62eb95e6 100644 --- a/zokrates_core/src/typed_absy/mod.rs +++ b/zokrates_core/src/typed_absy/mod.rs @@ -374,7 +374,7 @@ impl<'ast, T: fmt::Display> fmt::Display for TypedStatement<'ast, T> { } TypedStatement::Declaration(ref var) => write!(f, "{}", var), TypedStatement::Definition(ref lhs, ref rhs) => write!(f, "{} = {}", lhs, rhs), - TypedStatement::Assertion(ref e) => write!(f, "{}", e), + TypedStatement::Assertion(ref e) => write!(f, "assert({})", e), TypedStatement::For(ref var, ref start, ref stop, ref list) => { write!(f, "for {} in {}..{} do\n", var, start, stop)?; for l in list { diff --git a/zokrates_core/src/zir/mod.rs b/zokrates_core/src/zir/mod.rs index 891cc1d0..e95f7687 100644 --- a/zokrates_core/src/zir/mod.rs +++ b/zokrates_core/src/zir/mod.rs @@ -233,7 +233,7 @@ impl<'ast, T: fmt::Display> fmt::Display for ZirStatement<'ast, T> { } write!(f, "") } - ZirStatement::Declaration(ref var) => write!(f, "{}", var), + ZirStatement::Declaration(ref var) => write!(f, "assert({})", var), ZirStatement::Definition(ref lhs, ref rhs) => write!(f, "{} = {}", lhs, rhs), ZirStatement::Assertion(ref e) => write!(f, "{}", e), ZirStatement::MultipleDefinition(ref ids, ref rhs) => { diff --git a/zokrates_parser/src/zokrates.pest b/zokrates_parser/src/zokrates.pest index ba2ea000..a19f915d 100644 --- a/zokrates_parser/src/zokrates.pest +++ b/zokrates_parser/src/zokrates.pest @@ -46,7 +46,7 @@ statement = { (return_statement // does not require subsequent newline iteration_statement = { "for" ~ ty ~ identifier ~ "in" ~ expression ~ ".." ~ expression ~ "do" ~ NEWLINE* ~ statement* ~ "endfor"} return_statement = { "return" ~ expression_list} definition_statement = { optionally_typed_assignee_list ~ "=" ~ expression } // declare and assign, so only identifiers are allowed, unlike `assignment_statement` -expression_statement = {expression} +expression_statement = {"assert" ~ "(" ~ expression ~ ")"} optionally_typed_assignee_list = _{ optionally_typed_assignee ~ ("," ~ optionally_typed_assignee)* } optionally_typed_assignee = { (ty ~ assignee) | (assignee) } // we don't use { ty? ~ identifier } as with a single token, it gets parsed as `ty` but we want `identifier` @@ -124,6 +124,8 @@ op_unary = { op_not } WHITESPACE = _{ " " | "\t" | "\\" ~ NEWLINE} COMMENT = _{ ("/*" ~ (!"*/" ~ ANY)* ~ "*/") | ("//" ~ (!NEWLINE ~ ANY)*) } -keyword = @{"as"|"bool"|"byte"|"def"|"do"|"else"|"endfor"|"export"|"false"|"field"|"for"|"if"|"then"|"fi"|"import"|"from"| +// the ordering of reserved keywords matters: if "as" is before "assert", then "assert" gets parsed as (as)(sert) and incorrectly +// accepted +keyword = @{"assert"|"as"|"bool"|"byte"|"def"|"do"|"else"|"endfor"|"export"|"false"|"field"|"for"|"if"|"then"|"fi"|"import"|"from"| "in"|"private"|"public"|"return"|"struct"|"true"|"u8"|"u16"|"u32" } From 91c4747b5b6dc9a11a4f9a51fbf9ad86e002429a Mon Sep 17 00:00:00 2001 From: schaeff Date: Wed, 15 Jul 2020 23:00:12 +0200 Subject: [PATCH 18/23] fix tests --- zokrates_cli/tests/code/sha_round.expected.witness | 1 + zokrates_cli/tests/code/sha_round.zok | 4 ++-- zokrates_pest_ast/src/lib.rs | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/zokrates_cli/tests/code/sha_round.expected.witness b/zokrates_cli/tests/code/sha_round.expected.witness index e69de29b..1e61044c 100644 --- a/zokrates_cli/tests/code/sha_round.expected.witness +++ b/zokrates_cli/tests/code/sha_round.expected.witness @@ -0,0 +1 @@ +~out_0 1 \ No newline at end of file diff --git a/zokrates_cli/tests/code/sha_round.zok b/zokrates_cli/tests/code/sha_round.zok index 88bda14d..743191e1 100644 --- a/zokrates_cli/tests/code/sha_round.zok +++ b/zokrates_cli/tests/code/sha_round.zok @@ -1,6 +1,6 @@ import "EMBED/sha256round" as sha256 -def main(private bool[256] expected) -> (): +def main(private bool[256] expected) -> (field): bool[256] a = [false; 256] bool[256] b = [false; 256] @@ -11,4 +11,4 @@ def main(private bool[256] expected) -> (): assert(expected == sha256([...a, ...b], IV)) - return \ No newline at end of file + return 1 \ No newline at end of file diff --git a/zokrates_pest_ast/src/lib.rs b/zokrates_pest_ast/src/lib.rs index 267d6a23..6a969bbe 100644 --- a/zokrates_pest_ast/src/lib.rs +++ b/zokrates_pest_ast/src/lib.rs @@ -1175,7 +1175,7 @@ mod tests { field a = 1 a[32 + x][55] = y for field i in 0..3 do - a == 1 + 2 + 3+ 4+ 5+ 6+ 6+ 7+ 8 + 4+ 5+ 3+ 4+ 2+ 3 + assert(a == 1 + 2 + 3+ 4+ 5+ 6+ 6+ 7+ 8 + 4+ 5+ 3+ 4+ 2+ 3) endfor a.member == 1 return a From 3e664622699dd0ca4226350b0ebfab0ec8717073 Mon Sep 17 00:00:00 2001 From: schaeff Date: Wed, 15 Jul 2020 23:08:38 +0200 Subject: [PATCH 19/23] fix test --- zokrates_pest_ast/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zokrates_pest_ast/src/lib.rs b/zokrates_pest_ast/src/lib.rs index 6a969bbe..bdf4e71a 100644 --- a/zokrates_pest_ast/src/lib.rs +++ b/zokrates_pest_ast/src/lib.rs @@ -1177,7 +1177,7 @@ mod tests { for field i in 0..3 do assert(a == 1 + 2 + 3+ 4+ 5+ 6+ 6+ 7+ 8 + 4+ 5+ 3+ 4+ 2+ 3) endfor - a.member == 1 + assert(a.member == 1) return a "#; let res = generate_ast(&source); From 07c8a255680cd1e2da08451bc53de39ad897125d Mon Sep 17 00:00:00 2001 From: schaeff Date: Thu, 16 Jul 2020 11:31:19 +0200 Subject: [PATCH 20/23] wip --- .../merkleTree/pedersenPathProof3.zok | 5 +- zokrates_js/Cargo.lock | 1105 +++++++++++++++++ zokrates_js/tests/tests.js | 2 - 3 files changed, 1106 insertions(+), 6 deletions(-) create mode 100644 zokrates_js/Cargo.lock diff --git a/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok b/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok index 109fe71d..d2b2c64d 100644 --- a/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok +++ b/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok @@ -6,11 +6,8 @@ import "hashes/utils/256bitsDirectionHelper" as multiplex // Merke-Tree inclusion proof for tree depth 3 using SNARK efficient pedersen hashes // directionSelector=> 1/true if current digest is on the rhs of the hash -<<<<<<< HEAD -def main(u32[8] rootDigest, private u32[8] leafDigest, private bool[3] directionSelector, u32[8] PathDigest0, private u32[8] PathDigest1, private u32[8] PathDigest2) -> (field): -======= + def main(bool[256] rootDigest, private bool[256] leafDigest, private bool[3] directionSelector, bool[256] PathDigest0, private bool[256] PathDigest1, private bool[256] PathDigest2) -> (): ->>>>>>> 26f4d72ee6e0c802823cf145fbd11a372586eb28 BabyJubJubParams context = context() //Setup diff --git a/zokrates_js/Cargo.lock b/zokrates_js/Cargo.lock new file mode 100644 index 00000000..36f96e42 --- /dev/null +++ b/zokrates_js/Cargo.lock @@ -0,0 +1,1105 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +[[package]] +name = "addr2line" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b6a2d3371669ab3ca9797670853d61402b03d0b4b9ebf33d677dfa720203072" +dependencies = [ + "gimli", +] + +[[package]] +name = "adler" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee2a4ec343196209d6594e19543ae87a39f96d5534d7174822a3ad825dd6ed7e" + +[[package]] +name = "aho-corasick" +version = "0.6.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81ce3d38065e618af2d7b77e10c5ad9a069859b4be3c2250f674af3840d9c8a5" +dependencies = [ + "memchr", +] + +[[package]] +name = "autocfg" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8aac770f1885fd7e387acedd76065302551364496e46b3dd00860b2f8359b9d" + +[[package]] +name = "backtrace" +version = "0.3.50" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "46254cf2fdcdf1badb5934448c1bcbe046a56537b3987d96c51a7afc5d03f293" +dependencies = [ + "addr2line", + "cfg-if", + "libc", + "miniz_oxide", + "object", + "rustc-demangle", +] + +[[package]] +name = "bellman_ce" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a5ca1343d8690bb4d62e0665116bd4f109e33a642f86908ed107d226a402b0ef" +dependencies = [ + "bit-vec", + "byteorder", + "cfg-if", + "futures", + "num_cpus", + "pairing_ce", + "rand", + "web-sys", +] + +[[package]] +name = "bincode" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e103c8b299b28a9c6990458b7013dc4a8356a9b854c51b9883241f5866fac36e" +dependencies = [ + "byteorder", + "num-traits 0.1.43", + "serde", +] + +[[package]] +name = "bincode" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f30d3a39baa26f9651f17b375061f3233dde33424a8b72b0dbe93a68a0bc896d" +dependencies = [ + "byteorder", + "serde", +] + +[[package]] +name = "bit-vec" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f0dc55f2d8a1a85650ac47858bb001b4c0dd73d79e3c455a842925e68d29cd3" + +[[package]] +name = "block-buffer" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0940dc441f31689269e10ac70eb1002a3a1d3ad1390e030043662eb7fe4688b" +dependencies = [ + "block-padding", + "byte-tools", + "byteorder", + "generic-array", +] + +[[package]] +name = "block-padding" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa79dedbb091f449f1f39e53edf88d5dbe95f895dae6135a8d7b881fb5af73f5" +dependencies = [ + "byte-tools", +] + +[[package]] +name = "bstr" +version = "0.2.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "31accafdb70df7871592c058eca3985b71104e15ac32f64706022c58867da931" +dependencies = [ + "lazy_static", + "memchr", + "regex-automata", + "serde", +] + +[[package]] +name = "bumpalo" +version = "3.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e8c087f005730276d1096a652e92a8bacee2e2472bcc9715a74d2bec38b5820" + +[[package]] +name = "byte-tools" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3b5ca7a04898ad4bcd41c90c5285445ff5b791899bb1b0abdd2a2aa791211d7" + +[[package]] +name = "byteorder" +version = "1.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08c48aae112d48ed9f069b33538ea9e3e90aa263cfa3d1c24309612b1f7472de" + +[[package]] +name = "cfg-if" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" + +[[package]] +name = "console_error_panic_hook" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8d976903543e0c48546a91908f21588a680a8c8f984df9a5d69feccb2b2a211" +dependencies = [ + "cfg-if", + "wasm-bindgen", +] + +[[package]] +name = "csv" +version = "1.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00affe7f6ab566df61b4be3ce8cf16bc2576bca0963ceb0955e45d514bf9a279" +dependencies = [ + "bstr", + "csv-core", + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "csv-core" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b2466559f260f48ad25fe6317b3c8dac77b5bdb5763ac7d9d6103530663bc90" +dependencies = [ + "memchr", +] + +[[package]] +name = "digest" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5" +dependencies = [ + "generic-array", +] + +[[package]] +name = "either" +version = "1.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb1f6b1ce1c140482ea30ddd3335fc0024ac7ee112895426e0a629a6c20adfe3" + +[[package]] +name = "failure" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d32e9bd16cc02eae7db7ef620b392808b89f6a5e16bb3497d159c6b92a0f4f86" +dependencies = [ + "backtrace", + "failure_derive", +] + +[[package]] +name = "failure_derive" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4" +dependencies = [ + "proc-macro2 1.0.18", + "quote 1.0.7", + "syn 1.0.34", + "synstructure", +] + +[[package]] +name = "fake-simd" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed" + +[[package]] +name = "ff_ce" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83c0a6a2c53b0bd6d8cae976816dc8a171e0554c03f304e3dac110473e0219fd" +dependencies = [ + "byteorder", + "hex", + "rand", +] + +[[package]] +name = "ff_ce" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4592897f75fd1bd178e5ec12d9d7df3d1943464feda2cbce1e708a484e82c8f6" +dependencies = [ + "byteorder", + "ff_derive_ce", + "hex", + "rand", +] + +[[package]] +name = "ff_derive_ce" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50c052fa6d4c2f12305ec364bfb8ef884836f3f61ea015b202372ff996d1ac4b" +dependencies = [ + "num-bigint", + "num-integer", + "num-traits 0.2.12", + "proc-macro2 1.0.18", + "quote 1.0.7", + "syn 1.0.34", +] + +[[package]] +name = "from-pest" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aba9389cedcba1fb3a2aa2ed00f584f2606bce8e0106614a17327a24513bc60f" +dependencies = [ + "pest", + "void", +] + +[[package]] +name = "fuchsia-cprng" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a06f77d526c1a601b7c4cdd98f54b5eaabffc14d5f2f0296febdc7f357c6d3ba" + +[[package]] +name = "futures" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e05b85ec287aac0dc34db7d4a569323df697f9c55b99b15d6b4ef8cde49f613" +dependencies = [ + "futures-channel", + "futures-core", + "futures-executor", + "futures-io", + "futures-sink", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-channel" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f366ad74c28cca6ba456d95e6422883cfb4b252a83bed929c83abfdbbf2967d5" +dependencies = [ + "futures-core", + "futures-sink", +] + +[[package]] +name = "futures-core" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59f5fff90fd5d971f936ad674802482ba441b6f09ba5e15fd8b39145582ca399" + +[[package]] +name = "futures-executor" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10d6bb888be1153d3abeb9006b11b02cf5e9b209fda28693c31ae1e4e012e314" +dependencies = [ + "futures-core", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-io" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de27142b013a8e869c14957e6d2edeef89e97c289e69d042ee3a49acd8b51789" + +[[package]] +name = "futures-sink" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f2032893cb734c7a05d85ce0cc8b8c4075278e93b24b66f9de99d6eb0fa8acc" + +[[package]] +name = "futures-task" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bdb66b5f09e22019b1ab0830f7785bcea8e7a42148683f99214f73f8ec21a626" +dependencies = [ + "once_cell", +] + +[[package]] +name = "futures-util" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8764574ff08b701a084482c3c7031349104b07ac897393010494beaa18ce32c6" +dependencies = [ + "futures-channel", + "futures-core", + "futures-io", + "futures-sink", + "futures-task", + "memchr", + "pin-project", + "pin-utils", + "slab", +] + +[[package]] +name = "generic-array" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c68f0274ae0e023facc3c97b2e00f076be70e254bc851d972503b328db79b2ec" +dependencies = [ + "typenum", +] + +[[package]] +name = "gimli" +version = "0.22.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aaf91faf136cb47367fa430cd46e37a788775e7fa104f8b4bcb3861dc389b724" + +[[package]] +name = "hermit-abi" +version = "0.1.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3deed196b6e7f9e44a2ae8d94225d80302d81208b1bb673fd21fe634645c85a9" +dependencies = [ + "libc", +] + +[[package]] +name = "hex" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "644f9158b2f133fd50f5fb3242878846d9eb792e445c893805ff0e3824006e35" + +[[package]] +name = "itertools" +version = "0.7.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d47946d458e94a1b7bcabbf6521ea7c037062c81f534615abcad76e84d4970d" +dependencies = [ + "either", +] + +[[package]] +name = "itoa" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc6f3ad7b9d11a0c00842ff8de1b60ee58661048eb8049ed33c73594f359d7e6" + +[[package]] +name = "js-sys" +version = "0.3.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52732a3d3ad72c58ad2dc70624f9c17b46ecd0943b9a4f1ee37c4c18c5d983e2" +dependencies = [ + "wasm-bindgen", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" + +[[package]] +name = "libc" +version = "0.2.72" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9f8082297d534141b30c8d39e9b1773713ab50fdbe4ff30f750d063b3bfd701" + +[[package]] +name = "log" +version = "0.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14b6052be84e6b71ab17edffc2eeabf5c2c3ae1fdb464aae35ac50c67a44e1f7" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "maplit" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e2e65a1a2e43cfcb47a895c4c8b10d1f4a61097f9f254f183aee60cad9c651d" + +[[package]] +name = "memchr" +version = "2.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3728d817d99e5ac407411fa471ff9800a778d88a24685968b36824eaf4bee400" + +[[package]] +name = "miniz_oxide" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be0f75932c1f6cfae3c04000e40114adf955636e19040f9c0a2c380702aa1c7f" +dependencies = [ + "adler", +] + +[[package]] +name = "num" +version = "0.1.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4703ad64153382334aa8db57c637364c322d3372e097840c72000dabdcf6156e" +dependencies = [ + "num-integer", + "num-iter", + "num-traits 0.2.12", +] + +[[package]] +name = "num-bigint" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "090c7f9998ee0ff65aa5b723e4009f7b217707f1fb5ea551329cc4d6231fb304" +dependencies = [ + "autocfg", + "num-integer", + "num-traits 0.2.12", + "serde", +] + +[[package]] +name = "num-integer" +version = "0.1.43" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d59457e662d541ba17869cf51cf177c0b5f0cbf476c66bdc90bf1edac4f875b" +dependencies = [ + "autocfg", + "num-traits 0.2.12", +] + +[[package]] +name = "num-iter" +version = "0.1.41" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a6e6b7c748f995c4c29c5f5ae0248536e04a5739927c74ec0fa564805094b9f" +dependencies = [ + "autocfg", + "num-integer", + "num-traits 0.2.12", +] + +[[package]] +name = "num-traits" +version = "0.1.43" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92e5113e9fd4cc14ded8e499429f396a20f98c772a47cc8622a736e1ec843c31" +dependencies = [ + "num-traits 0.2.12", +] + +[[package]] +name = "num-traits" +version = "0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac267bcc07f48ee5f8935ab0d24f316fb722d7a1292e2913f0cc196b29ffd611" +dependencies = [ + "autocfg", +] + +[[package]] +name = "num_cpus" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05499f3756671c15885fee9034446956fff3f243d6077b91e5767df161f766b3" +dependencies = [ + "hermit-abi", + "libc", +] + +[[package]] +name = "object" +version = "0.20.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ab52be62400ca80aa00285d25253d7f7c437b7375c4de678f5405d3afe82ca5" + +[[package]] +name = "once_cell" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b631f7e854af39a1739f401cf34a8a013dfe09eac4fa4dba91e9768bd28168d" + +[[package]] +name = "opaque-debug" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c" + +[[package]] +name = "pairing_ce" +version = "0.21.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfc00d65b1d29e0a067a967fcea83d8db261c149f76a557ba73f0304f01cdfde" +dependencies = [ + "byteorder", + "ff_ce 0.10.3", + "rand", +] + +[[package]] +name = "pest" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10f4872ae94d7b90ae48754df22fd42ad52ce740b8f370b03da4835417403e53" +dependencies = [ + "ucd-trie", +] + +[[package]] +name = "pest-ast" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fbf404899169771dd6a32c84248b83cd67a26cc7cc957aac87661490e1227e4" +dependencies = [ + "itertools", + "proc-macro2 0.4.30", + "quote 0.6.13", + "single", + "syn 0.15.44", +] + +[[package]] +name = "pest_derive" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "833d1ae558dc601e9a60366421196a8d94bc0ac980476d0b67e1d0988d72b2d0" +dependencies = [ + "pest", + "pest_generator", +] + +[[package]] +name = "pest_generator" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99b8db626e31e5b81787b9783425769681b347011cc59471e33ea46d2ea0cf55" +dependencies = [ + "pest", + "pest_meta", + "proc-macro2 1.0.18", + "quote 1.0.7", + "syn 1.0.34", +] + +[[package]] +name = "pest_meta" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "54be6e404f5317079812fc8f9f5279de376d8856929e21c184ecf6bbd692a11d" +dependencies = [ + "maplit", + "pest", + "sha-1", +] + +[[package]] +name = "pin-project" +version = "0.4.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "12e3a6cdbfe94a5e4572812a0201f8c0ed98c1c452c7b8563ce2276988ef9c17" +dependencies = [ + "pin-project-internal", +] + +[[package]] +name = "pin-project-internal" +version = "0.4.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a0ffd45cf79d88737d7cc85bfd5d2894bee1139b356e616fe85dc389c61aaf7" +dependencies = [ + "proc-macro2 1.0.18", + "quote 1.0.7", + "syn 1.0.34", +] + +[[package]] +name = "pin-utils" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" + +[[package]] +name = "proc-macro2" +version = "0.4.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759" +dependencies = [ + "unicode-xid 0.1.0", +] + +[[package]] +name = "proc-macro2" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "beae6331a816b1f65d04c45b078fd8e6c93e8071771f41b8163255bbd8d7c8fa" +dependencies = [ + "unicode-xid 0.2.1", +] + +[[package]] +name = "quote" +version = "0.6.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1" +dependencies = [ + "proc-macro2 0.4.30", +] + +[[package]] +name = "quote" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa563d17ecb180e500da1cfd2b028310ac758de548efdd203e18f283af693f37" +dependencies = [ + "proc-macro2 1.0.18", +] + +[[package]] +name = "rand" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "552840b97013b1a26992c11eac34bdd778e464601a4c2054b5f0bff7c6761293" +dependencies = [ + "fuchsia-cprng", + "libc", + "rand_core 0.3.1", + "rdrand", + "winapi", +] + +[[package]] +name = "rand_core" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a6fdeb83b075e8266dcc8762c22776f6877a63111121f5f8c7411e5be7eed4b" +dependencies = [ + "rand_core 0.4.2", +] + +[[package]] +name = "rand_core" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c33a3c44ca05fa6f1807d8e6743f3824e8509beca625669633be0acbdf509dc" + +[[package]] +name = "rdrand" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "678054eb77286b51581ba43620cc911abf02758c91f93f479767aed0f90458b2" +dependencies = [ + "rand_core 0.3.1", +] + +[[package]] +name = "reduce" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4c8549eb79c1fc8c449cb18a2d9b7873a7cb1bf2fcbfe8a3ad8812320544341" + +[[package]] +name = "regex" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9329abc99e39129fcceabd24cf5d85b4671ef7c29c50e972bc5afe32438ec384" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", + "thread_local", + "utf8-ranges", +] + +[[package]] +name = "regex-automata" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae1ded71d66a4a97f5e961fd0cb25a5f366a42a41570d16a763a69c092c26ae4" +dependencies = [ + "byteorder", +] + +[[package]] +name = "regex-syntax" +version = "0.5.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d707a4fa2637f2dca2ef9fd02225ec7661fe01a53623c1e6515b6916511f7a7" +dependencies = [ + "ucd-util", +] + +[[package]] +name = "rustc-demangle" +version = "0.1.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c691c0e608126e00913e33f0ccf3727d5fc84573623b8d65b2df340b5201783" + +[[package]] +name = "ryu" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e" + +[[package]] +name = "serde" +version = "1.0.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5317f7588f0a5078ee60ef675ef96735a1442132dc645eb1d12c018620ed8cd3" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_bytes" +version = "0.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "defbb8a83d7f34cc8380751eeb892b825944222888aff18996ea7901f24aec88" +dependencies = [ + "serde", +] + +[[package]] +name = "serde_derive" +version = "1.0.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a0be94b04690fbaed37cddffc5c134bf537c8e3329d53e982fe04c374978f8e" +dependencies = [ + "proc-macro2 1.0.18", + "quote 1.0.7", + "syn 1.0.34", +] + +[[package]] +name = "serde_json" +version = "1.0.56" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3433e879a558dde8b5e8feb2a04899cf34fdde1fafb894687e52105fc1162ac3" +dependencies = [ + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "sha-1" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7d94d0bede923b3cea61f3f1ff57ff8cdfd77b400fb8f9998949e0cf04163df" +dependencies = [ + "block-buffer", + "digest", + "fake-simd", + "opaque-debug", +] + +[[package]] +name = "sha2" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a256f46ea78a0c0d9ff00077504903ac881a1dafdc20da66545699e7776b3e69" +dependencies = [ + "block-buffer", + "digest", + "fake-simd", + "opaque-debug", +] + +[[package]] +name = "single" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd5add732a1ab689845591a1b50339cf5310b563e08dc5813c65991f30369ea2" +dependencies = [ + "failure", +] + +[[package]] +name = "slab" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c111b5bd5695e56cffe5129854aa230b39c93a305372fdbb2668ca2394eea9f8" + +[[package]] +name = "syn" +version = "0.15.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5" +dependencies = [ + "proc-macro2 0.4.30", + "quote 0.6.13", + "unicode-xid 0.1.0", +] + +[[package]] +name = "syn" +version = "1.0.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "936cae2873c940d92e697597c5eee105fb570cd5689c695806f672883653349b" +dependencies = [ + "proc-macro2 1.0.18", + "quote 1.0.7", + "unicode-xid 0.2.1", +] + +[[package]] +name = "synstructure" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b834f2d66f734cb897113e34aaff2f1ab4719ca946f9a7358dba8f8064148701" +dependencies = [ + "proc-macro2 1.0.18", + "quote 1.0.7", + "syn 1.0.34", + "unicode-xid 0.2.1", +] + +[[package]] +name = "thread_local" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c6b53e329000edc2b34dbe8545fd20e55a333362d0a321909685a19bd28c3f1b" +dependencies = [ + "lazy_static", +] + +[[package]] +name = "typed-arena" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9b2228007eba4120145f785df0f6c92ea538f5a3635a612ecf4e334c8c1446d" + +[[package]] +name = "typenum" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "373c8a200f9e67a0c95e62a4f52fbf80c23b4381c05a17845531982fa99e6b33" + +[[package]] +name = "ucd-trie" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56dee185309b50d1f11bfedef0fe6d036842e3fb77413abef29f8f8d1c5d4c1c" + +[[package]] +name = "ucd-util" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c85f514e095d348c279b1e5cd76795082cf15bd59b93207832abe0b1d8fed236" + +[[package]] +name = "unicode-xid" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc" + +[[package]] +name = "unicode-xid" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564" + +[[package]] +name = "utf8-ranges" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4ae116fef2b7fea257ed6440d3cfcff7f190865f170cdad00bb6465bf18ecba" + +[[package]] +name = "void" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" + +[[package]] +name = "wasm-bindgen" +version = "0.2.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3edbcc9536ab7eababcc6d2374a0b7bfe13a2b6d562c5e07f370456b1a8f33d" +dependencies = [ + "cfg-if", + "serde", + "serde_json", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "89ed2fb8c84bfad20ea66b26a3743f3e7ba8735a69fe7d95118c33ec8fc1244d" +dependencies = [ + "bumpalo", + "lazy_static", + "log", + "proc-macro2 1.0.18", + "quote 1.0.7", + "syn 1.0.34", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eb071268b031a64d92fc6cf691715ca5a40950694d8f683c5bb43db7c730929e" +dependencies = [ + "quote 1.0.7", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf592c807080719d1ff2f245a687cbadb3ed28b2077ed7084b47aba8b691f2c6" +dependencies = [ + "proc-macro2 1.0.18", + "quote 1.0.7", + "syn 1.0.34", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b6c0220ded549d63860c78c38f3bcc558d1ca3f4efa74942c536ddbbb55e87" + +[[package]] +name = "web-sys" +version = "0.3.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8be2398f326b7ba09815d0b403095f34dd708579220d099caae89be0b32137b2" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "zokrates_abi" +version = "0.1.1" +dependencies = [ + "serde", + "serde_derive", + "serde_json", + "zokrates_core", + "zokrates_field", +] + +[[package]] +name = "zokrates_common" +version = "0.1.0" + +[[package]] +name = "zokrates_core" +version = "0.4.3" +dependencies = [ + "bellman_ce", + "bincode 0.8.0", + "csv", + "ff_ce 0.9.0", + "hex", + "lazy_static", + "num", + "num-bigint", + "pairing_ce", + "rand", + "reduce", + "regex", + "serde", + "serde_bytes", + "serde_derive", + "serde_json", + "typed-arena", + "zokrates_common", + "zokrates_field", + "zokrates_pest_ast", +] + +[[package]] +name = "zokrates_field" +version = "0.3.6" +dependencies = [ + "bellman_ce", + "bincode 0.8.0", + "lazy_static", + "num-bigint", + "num-integer", + "num-traits 0.2.12", + "serde", + "serde_derive", + "serde_json", + "sha2", +] + +[[package]] +name = "zokrates_js" +version = "1.0.23" +dependencies = [ + "bincode 1.3.1", + "console_error_panic_hook", + "js-sys", + "serde", + "serde_json", + "wasm-bindgen", + "zokrates_abi", + "zokrates_common", + "zokrates_core", + "zokrates_field", +] + +[[package]] +name = "zokrates_parser" +version = "0.1.4" +dependencies = [ + "pest", + "pest_derive", +] + +[[package]] +name = "zokrates_pest_ast" +version = "0.1.3" +dependencies = [ + "from-pest", + "lazy_static", + "pest", + "pest-ast", + "zokrates_field", + "zokrates_parser", +] diff --git a/zokrates_js/tests/tests.js b/zokrates_js/tests/tests.js index d235e3c4..e6ca9951 100644 --- a/zokrates_js/tests/tests.js +++ b/zokrates_js/tests/tests.js @@ -26,8 +26,6 @@ describe('tests', function() { it('should resolve stdlib module', function() { assert.doesNotThrow(() => { const code = ` - import "hashes/sha256/512bit" as sha256 - import "ecc/edwardsAdd" as edwardsAdd def main() -> (): return `; From 4487e5835cc3e22b46633639f31cf5d3d674207d Mon Sep 17 00:00:00 2001 From: schaeff Date: Thu, 16 Jul 2020 12:55:05 +0200 Subject: [PATCH 21/23] fix example --- zokrates_cli/examples/merkleTree/pedersenPathProof3.zok | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok b/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok index d2b2c64d..355eebce 100644 --- a/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok +++ b/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok @@ -7,7 +7,7 @@ import "hashes/utils/256bitsDirectionHelper" as multiplex // Merke-Tree inclusion proof for tree depth 3 using SNARK efficient pedersen hashes // directionSelector=> 1/true if current digest is on the rhs of the hash -def main(bool[256] rootDigest, private bool[256] leafDigest, private bool[3] directionSelector, bool[256] PathDigest0, private bool[256] PathDigest1, private bool[256] PathDigest2) -> (): +def main(u32[8] rootDigest, private u32[8] leafDigest, private bool[3] directionSelector, u32[8] PathDigest0, private u32[8] PathDigest1, private u32[8] PathDigest2) -> (): BabyJubJubParams context = context() //Setup From 84aa649a468cf46726eab44a50af9eecd9273ad8 Mon Sep 17 00:00:00 2001 From: schaeff Date: Thu, 16 Jul 2020 13:20:43 +0200 Subject: [PATCH 22/23] fix example --- zokrates_cli/examples/merkleTree/sha256PathProof3.zok | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/zokrates_cli/examples/merkleTree/sha256PathProof3.zok b/zokrates_cli/examples/merkleTree/sha256PathProof3.zok index 3c27c69f..1757ad7a 100644 --- a/zokrates_cli/examples/merkleTree/sha256PathProof3.zok +++ b/zokrates_cli/examples/merkleTree/sha256PathProof3.zok @@ -3,11 +3,7 @@ import "utils/multiplexer/256bit" as multiplex // Merkle-Tree inclusion proof for tree depth 3 -<<<<<<< HEAD -def main(field treeDepth, u32[8] rootDigest, private u32[8] leafDigest, private bool[2] directionSelector, u32[8] PathDigest0, private u32[8] PathDigest1) -> (field): -======= -def main(field treeDepth, bool[256] rootDigest, private bool[256] leafDigest, private bool[2] directionSelector, bool[256] PathDigest0, private bool[256] PathDigest1) -> (): ->>>>>>> 26f4d72ee6e0c802823cf145fbd11a372586eb28 +def main(field treeDepth, u32[8] rootDigest, private u32[8] leafDigest, private bool[2] directionSelector, u32[8] PathDigest0, private u32[8] PathDigest1) -> (): //Setup u32[8] currentDigest = leafDigest From 1e45be0a645732d5d85f8654622d84a3c3f10e8a Mon Sep 17 00:00:00 2001 From: schaeff Date: Thu, 16 Jul 2020 14:54:44 +0200 Subject: [PATCH 23/23] fix more tests --- .../hashes/utils/256bitsDirectionHelper.zok | 2 +- .../tests/tests/utils/multiplexer/256bit.zok | 10 ------ .../utils/pack/bool/nonStrictUnpack256.json | 2 +- .../utils/pack/u32/nonStrictUnpack256.json | 2 +- .../utils/pack/u32/nonStrictUnpack256.zok | 36 +++++++++---------- .../tests/tests/utils/pack/u32/pack128.zok | 28 +++++++-------- .../tests/tests/utils/pack/u32/unpack128.json | 2 +- .../tests/tests/utils/pack/u32/unpack128.zok | 28 +++++++-------- 8 files changed, 50 insertions(+), 60 deletions(-) diff --git a/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok b/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok index 0e8ab54d..56bd6ae5 100644 --- a/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok +++ b/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok @@ -20,7 +20,7 @@ def left() -> (bool): u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] u32[16] out = direction(false, a, b) - out == [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38, 0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] + assert(out == [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38, 0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]) return true def right() -> (bool): diff --git a/zokrates_stdlib/tests/tests/utils/multiplexer/256bit.zok b/zokrates_stdlib/tests/tests/utils/multiplexer/256bit.zok index a3b90703..0c41d0ca 100644 --- a/zokrates_stdlib/tests/tests/utils/multiplexer/256bit.zok +++ b/zokrates_stdlib/tests/tests/utils/multiplexer/256bit.zok @@ -7,13 +7,8 @@ def left() -> (bool): u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] -<<<<<<< HEAD u32[8] output = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38] - output == multiplex(bit, a, b) -======= - bool[256] output = [false, false, false, true, true, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, true, true, true, false, true, false, true, false, true, false, false, false, true, false, true, true, true, false, true, false, false, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, false, true, false, false, false, false, true, false, false, true, true, false, false, true, true, false, false, true, true, true, true, true, true, true, true, true, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, true, false, true, false, false, false, false, true, false, true, false, false, false, false, true, true, false, false, false, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, false, true, false, true, true, true, false, true, true, true, true, true, true, false, false, false, true, false, true, true, true, true, true, false, false, false, true, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, true, true, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, true, false, true, false, true, false, false, false, true, true, true, false, false, false] assert(output == multiplex(bit, a, b)) ->>>>>>> 26f4d72ee6e0c802823cf145fbd11a372586eb28 return true @@ -24,13 +19,8 @@ def right() -> (bool): u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] -<<<<<<< HEAD u32[8] output = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] - output == multiplex(bit, a, b) -======= - bool[256] output = [false, false, false, false, false, false, true, true, true, true, true, true, false, false, true, true, true, true, true, true, false, true, true, false, false, false, true, false, true, false, false, false, true, true, true, false, false, false, false, false, false, true, true, false, false, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, true, false, false, true, false, true, true, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, true, true, false, false, true, true, false, true, false, false, true, false, true, true, false, true, true, false, true, true, true, true, false, false, true, false, true, false, true, true, true, false, false, false, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, true, true, false, false, false, false, false, false, false, true, true, false, true, false, false, true, false, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, true, true, true, true, false, false, false, false, true, true, false, true, true, false, true, true, true, true, false, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, true, false, true, true, false, true, false, true, false, true, false, true, false, true, true, true] assert(output == multiplex(bit, a, b)) ->>>>>>> 26f4d72ee6e0c802823cf145fbd11a372586eb28 return true diff --git a/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json b/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json index 80d78cfa..fe64e6d0 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json +++ b/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json @@ -8,7 +8,7 @@ }, "output": { "Ok": { - "values": ["1"] + "values": [] } } } diff --git a/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json b/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json index 0aa40ce2..92dcbbf3 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json +++ b/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json @@ -8,7 +8,7 @@ }, "output": { "Ok": { - "values": ["1"] + "values": [] } } } diff --git a/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok b/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok index 3ccc32c4..04527ff4 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok +++ b/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok @@ -1,41 +1,41 @@ import "utils/pack/u32/nonStrictUnpack256" as unpack256 -def testFive() -> (field): +def testFive() -> (bool): u32[8] b = unpack256(5) - b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005] + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]) - return 1 + return true -def testZero() -> (field): +def testZero() -> (bool): u32[8] b = unpack256(0) - b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]) - return 1 + return true -def testLarge() -> (field): +def testLarge() -> (bool): u32[8] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991) - b == [0x1fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff] + assert(b == [0x1fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]) - return 1 + return true -def testMax() -> (field): +def testMax() -> (bool): u32[8] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616) - b == [0x30644e72, 0xe131a029, 0xb85045b6, 0x8181585d, 0x2833e848, 0x79b97091, 0x43e1f593, 0xf0000000] + assert(b == [0x30644e72, 0xe131a029, 0xb85045b6, 0x8181585d, 0x2833e848, 0x79b97091, 0x43e1f593, 0xf0000000]) - return 1 + return true - def main() -> (field): + def main() -> (): - 1 == testFive() - 1 == testMax() - 1 == testZero() - 1 == testLarge() - return 1 + assert(testFive()) + assert(testMax()) + assert(testZero()) + assert(testLarge()) + return diff --git a/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok b/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok index ecd0e7a8..bfca790a 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok +++ b/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok @@ -1,36 +1,36 @@ import "utils/pack/u32/pack128" as pack128 -def testFive() -> (field): +def testFive() -> (bool): u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000005] field n = pack128(b) - 5 == n + assert(5 == n) - return 1 + return true -def testZero() -> (field): +def testZero() -> (bool): u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000] field n = pack128(b) - 0 == n + assert(0 == n) - return 1 + return true -def testMax() -> (field): +def testMax() -> (bool): u32[4] b = [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff] field n = pack128(b) - 2**128 - 1 == n + assert(2**128 - 1 == n) - return 1 + return true - def main() -> (field): + def main() -> (): - 1 == testFive() - 1 == testMax() - 1 == testZero() + assert(testFive()) + assert(testMax()) + assert(testZero()) - return 1 + return diff --git a/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json b/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json index 75252d88..2d93be8e 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json +++ b/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json @@ -8,7 +8,7 @@ }, "output": { "Ok": { - "values": ["1"] + "values": [] } } } diff --git a/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok b/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok index b264ded7..cec01e30 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok +++ b/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok @@ -1,33 +1,33 @@ import "utils/pack/u32/unpack128" as unpack128 -def testFive() -> (field): +def testFive() -> (bool): u32[4] b = unpack128(5) - b == [0x00000000, 0x00000000, 0x00000000, 0x00000005] + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000005]) - return 1 + return true -def testZero() -> (field): +def testZero() -> (bool): u32[4] b = unpack128(0) - b == [0x00000000, 0x00000000, 0x00000000, 0x00000000] + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000]) - return 1 + return true -def testMax() -> (field): +def testMax() -> (bool): u32[4] b = unpack128(2**128 - 1) - b == [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff] + assert(b == [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]) - return 1 + return true - def main() -> (field): + def main() -> (): - 1 == testFive() - 1 == testMax() - 1 == testZero() + assert(testFive()) + assert(testMax()) + assert(testZero()) - return 1 + return