From 39d616fca9846f47bbd1b7c5e851079339e4d575 Mon Sep 17 00:00:00 2001 From: schaeff Date: Tue, 7 Apr 2020 13:21:54 +0200 Subject: [PATCH 1/4] remove inference, require variables to be defined --- zokrates_core/src/semantics.rs | 194 ++++++++++++++++++++++++--------- 1 file changed, 142 insertions(+), 52 deletions(-) diff --git a/zokrates_core/src/semantics.rs b/zokrates_core/src/semantics.rs index 2cf47102..427151b2 100644 --- a/zokrates_core/src/semantics.rs +++ b/zokrates_core/src/semantics.rs @@ -179,12 +179,8 @@ impl<'ast> FunctionQuery<'ast> { }) } - fn match_funcs(&self, funcs: &HashSet>) -> Vec> { - funcs - .iter() - .filter(|func| self.match_func(func)) - .cloned() - .collect() + fn match_funcs(&self, funcs: &HashSet>) -> Option> { + funcs.iter().find(|func| self.match_func(func)).cloned() } } @@ -799,6 +795,8 @@ impl<'ast> Checker<'ast> { module_id: &ModuleId, types: &TypeMap, ) -> Result, Vec> { + println!("{}", stat); + let pos = stat.pos(); match stat.value { @@ -936,24 +934,33 @@ impl<'ast> Checker<'ast> { match rhs.value { // Right side has to be a function call Expression::FunctionCall(fun_id, arguments) => { - // find lhs types - let mut vars_types: Vec> = vec![]; - let mut var_names = vec![]; - for assignee in assignees { - let (name, t) = match assignee.value { - Assignee::Identifier(name) => { - Ok((name, match self.get_scope(&name) { - None => None, - Some(sv) => Some(sv.id.get_type()) - })) - } - ref a => Err(ErrorInner { - pos: Some(pos), - message: format!("Left hand side of function return assignment must be a list of identifiers, found {}", a)}) - }.map_err(|e| vec![e])?; - vars_types.push(t); - var_names.push(name); + + println!("{:?}", assignees); + + // check lhs assignees are defined + let (assignees, errors): (Vec<_>, Vec<_>) = assignees.into_iter().map(|a| self.check_assignee(a, module_id, types)).partition(|r| r.is_ok()); + + if errors.len() > 0 { + return Err(errors.into_iter().map(|e| e.unwrap_err()).collect()); } + + // constrain assignees to being identifiers + let (variables, errors): (Vec<_>, Vec<_>) = assignees.into_iter().map(|a| match a.unwrap() { + TypedAssignee::Identifier(v) => Ok(v), + a => Err(ErrorInner { + pos: Some(pos), + message: format!("Only assignment to identifiers is supported, found {}", a) + }) + }).partition(|r| r.is_ok()); + + if errors.len() > 0 { + return Err(errors.into_iter().map(|e| e.unwrap_err()).collect()); + } + + let variables: Vec<_> = variables.into_iter().map(|v| v.unwrap()).collect(); + + let vars_types = variables.iter().map(|a| Some(a.get_type().clone())).collect(); + // find argument types let mut arguments_checked = vec![]; for arg in arguments { @@ -965,32 +972,18 @@ impl<'ast> Checker<'ast> { arguments_checked.iter().map(|a| a.get_type()).collect(); let query = FunctionQuery::new(&fun_id, &arguments_types, &vars_types); - let candidates = self.find_candidates(&query); + let f = self.find_function(&query); - match candidates.len() { + match f { // the function has to be defined - 1 => { - let f = &candidates[0]; - - // we can infer the left hand side to be typed as the return values - let lhs: Vec = var_names.iter().zip(f.signature.outputs.iter()).map(|(name, ty)| - Variable::with_id_and_type(crate::typed_absy::Identifier::from(*name), ty.clone()) - ).collect(); - - let assignees: Vec<_> = lhs.iter().map(|v| v.clone().into()).collect(); + Some(f) => { let call = TypedExpressionList::FunctionCall(f.clone(), arguments_checked, f.signature.outputs.clone()); - for var in lhs { - self.insert_into_scope(var); - } - - Ok(TypedStatement::MultipleDefinition(assignees, call)) + Ok(TypedStatement::MultipleDefinition(variables, call)) }, - 0 => Err(ErrorInner { pos: Some(pos), + None => Err(ErrorInner { pos: Some(pos), message: format!("Function definition for function {} with signature {} not found.", fun_id, query) }), - _ => Err(ErrorInner { pos: Some(pos), - message: format!("Function call for function {} with arguments {:?} is ambiguous.", fun_id, arguments_types) }), } } _ => Err(ErrorInner { @@ -1018,7 +1011,7 @@ impl<'ast> Checker<'ast> { ))), None => Err(ErrorInner { pos: Some(assignee.pos()), - message: format!("Undeclared variable: {:?}", variable_name), + message: format!("Variable `{}` is undeclared", variable_name), }), }, Assignee::Select(box assignee, box index) => { @@ -1350,12 +1343,11 @@ impl<'ast> Checker<'ast> { // we use type inference to determine the type of the return, so we don't specify it let query = FunctionQuery::new(&fun_id, &arguments_types, &vec![None]); - let candidates = self.find_candidates(&query); + let f = self.find_function(&query); - match candidates.len() { + match f { // the function has to be defined - 1 => { - let f = &candidates[0]; + Some(f) => { // the return count has to be 1 match f.signature.outputs.len() { 1 => match &f.signature.outputs[0] { @@ -1404,7 +1396,7 @@ impl<'ast> Checker<'ast> { }), } } - 0 => Err(ErrorInner { + None => Err(ErrorInner { pos: Some(pos), message: format!( @@ -1412,9 +1404,6 @@ impl<'ast> Checker<'ast> { fun_id, query ), }), - _ => { - unreachable!("duplicate definition should have been caught before the call") - } } } Expression::Lt(box e1, box e2) => { @@ -1972,7 +1961,7 @@ impl<'ast> Checker<'ast> { }) } - fn find_candidates(&self, query: &FunctionQuery<'ast>) -> Vec> { + fn find_function(&self, query: &FunctionQuery<'ast>) -> Option> { query.match_funcs(&self.functions) } @@ -3085,6 +3074,107 @@ mod tests { ); } + #[test] + fn undeclared_variables() { + // def foo(): + // return 1, 2 + // def main(): + // a, b = foo() + // return 1 + // should fail + + let foo_statements: Vec> = vec![Statement::Return( + ExpressionList { + expressions: vec![ + Expression::FieldConstant(FieldPrime::from(1)).mock(), + Expression::FieldConstant(FieldPrime::from(2)).mock(), + ], + } + .mock(), + ) + .mock()]; + + let foo = Function { + arguments: vec![], + statements: foo_statements, + signature: UnresolvedSignature { + inputs: vec![], + outputs: vec![ + UnresolvedType::FieldElement.mock(), + UnresolvedType::FieldElement.mock(), + ], + }, + } + .mock(); + + let main_statements: Vec> = vec![ + Statement::MultipleDefinition( + vec![ + Assignee::Identifier("a").mock(), + Assignee::Identifier("b").mock(), + ], + Expression::FunctionCall("foo", vec![]).mock(), + ) + .mock(), + Statement::Return( + ExpressionList { + expressions: vec![Expression::FieldConstant(FieldPrime::from(1)).mock()], + } + .mock(), + ) + .mock(), + ]; + + let main = Function { + arguments: vec![], + statements: main_statements, + signature: UnresolvedSignature { + inputs: vec![], + outputs: vec![UnresolvedType::FieldElement.mock()], + }, + } + .mock(); + + let module = Module { + symbols: vec![ + SymbolDeclaration { + id: "foo", + symbol: Symbol::HereFunction(foo), + } + .mock(), + SymbolDeclaration { + id: "main", + symbol: Symbol::HereFunction(main), + } + .mock(), + ], + imports: vec![], + }; + + let mut state = State::new(vec![("main".into(), module)].into_iter().collect()); + + let mut checker = new_with_args(HashSet::new(), 0, HashSet::new()); + assert_eq!( + checker.check_module(&"main".into(), &mut state), + Err(vec![ + Error { + inner: ErrorInner { + pos: Some((Position::mock(), Position::mock())), + message: "Variable `a` is undeclared".into() + }, + module_id: "main".into() + }, + Error { + inner: ErrorInner { + pos: Some((Position::mock(), Position::mock())), + message: "Variable `b` is undeclared".into() + }, + module_id: "main".into() + } + ]) + ); + } + #[test] fn function_undefined() { // def bar(): From 3f19bac343a0bb948f44eff39f85d55c4b6c560a Mon Sep 17 00:00:00 2001 From: schaeff Date: Tue, 7 Apr 2020 17:12:21 +0200 Subject: [PATCH 2/4] remove print --- zokrates_core/src/semantics.rs | 3 --- 1 file changed, 3 deletions(-) diff --git a/zokrates_core/src/semantics.rs b/zokrates_core/src/semantics.rs index 427151b2..238e35ec 100644 --- a/zokrates_core/src/semantics.rs +++ b/zokrates_core/src/semantics.rs @@ -795,7 +795,6 @@ impl<'ast> Checker<'ast> { module_id: &ModuleId, types: &TypeMap, ) -> Result, Vec> { - println!("{}", stat); let pos = stat.pos(); @@ -935,8 +934,6 @@ impl<'ast> Checker<'ast> { // Right side has to be a function call Expression::FunctionCall(fun_id, arguments) => { - println!("{:?}", assignees); - // check lhs assignees are defined let (assignees, errors): (Vec<_>, Vec<_>) = assignees.into_iter().map(|a| self.check_assignee(a, module_id, types)).partition(|r| r.is_ok()); From f03c55b54ab1c6fed65b3128a3dcd27580e8856c Mon Sep 17 00:00:00 2001 From: schaeff Date: Thu, 9 Apr 2020 16:24:21 +0200 Subject: [PATCH 3/4] wip --- zokrates_cli/examples/arrays/update.zok | 2 +- zokrates_cli/examples/book/hashexample.zok | 2 +- .../examples/book/hashexample_updated.zok | 2 +- zokrates_cli/examples/book/multi_def.zok | 2 +- zokrates_cli/examples/book/struct_assign.code | 10 -- zokrates_cli/examples/book/struct_init.code | 8 -- zokrates_cli/examples/book/structs.code | 14 --- .../examples/book/type_annotations.zok | 2 +- zokrates_cli/examples/dex/decodeOrder.zok | 1 + .../examples/dex/ringtrade_example.zok | 8 +- .../examples/functions/expressions.zok | 6 +- zokrates_cli/examples/functions/functions.zok | 2 +- .../examples/functions/multi_functions.zok | 4 +- .../examples/functions/multi_shadowing.zok | 4 +- zokrates_core/src/semantics.rs | 100 +++++++++++++++++- zokrates_parser/src/zokrates.pest | 2 +- .../stdlib/ecc/babyjubjubParams.zok | 29 ++++- zokrates_stdlib/stdlib/ecc/edwardsAdd.zok | 10 +- .../stdlib/ecc/edwardsCompress.zok | 3 +- zokrates_stdlib/stdlib/ecc/edwardsNegate.zok | 3 +- zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok | 8 +- .../stdlib/ecc/edwardsOrderCheck.zok | 8 +- .../stdlib/ecc/edwardsScalarMult.zok | 8 +- .../stdlib/ecc/proofOfOwnership.zok | 5 +- .../stdlib/hashes/pedersen/512bit.zok | 5 +- .../stdlib/hashes/pedersen/6bit.zok | 15 +-- .../stdlib/hashes/sha256/1024bit.zok | 6 +- .../stdlib/hashes/sha256/512bit.zok | 4 +- .../stdlib/hashes/sha256/512bitPacked.zok | 12 +-- .../stdlib/hashes/sha256/512bitPadded.zok | 2 +- 30 files changed, 193 insertions(+), 94 deletions(-) delete mode 100644 zokrates_cli/examples/book/struct_assign.code delete mode 100644 zokrates_cli/examples/book/struct_init.code delete mode 100644 zokrates_cli/examples/book/structs.code diff --git a/zokrates_cli/examples/arrays/update.zok b/zokrates_cli/examples/arrays/update.zok index de92cda1..ef660b33 100644 --- a/zokrates_cli/examples/arrays/update.zok +++ b/zokrates_cli/examples/arrays/update.zok @@ -4,6 +4,6 @@ def foo(field[3] a) -> (field): def main() -> (field, field): field[3] a = [0, 0, 0] - res = foo(a) + field res = foo(a) a[1] == 0 return res, a[1] diff --git a/zokrates_cli/examples/book/hashexample.zok b/zokrates_cli/examples/book/hashexample.zok index ba90147e..24f1e824 100644 --- a/zokrates_cli/examples/book/hashexample.zok +++ b/zokrates_cli/examples/book/hashexample.zok @@ -1,5 +1,5 @@ import "hashes/sha256/512bitPacked" as sha256packed def main(private field a, private field b, private field c, private field d) -> (field[2]): - h = sha256packed([a, b, c, d]) + field[2] h = sha256packed([a, b, c, d]) return h \ No newline at end of file diff --git a/zokrates_cli/examples/book/hashexample_updated.zok b/zokrates_cli/examples/book/hashexample_updated.zok index b7daee58..c231f72e 100644 --- a/zokrates_cli/examples/book/hashexample_updated.zok +++ b/zokrates_cli/examples/book/hashexample_updated.zok @@ -1,7 +1,7 @@ import "hashes/sha256/512bitPacked" as sha256packed def main(private field a, private field b, private field c, private field d) -> (field): - h = sha256packed([a, b, c, d]) + field[2] h = sha256packed([a, b, c, d]) h[0] == 263561599766550617289250058199814760685 h[1] == 65303172752238645975888084098459749904 return 1 \ No newline at end of file diff --git a/zokrates_cli/examples/book/multi_def.zok b/zokrates_cli/examples/book/multi_def.zok index fca062f0..55e58055 100644 --- a/zokrates_cli/examples/book/multi_def.zok +++ b/zokrates_cli/examples/book/multi_def.zok @@ -2,5 +2,5 @@ def foo() -> (field, field): return 21, 42 def main() -> (field): - a, b = foo() + field a, field b = foo() return 1 \ No newline at end of file diff --git a/zokrates_cli/examples/book/struct_assign.code b/zokrates_cli/examples/book/struct_assign.code deleted file mode 100644 index c52794d1..00000000 --- a/zokrates_cli/examples/book/struct_assign.code +++ /dev/null @@ -1,10 +0,0 @@ -struct Point { - field x - field y -} - -def main(field a) -> (Point): - Point p = Point {x: 1, y: 0} - p.x = a - p.y = p.x - return p diff --git a/zokrates_cli/examples/book/struct_init.code b/zokrates_cli/examples/book/struct_init.code deleted file mode 100644 index 837afc84..00000000 --- a/zokrates_cli/examples/book/struct_init.code +++ /dev/null @@ -1,8 +0,0 @@ -struct Point { - field x - field y -} - -def main() -> (Point): - Point p = Point {x: 1, y: 0} - return p diff --git a/zokrates_cli/examples/book/structs.code b/zokrates_cli/examples/book/structs.code deleted file mode 100644 index 7cca5707..00000000 --- a/zokrates_cli/examples/book/structs.code +++ /dev/null @@ -1,14 +0,0 @@ -struct Bar { - field[2] c - bool d -} - -struct Foo { - Bar a - bool b -} - -def main() -> (Foo): - Foo[2] f = [Foo { a: Bar { c: [0, 0], d: false }, b: true}, Foo { a: Bar {c: [0, 0], d: false}, b: true}] - f[0].a.c = [42, 43] - return f[0] diff --git a/zokrates_cli/examples/book/type_annotations.zok b/zokrates_cli/examples/book/type_annotations.zok index cb71575b..8cff31e1 100644 --- a/zokrates_cli/examples/book/type_annotations.zok +++ b/zokrates_cli/examples/book/type_annotations.zok @@ -5,5 +5,5 @@ def foo() -> (field, field): return 1, 2 def main() -> (field): - a, field[3] b = foo() + field a, field[3] b = foo() return 1 \ No newline at end of file diff --git a/zokrates_cli/examples/dex/decodeOrder.zok b/zokrates_cli/examples/dex/decodeOrder.zok index db917f29..5ed9bdaf 100644 --- a/zokrates_cli/examples/dex/decodeOrder.zok +++ b/zokrates_cli/examples/dex/decodeOrder.zok @@ -9,6 +9,7 @@ def main(field order) -> (field, field, field, field): // LSB field amount = 0 field exponent = 1 + field bit = 0 for field i in 0..120 do bit, order = popLeastSignificantBit(order) amount = amount + (bit * exponent) diff --git a/zokrates_cli/examples/dex/ringtrade_example.zok b/zokrates_cli/examples/dex/ringtrade_example.zok index dc66d33a..b966ead1 100644 --- a/zokrates_cli/examples/dex/ringtrade_example.zok +++ b/zokrates_cli/examples/dex/ringtrade_example.zok @@ -55,8 +55,8 @@ def checkConstraints(field[3] amount, field[3] sourceToken, field[3] targetToken endfor // the amount of sell volume for a token equals its buy volume: - buyVolumeToken = tupleForTokensWithValue(0) - sellVolumeToken = tupleForTokensWithValue(0) + field[3] buyVolumeToken = tupleForTokensWithValue(0) + field[3] sellVolumeToken = tupleForTokensWithValue(0) for field i in 0..3 do buyVolumeToken = addVolumesForOrder(buyVolumeToken, targetToken[i], volume[i] * sourceTokenPriceOrder[i]) @@ -66,7 +66,7 @@ def checkConstraints(field[3] amount, field[3] sourceToken, field[3] targetToken buyVolumeToken == sellVolumeToken // If an order σ ∈ Oi→j with a limit price p has a positive trading volume, then every order in Oi→j with a lower limit price should be completely fulfilled. - highestTouchedOrder = tupleForTokenPairsWithValue(0) + field[9] highestTouchedOrder = tupleForTokenPairsWithValue(0) for field i in 0..3 do highestTouchedOrder = updateHighestTouchedOrder(highestTouchedOrder, sourceToken[i], targetToken[i], limit[i], volume[i]) @@ -89,7 +89,7 @@ def main(private field[3] encodedOrder, private field[3] bitmapOrder, private fi // Decode orders for field i in 0..3 do - a, s, t, l = decodeOrder(encodedOrder[i]) + field a, field s, field t, field l = decodeOrder(encodedOrder[i]) amount[i] = a sourceToken[i] = s targetToken[i] = t diff --git a/zokrates_cli/examples/functions/expressions.zok b/zokrates_cli/examples/functions/expressions.zok index 71340136..9d650213 100644 --- a/zokrates_cli/examples/functions/expressions.zok +++ b/zokrates_cli/examples/functions/expressions.zok @@ -4,7 +4,7 @@ def add(field a,field b) -> (field): // Expected for inputs 1,1: c=4, d=7, e=10 def main(field a,field b) -> (field): - c = add(a*2+3*b-a,b-1) - d = add(a*b+2, a*b*c) - e = add(add(a,d),add(a,b)) + field c = add(a*2+3*b-a,b-1) + field d = add(a*b+2, a*b*c) + field e = add(add(a,d),add(a,b)) return e diff --git a/zokrates_cli/examples/functions/functions.zok b/zokrates_cli/examples/functions/functions.zok index ab0d8c91..7a0b4cc9 100644 --- a/zokrates_cli/examples/functions/functions.zok +++ b/zokrates_cli/examples/functions/functions.zok @@ -2,5 +2,5 @@ def add(field f,field g) -> (field): return f+g def main(field a, field b) -> (field): - c = add(a,b) + field c = add(a,b) return c diff --git a/zokrates_cli/examples/functions/multi_functions.zok b/zokrates_cli/examples/functions/multi_functions.zok index d43ad5eb..9a0ce961 100644 --- a/zokrates_cli/examples/functions/multi_functions.zok +++ b/zokrates_cli/examples/functions/multi_functions.zok @@ -4,8 +4,8 @@ def add(field a, field b) -> (field): def main(field a, field b,field c, field d) -> (field): field g = a + b - x = add(a,b) - y = add(c,d) + field x = add(a,b) + field y = add(c,d) g = add(x, g) g = add(x, g) field f = c + d + a diff --git a/zokrates_cli/examples/functions/multi_shadowing.zok b/zokrates_cli/examples/functions/multi_shadowing.zok index ca4edcd6..dea0b545 100644 --- a/zokrates_cli/examples/functions/multi_shadowing.zok +++ b/zokrates_cli/examples/functions/multi_shadowing.zok @@ -6,6 +6,6 @@ def sub(field a, field b) -> (field): return a-b def main(field a, field b) -> (field): - c = add(a,b) - d = sub(a,b) + field c = add(a,b) + field d = sub(a,b) return 0 diff --git a/zokrates_core/src/semantics.rs b/zokrates_core/src/semantics.rs index 238e35ec..33a4fb11 100644 --- a/zokrates_core/src/semantics.rs +++ b/zokrates_core/src/semantics.rs @@ -3073,7 +3073,7 @@ mod tests { #[test] fn undeclared_variables() { - // def foo(): + // def foo() -> (field, field): // return 1, 2 // def main(): // a, b = foo() @@ -3115,7 +3115,7 @@ mod tests { .mock(), Statement::Return( ExpressionList { - expressions: vec![Expression::FieldConstant(FieldPrime::from(1)).mock()], + expressions: vec![], } .mock(), ) @@ -3127,7 +3127,7 @@ mod tests { statements: main_statements, signature: UnresolvedSignature { inputs: vec![], - outputs: vec![UnresolvedType::FieldElement.mock()], + outputs: vec![], }, } .mock(); @@ -3172,6 +3172,100 @@ mod tests { ); } + #[test] + fn assign_to_non_variable() { + // def foo() -> (field): + // return 1 + // def main(): + // field[1] a = [0] + // a[0] = foo() + // return + // should fail + + let foo_statements: Vec> = vec![Statement::Return( + ExpressionList { + expressions: vec![ + Expression::FieldConstant(FieldPrime::from(1)).mock(), + ], + } + .mock(), + ) + .mock()]; + + let foo = Function { + arguments: vec![], + statements: foo_statements, + signature: UnresolvedSignature { + inputs: vec![], + outputs: vec![ + UnresolvedType::FieldElement.mock(), + ], + }, + } + .mock(); + + let main_statements: Vec> = vec![ + Statement::Declaration(absy::Variable::new("a", UnresolvedType::array(UnresolvedType::FieldElement.mock(), 1).mock()).mock()).mock(), + Statement::Definition(Assignee::Identifier("a".into()).mock(), Expression::InlineArray(vec![absy::SpreadOrExpression::Expression(Expression::FieldConstant(FieldPrime::from(0)).mock())]).mock()).mock(), + Statement::MultipleDefinition( + vec![ + Assignee::Select(box Assignee::Identifier("a").mock(), box RangeOrExpression::Expression(absy::Expression::FieldConstant(FieldPrime::from(0)).mock())).mock(), + ], + Expression::FunctionCall("foo", vec![]).mock(), + ) + .mock(), + Statement::Return( + ExpressionList { + expressions: vec![], + } + .mock(), + ) + .mock(), + ]; + + let main = Function { + arguments: vec![], + statements: main_statements, + signature: UnresolvedSignature { + inputs: vec![], + outputs: vec![], + }, + } + .mock(); + + let module = Module { + symbols: vec![ + SymbolDeclaration { + id: "foo", + symbol: Symbol::HereFunction(foo), + } + .mock(), + SymbolDeclaration { + id: "main", + symbol: Symbol::HereFunction(main), + } + .mock(), + ], + imports: vec![], + }; + + let mut state = State::new(vec![("main".into(), module)].into_iter().collect()); + + let mut checker = new_with_args(HashSet::new(), 0, HashSet::new()); + assert_eq!( + checker.check_module(&"main".into(), &mut state), + Err(vec![ + Error { + inner: ErrorInner { + pos: Some((Position::mock(), Position::mock())), + message: "Only assignment to identifiers is supported, found a[0]".into() + }, + module_id: "main".into() + } + ]) + ); + } + #[test] fn function_undefined() { // def bar(): diff --git a/zokrates_parser/src/zokrates.pest b/zokrates_parser/src/zokrates.pest index e0957b12..735b70e6 100644 --- a/zokrates_parser/src/zokrates.pest +++ b/zokrates_parser/src/zokrates.pest @@ -47,7 +47,7 @@ definition_statement = { optionally_typed_assignee_list ~ "=" ~ expression } // expression_statement = {expression} optionally_typed_assignee_list = _{ optionally_typed_assignee ~ ("," ~ optionally_typed_assignee)* } -optionally_typed_assignee = { (assignee) | (ty ~ assignee) } // we don't use { ty? ~ identifier } as with a single token, it gets parsed as `ty` but we want `identifier` +optionally_typed_assignee = { (ty ~ assignee) | (assignee) } // we don't use { ty? ~ identifier } as with a single token, it gets parsed as `ty` but we want `identifier` // Expressions expression_list = _{(expression ~ ("," ~ expression)*)?} diff --git a/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok b/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok index 08ccfeda..a1bae4bf 100644 --- a/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok +++ b/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok @@ -1,6 +1,19 @@ // Parameters are based on: https://github.com/HarryR/ethsnarks/tree/9cdf0117c2e42c691e75b98979cb29b099eca998/src/jubjub // Note: parameters will be updated soon to be more compatible with zCash's implementation -def main() -> (field[10]): + +struct BabyJubJubParams { + field JUBJUBE + field JUBJUBC + field JUBJUBA + field JUBJUBD + field MONTA + field MONTB + field[2] INFINITY + field Gu + field Gv +} + +def main() -> (BabyJubJubParams): // Order of the curve E field JUBJUBE = 21888242871839275222246405745257275088614511777268538073601725287587578984328 @@ -11,7 +24,7 @@ def main() -> (field[10]): field MONTB = 1 // int(4/(JUBJUB_A-JUBJUB_D)) // Point at infinity - field[2] infinity = [0, 1] + field[2] INFINITY = [0, 1] // Generator field Gu = 16540640123574156134436876038791482806971768689494387082833631921987005038935 @@ -19,4 +32,14 @@ def main() -> (field[10]): // Index // 0 1 2 3 4 5 6 7 8 10 -return [JUBJUBA, JUBJUBD, infinity[0], infinity[1], Gu, Gv, JUBJUBE, JUBJUBC, MONTA, MONTB] +return BabyJubJubParams { + JUBJUBA: JUBJUBA, + JUBJUBD: JUBJUBD, + INFINITY: INFINITY, + Gu: Gu, + Gv: Gv, + JUBJUBE: JUBJUBE, + JUBJUBC: JUBJUBC, + MONTA: MONTA, + MONTB: MONTB +} diff --git a/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok b/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok index 1e899987..29874296 100644 --- a/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok +++ b/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok @@ -1,11 +1,13 @@ -import "ecc/babyjubjubParams" as context +from "ecc/babyjubjubParams" import main as context +from "ecc/babyjubjubParams" import BabyJubJubParams + // Add two points on a twisted Edwards curve // Curve parameters are defined with the last argument // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Addition_on_twisted_Edwards_curves -def main(field[2] pt1, field[2] pt2, field[10] context) -> (field[2]): +def main(field[2] pt1, field[2] pt2, BabyJubJubParams context) -> (field[2]): - field a = context[0] - field d = context[1] + field a = context.JUBJUBA + field d = context.JUBJUBD field u1 = pt1[0] field v1 = pt1[1] diff --git a/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok b/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok index 7b874e7b..15109f03 100644 --- a/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok +++ b/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok @@ -1,4 +1,5 @@ import "utils/pack/nonStrictUnpack256" as unpack256 + // Compress JubJub Curve Point to 256bit array using big endianness bit order // Python reference code from pycrypto: // def compress(self): @@ -6,7 +7,7 @@ import "utils/pack/nonStrictUnpack256" as unpack256 // y = self.y.n // return int.to_bytes(y | ((x & 1) << 255), 32, "big") -def main(field[2] pt, field[10] context) -> (field[256]): +def main(field[2] pt) -> (field[256]): field x = pt[0] field y = pt[1] diff --git a/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok b/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok index af6d8156..43ac5cbf 100644 --- a/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok +++ b/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok @@ -1,8 +1,7 @@ -import "ecc/babyjubjubParams" as context // Negate a point on an Edwards curve // Curve parameters are defined with the last argument // Twisted Edwards Curves, BBJLP-2008, section 2 pg 2 -def main(field[2] pt, field[10] context) -> (field[2]): +def main(field[2] pt) -> (field[2]): field u = pt[0] field v = pt[1] diff --git a/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok b/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok index e55ada5d..fa42e1a4 100644 --- a/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok +++ b/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok @@ -1,11 +1,13 @@ +from "ecc/babyjubjubParams" import BabyJubJubParams + // Check if a point is on a twisted Edwards curve // Curve parameters are defined with the last argument // See appendix 3.3.1 of Zcash protocol specification: // https://github.com/zcash/zips/blob/master/protocol/protocol.pdf -def main(field[2] pt, field[10] context) -> (field): +def main(field[2] pt, BabyJubJubParams context) -> (field): - field a = context[0] - field d = context[1] + field a = context.JUBJUBA + field d = context.JUBJUBD field uu = pt[0] * pt[0] field vv = pt[1] * pt[1] diff --git a/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok b/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok index b6a0e64b..fc1d342c 100644 --- a/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok +++ b/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok @@ -1,15 +1,19 @@ import "ecc/edwardsAdd" as add import "ecc/edwardsScalarMult" as multiply import "utils/pack/nonStrictUnpack256" as unpack256 +from "ecc/babyjubjubParams" import BabyJubJubParams + // Verifies that the point is not one of the low-order points. // If any of the points is multiplied by the cofactor, the resulting point // will be infinity. // Returns 1 if the point is not one of the low-order points, 0 otherwise. // Curve parameters are defined with the last argument // https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/edwards.rs#L166 -def main(field[2] pt, field[10] context) -> (field): +def main(field[2] pt, BabyJubJubParams context) -> (field): - field cofactor = context[7] + field cofactor = context.JUBJUBC + + cofactor == 8 // Co-factor currently hard-coded to 8 for efficiency reasons // See discussion here: https://github.com/Zokrates/ZoKrates/pull/301#discussion_r267203391 diff --git a/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok b/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok index 22049047..1f47d8b8 100644 --- a/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok +++ b/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok @@ -1,21 +1,23 @@ import "ecc/edwardsAdd" as add import "ecc/edwardsOnCurve" as assertOnCurve +from "ecc/babyjubjubParams" import BabyJubJubParams + // Function that implements scalar multiplication for a fixed base point // Curve parameters are defined with the last argument // The exponent is hard-coded to a 256bit scalar, hence we allow wrapping around the group for certain // curve parameters. // Note that the exponent array is not check to be boolean in this gadget // Reference: https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/fs.rs#L555 -def main(field[256] exponent, field[2] pt, field[10] context) -> (field[2]): +def main(field[256] exponent, field[2] pt, BabyJubJubParams context) -> (field[2]): - field[2] infinity = [context[2], context[3]] + field[2] infinity = context.INFINITY field[2] doubledP = pt field[2] accumulatedP = infinity for field i in 0..256 do field j = 255 - i - candidateP = add(accumulatedP, doubledP, context) + field[2] candidateP = add(accumulatedP, doubledP, context) accumulatedP = if exponent[j] == 1 then candidateP else accumulatedP fi doubledP = add(doubledP, doubledP, context) endfor diff --git a/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok b/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok index f6b0c1fd..a959ad55 100644 --- a/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok +++ b/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok @@ -1,6 +1,7 @@ import "ecc/edwardsAdd" as add import "ecc/edwardsScalarMult" as multiply import "utils/pack/nonStrictUnpack256" as unpack256 +from "ecc/babyjubjubParams" import BabyJubJubParams /// Verifies match of a given public/private keypair. /// @@ -16,9 +17,9 @@ import "utils/pack/nonStrictUnpack256" as unpack256 /// /// Returns: /// Return 1 for pk/sk being a valid keypair, 0 otherwise. -def main(field[2] pk, field sk, field[10] context) -> (field): +def main(field[2] pk, field sk, BabyJubJubParams context) -> (field): - field[2] G = [context[4], context[5]] + field[2] G = [context.Gu, context.Gv] field[256] skBits = unpack256(sk) field[2] ptExp = multiply(skBits, G, context) diff --git a/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok b/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok index 1edac5f0..6bba5ecf 100644 --- a/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok +++ b/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok @@ -3,6 +3,7 @@ import "utils/multiplexer/lookup2bit" as sel2 import "ecc/babyjubjubParams" as context import "ecc/edwardsAdd" as add import "ecc/edwardsCompress" as edwardsCompress +from "ecc/babyjubjubParams" import BabyJubJubParams // Code to export generators used in this example: // import bitstring @@ -16,8 +17,8 @@ import "ecc/edwardsCompress" as edwardsCompress // 512bit to 256bit Pedersen hash using compression of the field elements def main(field[512] e) -> (field[256]): - context = context() - field[2] a = [context[2], context[3]] //Infinity + BabyJubJubParams context = context() + field[2] a = context.infinity //Infinity //Round 0 cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236]) cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845]) diff --git a/zokrates_stdlib/stdlib/hashes/pedersen/6bit.zok b/zokrates_stdlib/stdlib/hashes/pedersen/6bit.zok index ebd01599..c37f8a57 100644 --- a/zokrates_stdlib/stdlib/hashes/pedersen/6bit.zok +++ b/zokrates_stdlib/stdlib/hashes/pedersen/6bit.zok @@ -1,20 +1,21 @@ import "utils/multiplexer/lookup3bitSigned" as sel3s import "utils/multiplexer/lookup2bit" as sel2 import "ecc/babyjubjubParams" as context +from "ecc/babyjubjubParams" import BabyJubJubParams import "ecc/edwardsAdd" as add def main(field[6] e) -> (field[2]): - context = context() + BabyJubJubParams context = context() - field[2] a = [context[2], context[3]] //Infinity + field[2] a = context.INFINITY //Infinity //Round 0 - cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236]) - cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845]) + field cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236]) + field cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845]) a = add(a, [cx, cy], context) //Round 1 - cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905]) - cy = sel2([e[3], e[4]], [16704592219657141368520262522286248296157931669321735564513068002743507745908 , 11518684165372839249156788740134693928233608013641661856685773776747280808438, 21502372109496595498116676984635248026663470429940273577484250291841812814697, 17522620677401472201433112250371604936150385414760411280739362011041111141253]) - a = add(a, [cx, cy], context) + field cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905]) + field cy = sel2([e[3], e[4]], [16704592219657141368520262522286248296157931669321735564513068002743507745908 , 11518684165372839249156788740134693928233608013641661856685773776747280808438, 21502372109496595498116676984635248026663470429940273577484250291841812814697, 17522620677401472201433112250371604936150385414760411280739362011041111141253]) + field[2] a = add(a, [cx, cy], context) return a \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok b/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok index 4826cb04..949dba4c 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok @@ -6,8 +6,8 @@ import "./shaRoundNoBoolCheck" as sha256 // It returns an array of 256 field elements. def main(field[256] a, field[256] b, field[256] c, field[256] d) -> (field[256]): - IV = IVconstants() - digest1 = sha256(a, b, IV) - digest2 = sha256(c, d, digest1) + field[256] IV = IVconstants() + field[256] digest1 = sha256(a, b, IV) + field[256] digest2 = sha256(c, d, digest1) return digest2 \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok b/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok index 10592f38..a353f43b 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok @@ -8,8 +8,8 @@ def main(field[256] a, field[256] b) -> (field[256]): // a and b is NOT checked to be of type bool - IV = IVconstants() - digest = sha256(a, b, IV) + field[256] IV = IVconstants() + field[256] digest = sha256(a, b, IV) //digest is constraint to be of type bool return digest diff --git a/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok b/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok index 7a48be5a..00bc9894 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok @@ -6,17 +6,17 @@ import "./512bitPadded" as sha256 // It then returns an array of two field elements, each representing 128 bits of the result. def main(field[4] preimage) -> (field[2]): - a = unpack128(preimage[0]) - b = unpack128(preimage[1]) - c = unpack128(preimage[2]) - d = unpack128(preimage[3]) + field[128] a = unpack128(preimage[0]) + field[128] b = unpack128(preimage[1]) + field[128] c = unpack128(preimage[2]) + field[128] d = unpack128(preimage[3]) field[256] lhs = [...a, ...b] field[256] rhs = [...c, ...d] field[256] r = sha256(lhs, rhs) - res0 = pack128(r[..128]) - res1 = pack128(r[128..]) + field res0 = pack128(r[..128]) + field res1 = pack128(r[128..]) return [res0, res1] \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok b/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok index d0596ed9..17a7353a 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok @@ -11,6 +11,6 @@ def main(field[256] a, field[256] b) -> (field[256]): // total length of message is 512 bits: 0b1000000000 field[256] dummyblock2 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0] - digest = sha256(a, b, dummyblock1, dummyblock2) + field[256] digest = sha256(a, b, dummyblock1, dummyblock2) return digest \ No newline at end of file From ba54e346f2b4d85702ac1deb63113f3cc87f32dc Mon Sep 17 00:00:00 2001 From: schaeff Date: Tue, 14 Apr 2020 16:32:14 +0200 Subject: [PATCH 4/4] update code for new semantics --- .../merkleTree/pedersenPathProof3.zok | 5 ++- .../examples/merkleTree/sha256PathProof3.zok | 4 +- zokrates_cli/examples/propagate_call.zok | 2 +- .../sha256/binary/andxorandxorand.zok | 7 ---- .../examples/sha256/binary/andxornotand.zok | 8 ---- .../examples/sha256/binary/fulladd.zok | 10 ----- .../examples/sha256/binary/halfadd.zok | 7 ---- .../examples/sha256/bitwise/32/and.zok | 11 ----- .../sha256/bitwise/32/andxorandxorand.zok | 11 ----- .../sha256/bitwise/32/andxornotand.zok | 11 ----- .../examples/sha256/bitwise/32/not.zok | 11 ----- .../examples/sha256/bitwise/32/xor.zok | 11 ----- zokrates_cli/examples/sha256/utils/32/add.zok | 13 ------ .../sha256/utils/32/ar17xar19xars10.zok | 21 ---------- .../sha256/utils/32/ar2xar13xar22.zok | 21 ---------- .../sha256/utils/32/ar6xar11xar25.zok | 20 --------- .../sha256/utils/32/ar7xar18xars3.zok | 20 --------- .../sha256/utils/32/compression_round.zok | 42 ------------------- .../examples/sha256/utils/32/extend.zok | 20 --------- .../tests/tests/complex_call.zok | 2 +- .../stdlib/hashes/pedersen/512bit.zok | 8 ++-- .../stdlib/hashes/pedersen/6bit.zok | 6 +-- .../stdlib/hashes/sha256/1024bitPadded.zok | 2 +- .../stdlib/hashes/sha256/1536bit.zok | 8 ++-- .../stdlib/signatures/verifyEddsa.zok | 5 ++- .../tests/tests/ecc/edwardsAdd.zok | 15 +++---- .../tests/tests/ecc/edwardsCompress.zok | 11 ++--- .../tests/tests/ecc/edwardsOnCurve.zok | 3 +- .../tests/tests/ecc/edwardsOrderCheck.zok | 5 ++- .../tests/tests/ecc/edwardsScalarMult.zok | 17 ++++---- .../tests/tests/ecc/proofOfOwnership.zok | 7 ++-- .../tests/hashes/sha256/512bitPacked.zok | 2 +- .../hashes/utils/256bitsDirectionHelper.zok | 4 +- .../tests/tests/signatures/verifyEddsa.zok | 3 +- 34 files changed, 59 insertions(+), 294 deletions(-) delete mode 100644 zokrates_cli/examples/sha256/binary/andxorandxorand.zok delete mode 100644 zokrates_cli/examples/sha256/binary/andxornotand.zok delete mode 100644 zokrates_cli/examples/sha256/binary/fulladd.zok delete mode 100644 zokrates_cli/examples/sha256/binary/halfadd.zok delete mode 100644 zokrates_cli/examples/sha256/bitwise/32/and.zok delete mode 100644 zokrates_cli/examples/sha256/bitwise/32/andxorandxorand.zok delete mode 100644 zokrates_cli/examples/sha256/bitwise/32/andxornotand.zok delete mode 100644 zokrates_cli/examples/sha256/bitwise/32/not.zok delete mode 100644 zokrates_cli/examples/sha256/bitwise/32/xor.zok delete mode 100644 zokrates_cli/examples/sha256/utils/32/add.zok delete mode 100644 zokrates_cli/examples/sha256/utils/32/ar17xar19xars10.zok delete mode 100644 zokrates_cli/examples/sha256/utils/32/ar2xar13xar22.zok delete mode 100644 zokrates_cli/examples/sha256/utils/32/ar6xar11xar25.zok delete mode 100644 zokrates_cli/examples/sha256/utils/32/ar7xar18xars3.zok delete mode 100644 zokrates_cli/examples/sha256/utils/32/compression_round.zok delete mode 100644 zokrates_cli/examples/sha256/utils/32/extend.zok diff --git a/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok b/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok index 87da1787..1ac9251f 100644 --- a/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok +++ b/zokrates_cli/examples/merkleTree/pedersenPathProof3.zok @@ -1,18 +1,19 @@ import "hashes/pedersen/512bit" as hash import "ecc/edwardsCompress" as edwardsCompress import "ecc/babyjubjubParams" as context +from "ecc/babyjubjubParams" import BabyJubJubParams import "hashes/utils/256bitsDirectionHelper" as multiplex import "utils/binary/not" as NOT // Merke-Tree inclusion proof for tree depth 3 using SNARK efficient pedersen hashes // directionSelector=> 1/true if current digest is on the rhs of the hash def main(field[256] rootDigest, private field[256] leafDigest, private field[3] directionSelector, field[256] PathDigest0, private field[256] PathDigest1, private field[256] PathDigest2) -> (field): - context = context() + BabyJubJubParams context = context() //Setup field[256] currentDigest = leafDigest //Loop up the tree - preimage = multiplex(directionSelector[0], currentDigest, PathDigest0) + field[512] preimage = multiplex(directionSelector[0], currentDigest, PathDigest0) currentDigest = hash(preimage) preimage = multiplex(directionSelector[1], currentDigest, PathDigest1) diff --git a/zokrates_cli/examples/merkleTree/sha256PathProof3.zok b/zokrates_cli/examples/merkleTree/sha256PathProof3.zok index 3699fec7..8d9bd0f3 100644 --- a/zokrates_cli/examples/merkleTree/sha256PathProof3.zok +++ b/zokrates_cli/examples/merkleTree/sha256PathProof3.zok @@ -13,8 +13,8 @@ def main(field treeDepth, field[256] rootDigest, private field[256] leafDigest, //Loop up the tree currentDirection = directionSelector[0] - lhs = multiplex(currentDirection, currentDigest, PathDigest0) - rhs = multiplex(NOT(currentDirection), currentDigest, PathDigest0) + field[256] lhs = multiplex(currentDirection, currentDigest, PathDigest0) + field[256] rhs = multiplex(NOT(currentDirection), currentDigest, PathDigest0) currentDigest = sha256(lhs, rhs) counter = counter + 1 diff --git a/zokrates_cli/examples/propagate_call.zok b/zokrates_cli/examples/propagate_call.zok index 111d0155..ea3435d4 100644 --- a/zokrates_cli/examples/propagate_call.zok +++ b/zokrates_cli/examples/propagate_call.zok @@ -3,5 +3,5 @@ def foo(field a, field b) -> (field, field): return a, b def main() -> (field): - a, b = foo(1, 1) + field a, field b = foo(1, 1) return a + b \ No newline at end of file diff --git a/zokrates_cli/examples/sha256/binary/andxorandxorand.zok b/zokrates_cli/examples/sha256/binary/andxorandxorand.zok deleted file mode 100644 index 5094c306..00000000 --- a/zokrates_cli/examples/sha256/binary/andxorandxorand.zok +++ /dev/null @@ -1,7 +0,0 @@ -// ANDXORANDXORAND - -import "utils/binary/xor" as XOR -import "utils/binary/and" as AND - -def main(field a, field b, field c) -> (field): - return XOR(XOR(AND(a, b), AND(a, c)), AND(b, c)) \ No newline at end of file diff --git a/zokrates_cli/examples/sha256/binary/andxornotand.zok b/zokrates_cli/examples/sha256/binary/andxornotand.zok deleted file mode 100644 index fcb5b462..00000000 --- a/zokrates_cli/examples/sha256/binary/andxornotand.zok +++ /dev/null @@ -1,8 +0,0 @@ -// ANDXORNOTAND - -import "utils/binary/and" as AND -import "utils/binary/xor" as XOR -import "utils/binary/not" as NOT - -def main(field a, field b, field c) -> (field): - return XOR(AND(a, b), AND(NOT(a), c)) diff --git a/zokrates_cli/examples/sha256/binary/fulladd.zok b/zokrates_cli/examples/sha256/binary/fulladd.zok deleted file mode 100644 index fbf13de5..00000000 --- a/zokrates_cli/examples/sha256/binary/fulladd.zok +++ /dev/null @@ -1,10 +0,0 @@ -// FULLADD - -import "./halfadd" as HALFADD -import "utils/binary/or" as OR - -def main(field a, field b, field car) -> (field, field): - out1, car1 = HALFADD(a, b) - out2, car2 = HALFADD(out1, car) - car3 = OR(car1, car2) - return out2, car3 \ No newline at end of file diff --git a/zokrates_cli/examples/sha256/binary/halfadd.zok b/zokrates_cli/examples/sha256/binary/halfadd.zok deleted file mode 100644 index 15f0e6ec..00000000 --- a/zokrates_cli/examples/sha256/binary/halfadd.zok +++ /dev/null @@ -1,7 +0,0 @@ -// HALFADD - -import "utils/binary/xor" as XOR -import "utils/binary/and" as AND - -def main(field a, field b) -> (field, field): - return XOR(a, b), AND(a, b) \ No newline at end of file diff --git a/zokrates_cli/examples/sha256/bitwise/32/and.zok b/zokrates_cli/examples/sha256/bitwise/32/and.zok deleted file mode 100644 index 7a36796f..00000000 --- a/zokrates_cli/examples/sha256/bitwise/32/and.zok +++ /dev/null @@ -1,11 +0,0 @@ -// AND - -import "utils/binary/and" as AND - -def main(field[32] b, field[32] c) -> (field[32]): - field[32] result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] - for field i in 0..32 do - r = AND(b[i], c[i]) - result[i] = r - endfor - return result \ No newline at end of file diff --git a/zokrates_cli/examples/sha256/bitwise/32/andxorandxorand.zok b/zokrates_cli/examples/sha256/bitwise/32/andxorandxorand.zok deleted file mode 100644 index 334c5ba1..00000000 --- a/zokrates_cli/examples/sha256/bitwise/32/andxorandxorand.zok +++ /dev/null @@ -1,11 +0,0 @@ -// ANDXORANDXORAND - -import "./../../binary/andxorandxorand" as ANDXORANDXORAND - -def main(field[32] b, field[32] c, field[32] d) -> (field[32]): - field[32] result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] - for field i in 0..32 do - r = ANDXORANDXORAND(b[i], c[i], d[i]) - result[i] = r - endfor - return result \ No newline at end of file diff --git a/zokrates_cli/examples/sha256/bitwise/32/andxornotand.zok b/zokrates_cli/examples/sha256/bitwise/32/andxornotand.zok deleted file mode 100644 index f053e5aa..00000000 --- a/zokrates_cli/examples/sha256/bitwise/32/andxornotand.zok +++ /dev/null @@ -1,11 +0,0 @@ -// ANDXORNOTAND - -import "./../../binary/andxornotand" as ANDXORNOTAND - -def main(field[32] b, field[32] c, field[32] d) -> (field[32]): - field[32] result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] - for field i in 0..32 do - r = ANDXORNOTAND(b[i], c[i], d[i]) - result[i] = r - endfor - return result \ No newline at end of file diff --git a/zokrates_cli/examples/sha256/bitwise/32/not.zok b/zokrates_cli/examples/sha256/bitwise/32/not.zok deleted file mode 100644 index 32fcddec..00000000 --- a/zokrates_cli/examples/sha256/bitwise/32/not.zok +++ /dev/null @@ -1,11 +0,0 @@ -// NOT - -import "utils/binary/not" as NOT - -def main(field[32] b) -> (field[32]): - field[32] result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] - for field i in 0..32 do - r = NOT(b[i]) - result[i] = r - endfor - return result \ No newline at end of file diff --git a/zokrates_cli/examples/sha256/bitwise/32/xor.zok b/zokrates_cli/examples/sha256/bitwise/32/xor.zok deleted file mode 100644 index 036c74f0..00000000 --- a/zokrates_cli/examples/sha256/bitwise/32/xor.zok +++ /dev/null @@ -1,11 +0,0 @@ -// XOR - -import "utils/binary/xor" as XOR - -def main(field[32] b, field[32] c) -> (field[32]): - field[32] result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] - for field i in 0..32 do - r = XOR(b[i], c[i]) - result[i] = r - endfor - return result \ No newline at end of file diff --git a/zokrates_cli/examples/sha256/utils/32/add.zok b/zokrates_cli/examples/sha256/utils/32/add.zok deleted file mode 100644 index f7b6c7c4..00000000 --- a/zokrates_cli/examples/sha256/utils/32/add.zok +++ /dev/null @@ -1,13 +0,0 @@ -// ADD - -import "../../binary/fulladd" as FULLADD - -def main(field[32] b, field[32] c) -> (field[32]): - field[33] car = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] - field[32] d = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] - for field i in 0..32 do - d0, car0 = FULLADD(b[i], c[i], car[i]) - d[i] = d0 - car[i + 1] = car0 - endfor - return d diff --git a/zokrates_cli/examples/sha256/utils/32/ar17xar19xars10.zok b/zokrates_cli/examples/sha256/utils/32/ar17xar19xars10.zok deleted file mode 100644 index b736d169..00000000 --- a/zokrates_cli/examples/sha256/utils/32/ar17xar19xars10.zok +++ /dev/null @@ -1,21 +0,0 @@ -// AR17XAR19XAR10 - -import "../../bitwise/32/xor" as XOR - -def RR17(field[32] b) -> (field[32]): - return [b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14]] - -def RR19(field[32] b) -> (field[32]): - return [b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12]] - -def RS10(field[32] b) -> (field[32]): - return [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21]] - -def main(field[32] a) -> (field[32]): - u = RR17(a) - v = RR19(a) - w = RS10(a) - x = XOR(u, v) - z = XOR(w, x) - return z - diff --git a/zokrates_cli/examples/sha256/utils/32/ar2xar13xar22.zok b/zokrates_cli/examples/sha256/utils/32/ar2xar13xar22.zok deleted file mode 100644 index 57f5e319..00000000 --- a/zokrates_cli/examples/sha256/utils/32/ar2xar13xar22.zok +++ /dev/null @@ -1,21 +0,0 @@ -// AR2XAR13XAR22 - -import "../../bitwise/32/xor" as XOR - -def RR2(field[32] b) -> (field[32]): - return [b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29]] - -def RR13(field[32] b) -> (field[32]): - return [b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18]] - -def RR22(field[32] b) -> (field[32]): - return [b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9]] - -def main(field[32] a) -> (field[32]): - u = RR2(a) - v = RR13(a) - w = RR22(a) - x = XOR(u, v) - z = XOR(w, x) - return z - diff --git a/zokrates_cli/examples/sha256/utils/32/ar6xar11xar25.zok b/zokrates_cli/examples/sha256/utils/32/ar6xar11xar25.zok deleted file mode 100644 index a23c9134..00000000 --- a/zokrates_cli/examples/sha256/utils/32/ar6xar11xar25.zok +++ /dev/null @@ -1,20 +0,0 @@ -// AR6XAR11XAR25 - -import "../../bitwise/32/xor" as XOR - -def RR6(field[32] b) -> (field[32]): - return [b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25]] - -def RR11(field[32] b) -> (field[32]): - return [b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20]] - -def RR25(field[32] b) -> (field[32]): - return [b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6]] - -def main(field[32] a) -> (field[32]): - u = RR6(a) - v = RR11(a) - w = RR25(a) - x = XOR(u, v) - z = XOR(w, x) - return z \ No newline at end of file diff --git a/zokrates_cli/examples/sha256/utils/32/ar7xar18xars3.zok b/zokrates_cli/examples/sha256/utils/32/ar7xar18xars3.zok deleted file mode 100644 index 6c523303..00000000 --- a/zokrates_cli/examples/sha256/utils/32/ar7xar18xars3.zok +++ /dev/null @@ -1,20 +0,0 @@ -// AR7XAR18XAR3 - -import "../../bitwise/32/xor" as XOR - -def RR7(field[32] b) -> (field[32]): - return [b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24]] - -def RR18(field[32] b) -> (field[32]): - return [b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13]] - -def RS3(field[32] b) -> (field[32]): - return [0, 0, 0, b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28]] - -def main(field[32] a) -> (field[32]): - u = RR7(a) - v = RR18(a) - w = RS3(a) - x = XOR(u, v) - z = XOR(w, x) - return z \ No newline at end of file diff --git a/zokrates_cli/examples/sha256/utils/32/compression_round.zok b/zokrates_cli/examples/sha256/utils/32/compression_round.zok deleted file mode 100644 index 100c2cd8..00000000 --- a/zokrates_cli/examples/sha256/utils/32/compression_round.zok +++ /dev/null @@ -1,42 +0,0 @@ -// COMPRESSION ROUND - -import "./ar6xar11xar25" as AR6XAR11XAR25 -import "./ar2xar13xar22" as AR2XAR13XAR22 -import "../../bitwise/32/andxornotand" as ANDXORNOTAND -import "../../bitwise/32/andxorandxorand" as ANDXORANDXORAND -import "./add" as ADD2 - -def ADD5(field[32] a, field[32] b, field[32] c, field[32] d, field[32] e) -> (field[32]): - ab = ADD2(a, b) - cd = ADD2(c, d) - abcd = ADD2(ab, cd) - abcde = ADD2(abcd, e) - return abcde - -def main(field[32] k, field[32] w, field[32] a, field[32] b, field[32] c, field[32] d, field[32] e, field[32] f, field[32] g, field[32] h) -> (field[32], field[32], field[32], field[32], field[32], field[32], field[32], field[32]): - - // S1 := (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25) - SOne = AR6XAR11XAR25(e) - - // ch := (e and f) xor ((not e) and g) - ch = ANDXORNOTAND(e, f, g) - - // temp1 := h + S1 + ch + k[i] + w[i] - tempOne = ADD5(h, SOne, ch, k, w) - - // S0 := (a rightrotate 2) xor (a rightrotate 13) xor (a rightrotate 22) - SZero = AR2XAR13XAR22(a) - - // maj := (a and b) xor (a and c) xor (b and c) - maj = ANDXORANDXORAND(a, b, c) - - // temp2 := S0 + maj - tempTwo = ADD2(SZero, maj) - - // en := d + temp1 - en = ADD2(d, tempOne) - - // an := temp1 + temp2 - an = ADD2(tempOne, tempTwo) - - return an, a, b, c, en, e, f, g \ No newline at end of file diff --git a/zokrates_cli/examples/sha256/utils/32/extend.zok b/zokrates_cli/examples/sha256/utils/32/extend.zok deleted file mode 100644 index f6964efa..00000000 --- a/zokrates_cli/examples/sha256/utils/32/extend.zok +++ /dev/null @@ -1,20 +0,0 @@ -// EXTEND - -import "./ar7xar18xars3" as AR7XAR18XAR3 -import "./ar17xar19xars10" as AR17XAR19XAR10 -import "./add" as ADD - -def ADD(field[32] a, field[32] b, field[32] c, field[32] d) -> (field[32]): - ab = ADD(a, b) - cd = ADD(c, d) - abcd = ADD(ab, cd) - return abcd - -def main(field[32] wm15, field[32] wm2, field[32] wm16, field[32] wm7) -> (field[32]): - // s0 := (w[i-15] rightrotate 7) xor (w[i-15] rightrotate 18) xor (w[i-15] rightshift 3) - szero = AR7XAR18XAR3(wm15) - // s1 := (w[i-2] rightrotate 17) xor (w[i-2] rightrotate 19) xor (w[i-2] rightshift 10) - sone = AR17XAR19XAR10(wm2) - // w[i] := w[i-16] + s0 + w[i-7] + s1 - wfb = ADD(wm16, szero, wm7, sone) - return wfb \ No newline at end of file diff --git a/zokrates_core_test/tests/tests/complex_call.zok b/zokrates_core_test/tests/tests/complex_call.zok index d737625f..7f1780c3 100644 --- a/zokrates_core_test/tests/tests/complex_call.zok +++ b/zokrates_core_test/tests/tests/complex_call.zok @@ -7,5 +7,5 @@ def f(bool a, field b, Foo c, field[2] d) -> (Foo, field): return Foo { a: [a, a], b: d[0] }, if c.a[0] then b + c.b else d[1] fi def main(bool a, field b, Foo c, field[2] d) -> (Foo, field): - e, f = f(a, b, c, d) + Foo e, field f = f(a, b, c, d) return e, f \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok b/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok index 6bba5ecf..a1d18a85 100644 --- a/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok +++ b/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok @@ -18,10 +18,10 @@ from "ecc/babyjubjubParams" import BabyJubJubParams // 512bit to 256bit Pedersen hash using compression of the field elements def main(field[512] e) -> (field[256]): BabyJubJubParams context = context() - field[2] a = context.infinity //Infinity + field[2] a = context.INFINITY //Infinity //Round 0 - cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236]) - cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845]) + field cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236]) + field cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845]) a = add(a, [cx, cy], context) //Round 1 cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905]) @@ -704,5 +704,5 @@ def main(field[512] e) -> (field[256]): cy = sel2([e[510], e[511]], [2329094643034533408459502544740928833981119919633412709248656884170940780093 , 3216329736050668550647765981020076413548845117352735257893224753954595290363, 18710403072495673647060422294369054840513840567808020912157404388689648711093, 9785201456176703812798077455183487364035650707229293534561747881523562553649]) a = add(a, [cx, cy], context) - field[256] aC = edwardsCompress(a, context) + field[256] aC = edwardsCompress(a) return aC diff --git a/zokrates_stdlib/stdlib/hashes/pedersen/6bit.zok b/zokrates_stdlib/stdlib/hashes/pedersen/6bit.zok index c37f8a57..491b34c8 100644 --- a/zokrates_stdlib/stdlib/hashes/pedersen/6bit.zok +++ b/zokrates_stdlib/stdlib/hashes/pedersen/6bit.zok @@ -14,8 +14,8 @@ def main(field[6] e) -> (field[2]): field cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845]) a = add(a, [cx, cy], context) //Round 1 - field cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905]) - field cy = sel2([e[3], e[4]], [16704592219657141368520262522286248296157931669321735564513068002743507745908 , 11518684165372839249156788740134693928233608013641661856685773776747280808438, 21502372109496595498116676984635248026663470429940273577484250291841812814697, 17522620677401472201433112250371604936150385414760411280739362011041111141253]) - field[2] a = add(a, [cx, cy], context) + cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905]) + cy = sel2([e[3], e[4]], [16704592219657141368520262522286248296157931669321735564513068002743507745908 , 11518684165372839249156788740134693928233608013641661856685773776747280808438, 21502372109496595498116676984635248026663470429940273577484250291841812814697, 17522620677401472201433112250371604936150385414760411280739362011041111141253]) + a = add(a, [cx, cy], context) return a \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok b/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok index 319f089e..bc7e8192 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok @@ -10,6 +10,6 @@ def main(field[256] a, field[256] b, field[256] c, field[256] d) -> (field[256]) // total length of message is 1024 bits: 0b10000000000 field[256] dummyblock2 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] - digest = sha256(a, b, c, d, dummyblock1, dummyblock2) + field[256] digest = sha256(a, b, c, d, dummyblock1, dummyblock2) return digest diff --git a/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok b/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok index 9000bd36..ce679f33 100644 --- a/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok +++ b/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok @@ -6,9 +6,9 @@ import "./shaRoundNoBoolCheck" as sha256 // It returns an array of 256 field elements. def main(field[256] a, field[256] b, field[256] c, field[256] d, field[256] e, field[256] f) -> (field[256]): - IV = IVconstants() - digest1 = sha256(a, b, IV) - digest2 = sha256(c, d, digest1) - digest3 = sha256(e, f, digest2) + field[256] IV = IVconstants() + field[256] digest1 = sha256(a, b, IV) + field[256] digest2 = sha256(c, d, digest1) + field[256] digest3 = sha256(e, f, digest2) return digest3 \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok b/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok index f7719b0a..6c553ad4 100644 --- a/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok +++ b/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok @@ -4,6 +4,7 @@ import "ecc/edwardsAdd" as add import "utils/pack/nonStrictUnpack256" as unpack256 import "ecc/edwardsOnCurve" as onCurve import "ecc/edwardsOrderCheck" as orderCheck +from "ecc/babyjubjubParams" import BabyJubJubParams /// Verifies an EdDSA Signature. /// @@ -26,9 +27,9 @@ import "ecc/edwardsOrderCheck" as orderCheck /// /// Returns: /// Return 1 for S being a valid EdDSA Signature, 0 otherwise. -def main(private field[2] R, private field S, field[2] A, field[256] M0, field[256] M1, field[10] context) -> (field): +def main(private field[2] R, private field S, field[2] A, field[256] M0, field[256] M1, BabyJubJubParams context) -> (field): - field[2] G = [context[4], context[5]] + field[2] G = [context.Gu, context.Gv] // Check if R is on curve and if it is not in a small subgroup. A is public input and can be checked offline field isOnCurve = onCurve(R, context) // throws if R is not on curve diff --git a/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok b/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok index 7e1b939e..48866390 100644 --- a/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok +++ b/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok @@ -1,13 +1,14 @@ import "ecc/edwardsAdd" as add import "ecc/edwardsNegate" as neg import "ecc/babyjubjubParams" as context +from "ecc/babyjubjubParams" import BabyJubJubParams // Code to create test cases: // https://github.com/Zokrates/pycrypto def testDoubleViaAdd() -> (field): - context = context() - field[2] G = [context[4], context[5]] - + BabyJubJubParams context = context() + field[2] G = [context.Gu, context.Gv] + field[2] out = add(G, G, context) out[0] == 17324563846726889236817837922625232543153115346355010501047597319863650987830 @@ -16,13 +17,13 @@ def testDoubleViaAdd() -> (field): return 1 def testIdentities() -> (field): - context = context() - field[2] G = [context[4], context[5]] - field[2] inf = [context[2], context[3]] + BabyJubJubParams context = context() + field[2] G = [context.Gu, context.Gv] + field[2] inf = context.INFINITY G == add(G, inf, context) - field[2] nG = neg(G, context) + field[2] nG = neg(G) field[2] nGaddG = add(G, nG, context) inf == nGaddG diff --git a/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok b/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok index 65107a38..b5161097 100644 --- a/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok +++ b/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok @@ -1,17 +1,18 @@ import "ecc/edwardsCompress" as edwardsCompress import "ecc/babyjubjubParams" as context +from "ecc/babyjubjubParams" import BabyJubJubParams // Code to create test cases: // https://github.com/Zokrates/pycrypto def testCompress() -> (field): - context = context() + BabyJubJubParams context = context() - field Gu = context[4] - field Gv = context[5] + field Gu = context.Gu + field Gv = context.Gv - Gcompressed = edwardsCompress([Gu, Gv], context) + field[256] Gcompressed = edwardsCompress([Gu, Gv]) - Gcompressed = [1,0,1,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,1,0,1,0,0,1,0,1,1,1,1,1,1,1,1,0,0,0,1,1,0,1,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,1,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1,1,0,1,0,0,1,0,0,1,0,0,1,1,0,0,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0,1,1,0,1,0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,1,1,0,1,0,0,0,1,0,0,1,1,0,1,0,0,1,0,0,0,1,1,0,1,1,1,0,1,1,0,0,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,1,0,0,0,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1,1,1] + Gcompressed == [1,0,1,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,1,0,1,0,0,1,0,1,1,1,1,1,1,1,1,0,0,0,1,1,0,1,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,1,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1,1,0,1,0,0,1,0,0,1,0,0,1,1,0,0,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0,1,1,0,1,0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,1,1,0,1,0,0,0,1,0,0,1,1,0,1,0,0,1,0,0,0,1,1,0,1,1,1,0,1,1,0,0,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,1,0,0,0,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1,1,1] return 1 diff --git a/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok b/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok index 045dc70f..8ac5b6ba 100644 --- a/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok +++ b/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok @@ -1,10 +1,11 @@ import "ecc/babyjubjubParams" as context +from "ecc/babyjubjubParams" import BabyJubJubParams import "ecc/edwardsOnCurve" as onCurve // Code to create test cases: // https://github.com/Zokrates/pycrypto def testOnCurveTrue() -> (field): - context = context() + BabyJubJubParams context = context() field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830 field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831 diff --git a/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok b/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok index 065ea515..eb0ca612 100644 --- a/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok +++ b/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok @@ -1,10 +1,11 @@ import "ecc/edwardsOrderCheck" as orderCheck import "ecc/babyjubjubParams" as context +from "ecc/babyjubjubParams" import BabyJubJubParams // Code to create test cases: // https://github.com/Zokrates/pycrypto def testOrderCheckTrue() -> (field): - context = context() + BabyJubJubParams context = context() field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830 field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831 @@ -15,7 +16,7 @@ def testOrderCheckTrue() -> (field): return 1 def testOrderCheckFalse() -> (field): - context = context() + BabyJubJubParams context = context() field testU = 4342719913949491028786768530115087822524712248835451589697801404893164183326 field testV = 4826523245007015323400664741523384119579596407052839571721035538011798951543 diff --git a/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok b/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok index 6966b0c3..12598615 100644 --- a/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok +++ b/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok @@ -1,11 +1,12 @@ import "ecc/babyjubjubParams" as context +from "ecc/babyjubjubParams" import BabyJubJubParams import "ecc/edwardsScalarMult" as mul // Code to create test cases: // https://github.com/Zokrates/pycrypto def testCyclic() -> (field): - context = context() - field[2] G = [context[4], context[5]] + BabyJubJubParams context = context() + field[2] G = [context.Gu, context.Gv] // exp = JUBJUB_E + 1 field[256] exp = [0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1] @@ -16,8 +17,8 @@ def testCyclic() -> (field): return 1 def testMul2() -> (field): - context = context() - field[2] G = [context[4], context[5]] + BabyJubJubParams context = context() + field[2] G = [context.Gu, context.Gv] // exp == 2 field[256] exp = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0] @@ -29,8 +30,8 @@ def testMul2() -> (field): return 1 def testAssociativity() -> (field): - context = context() - field[2] G = [context[4], context[5]] + BabyJubJubParams context = context() + field[2] G = [context.Gu, context.Gv] // a = 1234 field[256] a = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0] @@ -58,8 +59,8 @@ def testAssociativity() -> (field): return 1 def testMultiplicative() -> (field): - context = context() - field[2] G = [context[4], context[5]] + BabyJubJubParams context = context() + field[2] G = [context.Gu, context.Gv] // a = 1234 field[256] a = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0] diff --git a/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok b/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok index 01ef637e..9c0e7654 100644 --- a/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok +++ b/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok @@ -1,4 +1,5 @@ import "ecc/babyjubjubParams" as context +from "ecc/babyjubjubParams" import BabyJubJubParams import "ecc/proofOfOwnership" as proofOfOwnership import "ecc/edwardsScalarMult" as multiply import "utils/pack/nonStrictUnpack256" as unpack256 @@ -6,8 +7,8 @@ import "utils/pack/nonStrictUnpack256" as unpack256 // Code to create test cases: // https://github.com/Zokrates/pycrypto def testOwnershipTrue() -> (field): - context = context() - field[2] G = [context[4], context[5]] + BabyJubJubParams context = context() + field[2] G = [context.Gu, context.Gv] field[2] Pk = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174] field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025 @@ -18,7 +19,7 @@ def testOwnershipTrue() -> (field): return 1 def testtOwnershipFalse() -> (field): - context = context() + BabyJubJubParams context = context() field[2] Pk = [16328093915569409528980874702678312730273137210288183490878184636452430630129, 9377227749598842756429258362864743065769435972445705966557343775367597326529] field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025 diff --git a/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok b/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok index f69432a4..7387fe09 100644 --- a/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok +++ b/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok @@ -23,7 +23,7 @@ def main() -> (field): field c = 0 field d = 5 - h = sha256packed([a, b, c, d]) + field[2] h = sha256packed([a, b, c, d]) h[0] == 263561599766550617289250058199814760685 h[1] == 65303172752238645975888084098459749904 diff --git a/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok b/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok index e3ae4a34..2f21d468 100644 --- a/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok +++ b/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok @@ -18,7 +18,7 @@ def left() -> (field): field[256] a = [0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0] field[256] b = [0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1] - out = direction(0, a, b) + field[512] out = direction(0, a, b) out == [0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1] return 1 @@ -26,7 +26,7 @@ def right() -> (field): field[256] a = [0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0] field[256] b = [0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1] - out = direction(1, a, b) + field[512] out = direction(1, a, b) out == [0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0] return 1 diff --git a/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok b/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok index eb48d580..a863548d 100644 --- a/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok +++ b/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok @@ -1,11 +1,12 @@ import "signatures/verifyEddsa" as verifyEddsa import "ecc/babyjubjubParams" as context +from "ecc/babyjubjubParams" import BabyJubJubParams // Code to create test case: // https://github.com/Zokrates/pycrypto def main() -> (field): -context = context() + BabyJubJubParams context = context() field[2] R = [20197911405516193152560090893341588680064377398162745404177962124159545390767, 9171190326927340493105240100684097896571028312802691203521747450053192554927] field S = 6050429445242986634735172402304257690628456074852538287769363221635064371045